From 6b3a3599cfa1588908da0d4e6bd54f86ba5a9693 Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Thu, 5 Sep 2013 13:22:46 -0700 Subject: [PATCH] Fix unable to ping floating ip from internal_ip The following patch adds a no-dnat rule so that an internal_ip can communicate with it's floatingip. Fixes bug: 1221419 Change-Id: I3899b01f316902d1139e47b153aadb7ecb1ff983 --- neutron/plugins/nicira/NeutronPlugin.py | 18 ++++++++++++++++++ neutron/plugins/nicira/nvplib.py | 25 +++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/neutron/plugins/nicira/NeutronPlugin.py b/neutron/plugins/nicira/NeutronPlugin.py index 6854d8db3e..f5b276e1b5 100644 --- a/neutron/plugins/nicira/NeutronPlugin.py +++ b/neutron/plugins/nicira/NeutronPlugin.py @@ -1726,6 +1726,16 @@ class NvpPluginV2(addr_pair_db.AllowedAddressPairsMixin, max_num_expected=1, min_num_expected=min_num_rules_expected, source_ip_addresses=internal_ip) + + # Remove No-DNAT rule associated with the single fixed_ip + # to floating ip + nvplib.delete_nat_rules_by_match( + self.cluster, router_id, "NoDestinationNatRule", + max_num_expected=1, + min_num_expected=min_num_rules_expected, + source_ip_addresses=internal_ip, + destination_ip_addresses=floating_ip_address) + except NvpApiClient.NvpApiException: LOG.exception(_("An error occurred while removing NAT rules " "on the NVP platform for floating ip:%s"), @@ -1823,6 +1833,14 @@ class NvpPluginV2(addr_pair_db.AllowedAddressPairsMixin, self.cluster, router_id, floating_ip, floating_ip, order=NVP_FLOATINGIP_NAT_RULES_ORDER, match_criteria={'source_ip_addresses': internal_ip}) + # Add No-DNAT rule to allow fixed_ip to ping floatingip. + nvplib.create_lrouter_nodnat_rule( + self.cluster, router_id, + order=NVP_FLOATINGIP_NAT_RULES_ORDER - 1, + match_criteria={'source_ip_addresses': internal_ip, + 'destination_ip_addresses': + floating_ip}) + # Add Floating IP address to router_port nvplib.update_lrouter_port_ips(self.cluster, router_id, diff --git a/neutron/plugins/nicira/nvplib.py b/neutron/plugins/nicira/nvplib.py index cb5975dbfe..9dd276c4eb 100644 --- a/neutron/plugins/nicira/nvplib.py +++ b/neutron/plugins/nicira/nvplib.py @@ -1105,6 +1105,11 @@ def create_lrouter_nosnat_rule_v2(cluster, _router_id, _match_criteria=None): "this version of the NVP platform")) +def create_lrouter_nodnat_rule_v2(cluster, _router_id, _match_criteria=None): + LOG.info(_("No DNAT rules cannot be applied as they are not available in " + "this version of the NVP platform")) + + def create_lrouter_snat_rule_v2(cluster, router_id, min_src_ip, max_src_ip, match_criteria=None): @@ -1140,6 +1145,18 @@ def create_lrouter_nosnat_rule_v3(cluster, router_id, order=None, return _create_lrouter_nat_rule(cluster, router_id, nat_rule_obj) +def create_lrouter_nodnat_rule_v3(cluster, router_id, order=None, + match_criteria=None): + nat_match_obj = _create_nat_match_obj(**match_criteria) + nat_rule_obj = { + "type": "NoDestinationNatRule", + "match": nat_match_obj + } + if order: + nat_rule_obj['order'] = order + return _create_lrouter_nat_rule(cluster, router_id, nat_rule_obj) + + def create_lrouter_snat_rule_v3(cluster, router_id, min_src_ip, max_src_ip, order=None, match_criteria=None): nat_match_obj = _create_nat_match_obj(**match_criteria) @@ -1180,6 +1197,11 @@ def create_lrouter_nosnat_rule(cluster, *args, **kwargs): pass +@version_dependent +def create_lrouter_nodnat_rule(cluster, *args, **kwargs): + pass + + def delete_nat_rules_by_match(cluster, router_id, rule_type, max_num_expected, min_num_expected=0, @@ -1267,6 +1289,9 @@ NVPLIB_FUNC_DICT = { 'create_lrouter_nosnat_rule': { 2: {DEFAULT: create_lrouter_nosnat_rule_v2, }, 3: {DEFAULT: create_lrouter_nosnat_rule_v3, }, }, + 'create_lrouter_nodnat_rule': { + 2: {DEFAULT: create_lrouter_nodnat_rule_v2, }, + 3: {DEFAULT: create_lrouter_nodnat_rule_v3, }, }, 'get_default_route_explicit_routing_lrouter': { 3: {DEFAULT: get_default_route_explicit_routing_lrouter_v32, 2: get_default_route_explicit_routing_lrouter_v32, }, },