//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
package com.cloud.network.bigswitch;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.net.util.SubnetUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.util.IPAddress;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.BcfAnswer;
import com.cloud.agent.api.BcfCommand;
import com.cloud.agent.api.CacheBcfTopologyCommand;
import com.cloud.agent.api.GetControllerDataAnswer;
import com.cloud.agent.api.GetControllerDataCommand;
import com.cloud.agent.api.SyncBcfTopologyCommand;
import com.cloud.dc.VlanVO;
import com.cloud.dc.dao.VlanDao;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.BigSwitchBcfDeviceVO;
import com.cloud.network.Network;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.bigswitch.TopologyData.Port;
import com.cloud.network.dao.BigSwitchBcfDao;
import com.cloud.network.dao.FirewallRulesCidrsDao;
import com.cloud.network.dao.FirewallRulesCidrsVO;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkVO;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.network.vpc.NetworkACLItem;
import com.cloud.network.vpc.NetworkACLItemCidrsDao;
import com.cloud.network.vpc.NetworkACLItemCidrsVO;
import com.cloud.network.vpc.NetworkACLItemDao;
import com.cloud.network.vpc.NetworkACLItemVO;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.dao.VpcDao;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.db.TransactionCallback;
import com.cloud.utils.db.TransactionStatus;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.NicVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.NicDao;
import com.cloud.vm.dao.VMInstanceDao;
public class BigSwitchBcfUtils {
private static final Logger s_logger = Logger.getLogger(BigSwitchBcfUtils.class);
private final NetworkDao _networkDao;
private final NicDao _nicDao;
private final VMInstanceDao _vmDao;
private final HostDao _hostDao;
private final VpcDao _vpcDao;
private final BigSwitchBcfDao _bigswitchBcfDao;
private final AgentManager _agentMgr;
private final VlanDao _vlanDao;
private final IPAddressDao _ipAddressDao;
private final FirewallRulesDao _fwRulesDao;
private final FirewallRulesCidrsDao _fwCidrsDao;
private final NetworkACLItemDao _aclItemDao;
private final NetworkACLItemCidrsDao _aclItemCidrsDao;
private final NetworkModel _networkModel;
public BigSwitchBcfUtils(NetworkDao networkDao,
NicDao nicDao, VMInstanceDao vmDao, HostDao hostDao,
VpcDao vpcDao, BigSwitchBcfDao bigswitchBcfDao,
AgentManager agentMgr, VlanDao vlanDao, IPAddressDao ipAddressDao,
FirewallRulesDao fwRulesDao, FirewallRulesCidrsDao fwCidrsDao,
NetworkACLItemDao aclItemDao, NetworkACLItemCidrsDao aclItemCidrsDao,
NetworkModel networkModel){
_networkDao = networkDao;
_nicDao = nicDao;
_vmDao = vmDao;
_hostDao = hostDao;
_vpcDao = vpcDao;
_bigswitchBcfDao = bigswitchBcfDao;
_agentMgr = agentMgr;
_vlanDao = vlanDao;
_ipAddressDao = ipAddressDao;
_fwRulesDao = fwRulesDao;
_fwCidrsDao = fwCidrsDao;
_aclItemDao = aclItemDao;
_aclItemCidrsDao = aclItemCidrsDao;
_networkModel = networkModel;
}
public ControlClusterData getControlClusterData(long physicalNetworkId){
ControlClusterData cluster = new ControlClusterData();
// reusable command to query all devices
GetControllerDataCommand cmd = new GetControllerDataCommand();
// retrieve all registered BCF devices
List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId);
for (BigSwitchBcfDeviceVO d: devices){
HostVO bigswitchBcfHost = _hostDao.findById(d.getHostId());
if (bigswitchBcfHost == null){
continue;
}
_hostDao.loadDetails(bigswitchBcfHost);
GetControllerDataAnswer answer = (GetControllerDataAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), cmd);
if (answer != null){
if (answer.isMaster()) {
cluster.setMaster(bigswitchBcfHost);
} else {
cluster.setSlave(bigswitchBcfHost);
}
}
}
return cluster;
}
public TopologyData getTopology(){
long physicalNetworkId;
List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listAll();
if(!devices.isEmpty()){
physicalNetworkId = devices.get(0).getPhysicalNetworkId();
return getTopology(physicalNetworkId);
} else {
return null;
}
}
public NetworkVO getPublicNetwork(long physicalNetworkId){
List<NetworkVO> pubNets = _networkDao.listByPhysicalNetworkTrafficType(physicalNetworkId, TrafficType.Public);
return pubNets.get(0);
}
public TopologyData getTopology(long physicalNetworkId){
List<NetworkVO> networks;
List<NicVO> nics;
networks = _networkDao.listByPhysicalNetworkTrafficType(physicalNetworkId, TrafficType.Guest);
TopologyData topo = new TopologyData();
// networks:
// - all user created networks (VPC or non-VPC)
// - one external network
// routers:
// - per VPC (handle in network loop)
// - per stand-alone network (handle in network loop)
// - one external router
// handle external network first, only if NAT service is enabled
if(networks != null) {
if(!(networks.isEmpty()) && isNatEnabled()){
// get public net info - needed to set up source nat gateway
NetworkVO pubNet = getPublicNetwork(physicalNetworkId);
// locate subnet info
SearchCriteria<VlanVO> sc = _vlanDao.createSearchCriteria();
sc.setParameters("network_id", pubNet.getId());
VlanVO vlanVO = _vlanDao.findOneBy(sc);
// add tenant external network external
TopologyData.Network network = topo.new Network();
network.setId("external");
network.setName("external");
network.setTenantId("external");
network.setTenantName("external");
String pubVlan = null;
try {
pubVlan = BroadcastDomainType.getValue(vlanVO.getVlanTag());
if(StringUtils.isNumeric(pubVlan)){
network.setVlan(Integer.valueOf(pubVlan));
} else {
// untagged
pubVlan = "0";
}
} catch (URISyntaxException e) {
e.printStackTrace();
}
topo.addNetwork(network);
}
}
// routerMap used internally for multiple updates to same tenant's router
// add back to topo.routers after loop
HashMap<String, RouterData> routerMap = new HashMap<String, RouterData>();
for (NetworkVO netVO: networks){
TopologyData.Network network = topo.new Network();
network.setId(netVO.getUuid());
network.setName(netVO.getName());
Integer vlan = null;
if (netVO.getBroadcastUri() != null) {
String vlanStr = BroadcastDomainType.getValue(netVO.getBroadcastUri());
if(StringUtils.isNumeric(vlanStr)){
vlan = Integer.valueOf(vlanStr);
} else {
// untagged
vlan = 0;
}
}
network.setVlan(vlan);
network.setState(netVO.getState().name());
nics = _nicDao.listByNetworkId(netVO.getId());
List<Port> ports = new ArrayList<Port>();
String tenantId = null;
String tenantName = null;
// if VPC network, assign BCF tenant id with vpc uuid
Vpc vpc = null;
if(netVO.getVpcId()!=null){
vpc = _vpcDao.acquireInLockTable(netVO.getVpcId());
}
if (vpc != null) {
tenantId = vpc.getUuid();
tenantName = vpc.getName();
} else {
tenantId = netVO.getUuid();
tenantName = netVO.getName();
}
for(NicVO nic: nics){
NetworkData netData = new NetworkData();
TopologyData.Port p = topo.new Port();
p.setAttachmentInfo(netData.new AttachmentInfo(nic.getUuid(),nic.getMacAddress()));
VMInstanceVO vm = _vmDao.findById(nic.getInstanceId());
HostVO host = _hostDao.findById(vm.getHostId());
// if host not found, ignore this nic
if (host == null) {
continue;
}
String hostname = host.getName();
long zoneId = netVO.getDataCenterId();
String vmwareVswitchLabel = _networkModel.getDefaultGuestTrafficLabel(zoneId, HypervisorType.VMware);
String[] labelArray = null;
String vswitchName = null;
if(vmwareVswitchLabel!=null){
labelArray=vmwareVswitchLabel.split(",");
vswitchName = labelArray[0];
}
// hypervisor type:
// kvm: ivs port name
// vmware: specific portgroup naming convention
String pgName = "";
if (host.getHypervisorType() == HypervisorType.KVM){
pgName = hostname;
} else if (host.getHypervisorType() == HypervisorType.VMware){
pgName = hostname + "-" + vswitchName;
}
p.setHostId(pgName);
p.setSegmentInfo(netData.new SegmentInfo(BroadcastDomainType.Vlan.name(), vlan));
p.setOwner(BigSwitchBcfApi.getCloudstackInstanceId());
List<AttachmentData.Attachment.IpAddress> ipList = new ArrayList<AttachmentData.Attachment.IpAddress>();
ipList.add(new AttachmentData().getAttachment().new IpAddress(nic.getIPv4Address()));
p.setIpAddresses(ipList);
p.setId(nic.getUuid());
p.setMac(nic.getMacAddress());
netData.getNetwork().setId(network.getId());
netData.getNetwork().setName(network.getName());
netData.getNetwork().setTenantId(tenantId);
netData.getNetwork().setTenantName(tenantName);
netData.getNetwork().setState(netVO.getState().name());
p.setNetwork(netData.getNetwork());
ports.add(p);
}
network.setTenantId(tenantId);
network.setTenantName(tenantName);
network.setPorts(ports);
topo.addNetwork(network);
// add router for network
RouterData routerData;
if(tenantId != null){
if(!routerMap.containsKey(tenantId)){
routerData = new RouterData(tenantId);
routerMap.put(tenantId, routerData);
} else {
routerData = routerMap.get(tenantId);
}
routerData.getRouter().getAcls().addAll(listACLbyNetwork(netVO));
if(vpc != null){
routerData.getRouter().addExternalGateway(getPublicIpByVpc(vpc));
} else {
routerData.getRouter().addExternalGateway(getPublicIpByNetwork(netVO));
}
RouterInterfaceData intf = new RouterInterfaceData(tenantId, netVO.getGateway(), netVO.getCidr(),
netVO.getUuid(), netVO.getName());
routerData.getRouter().addInterface(intf);
}
}
for(RouterData rd: routerMap.values()) {
topo.addRouter(rd.getRouter());
}
return topo;
}
public String getPublicIpByNetwork(Network network){
List<IPAddressVO> allocatedIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true);
for (IPAddressVO ip: allocatedIps){
if(ip.isSourceNat()){
return ip.getAddress().addr();
}
}
return null;
}
public String getPublicIpByVpc(Vpc vpc){
List<IPAddressVO> allocatedIps = _ipAddressDao.listByAssociatedVpc(vpc.getId(), true);
for (IPAddressVO ip: allocatedIps){
if(ip.isSourceNat()){
return ip.getAddress().addr();
}
}
return null;
}
public List<AclData> listACLbyNetwork(Network network){
List<AclData> aclList = new ArrayList<AclData>();
List<FirewallRuleVO> fwRules;
fwRules = _fwRulesDao.listByNetworkAndPurposeAndNotRevoked(network.getId(), Purpose.Firewall);
List<FirewallRulesCidrsVO> fwCidrList = null;
SubnetUtils utils;
for(FirewallRuleVO rule: fwRules){
AclData acl = new AclData();
acl.setId(rule.getUuid());
acl.setPriority((int)rule.getId()); // CloudStack Firewall interface does not have priority
acl.setIpProto(rule.getProtocol());
String cidr = null;
Integer port = rule.getSourcePortStart();
fwCidrList = _fwCidrsDao.listByFirewallRuleId(rule.getId());
if(fwCidrList != null){
if(fwCidrList.size()>1 || !rule.getSourcePortEnd().equals(port)){
continue;
} else {
cidr = fwCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if(!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())){
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction("permit");
aclList.add(acl);
}
List<NetworkACLItemVO> aclItems;
List<NetworkACLItemCidrsVO> aclCidrList;
if (network.getNetworkACLId() != null){
aclItems = _aclItemDao.listByACL(network.getNetworkACLId());
for(NetworkACLItem item: aclItems){
AclData acl = new AclData();
acl.setId(item.getUuid());
acl.setPriority(item.getNumber());
acl.setIpProto(item.getProtocol());
String cidr = null; // currently BCF supports single cidr policy
Integer port = item.getSourcePortStart(); // currently BCF supports single port policy
aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId());
if(aclCidrList != null){
if(aclCidrList.size()>1 || !item.getSourcePortEnd().equals(port)){
continue;
} else {
cidr = aclCidrList.get(0).getCidr();
}
}
if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) {
cidr = "";
} else {
utils = new SubnetUtils(cidr);
if(!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())){
continue;
}
}
acl.setSource(acl.new AclNetwork(cidr, port));
acl.setAction(item.getAction().name());
aclList.add(acl);
}
}
return aclList;
}
public String syncTopologyToBcfHost(HostVO bigswitchBcfHost){
SyncBcfTopologyCommand syncCmd;
if(isNatEnabled()){
syncCmd = new SyncBcfTopologyCommand(true, true);
} else {
syncCmd = new SyncBcfTopologyCommand(true, false);
}
BcfAnswer syncAnswer = (BcfAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), syncCmd);
if (syncAnswer == null || !syncAnswer.getResult()) {
s_logger.error("SyncBcfTopologyCommand failed");
return null;
}
return syncAnswer.getHash();
}
public String syncTopologyToBcfHost(HostVO bigswitchBcfHost, boolean natEnabled){
SyncBcfTopologyCommand syncCmd;
if(natEnabled){
syncCmd = new SyncBcfTopologyCommand(true, true);
} else {
syncCmd = new SyncBcfTopologyCommand(true, false);
}
BcfAnswer syncAnswer = (BcfAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), syncCmd);
if (syncAnswer == null || !syncAnswer.getResult()) {
s_logger.error("SyncBcfTopologyCommand failed");
return null;
}
return syncAnswer.getHash();
}
public BcfAnswer sendBcfCommandWithNetworkSyncCheck(BcfCommand cmd, Network network)throws IllegalArgumentException{
// get registered Big Switch controller
ControlClusterData cluster = getControlClusterData(network.getPhysicalNetworkId());
if(cluster.getMaster()==null){
return new BcfAnswer(cmd, new CloudRuntimeException("Big Switch Network controller temporarily unavailable"));
}
TopologyData topo = getTopology(network.getPhysicalNetworkId());
cmd.setTopology(topo);
BcfAnswer answer = (BcfAnswer) _agentMgr.easySend(cluster.getMaster().getId(), cmd);
if (answer == null || !answer.getResult()) {
s_logger.error ("BCF API Command failed");
throw new IllegalArgumentException("Failed API call to Big Switch Network plugin");
}
String newHash = answer.getHash();
if (cmd.isTopologySyncRequested()) {
newHash = syncTopologyToBcfHost(cluster.getMaster());
}
if(newHash != null){
commitTopologyHash(network.getPhysicalNetworkId(), newHash);
}
HostVO slave = cluster.getSlave();
if(slave != null){
TopologyData newTopo = getTopology(network.getPhysicalNetworkId());
CacheBcfTopologyCommand cacheCmd = new CacheBcfTopologyCommand(newTopo);
_agentMgr.easySend(cluster.getSlave().getId(), cacheCmd);
}
return answer;
}
@DB
public Boolean commitTopologyHash(long physicalNetworkId, final String hash) {
final List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId);
return Transaction.execute(new TransactionCallback<Boolean>() {
@Override
public Boolean doInTransaction(TransactionStatus status) {
for (BigSwitchBcfDeviceVO d: devices){
d.setHash(hash);
_bigswitchBcfDao.update(d.getId(), d);
}
return true;
}
});
}
public Boolean isNatEnabled(){
List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listAll();
if(devices != null && !devices.isEmpty()){
return devices.get(0).getNat();
} else {
return false;
}
}
public Integer getSubnetMaskLength(String maskString){
if(!IPAddress.isValidIPv4(maskString)){
return null;
}
String[] octets = maskString.split("\\.");
Integer bits = 0;
for (String o: octets){
switch(o){
case "255":
bits += 8;
continue;
case "254":
bits += 7;
return bits;
case "252":
bits += 6;
return bits;
case "248":
bits += 5;
return bits;
case "240":
bits += 4;
return bits;
case "224":
bits += 3;
return bits;
case "192":
bits += 2;
return bits;
case "128":
bits += 1;
return bits;
case "0":
return bits;
default:
throw new NumberFormatException("non-contiguous subnet mask not supported");
}
}
return bits;
}
}