NSX-V3 Add NO-DNAT rules only if supported

Commit I34d72b12289d6f6527bc114a32dac88281dd2cc4 added NO_DNAT rules
for each router interface. Those rules are not supported and unnecessary
for older NSX versions as VLAN networks were not supported with routers.
This commit adds the NO_DNAT rules only when supported.

Depends-on: I4d99193caac6940911cc071016359a1361428967
Change-Id: Ic0934979931e20645ee1d7d6b5968d7d3efc9c01
This commit is contained in:
Adit Sarfaty 2018-03-20 11:47:56 +02:00
parent 9d99e2ffb6
commit 163dd0b214

View File

@ -3525,6 +3525,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
def _add_subnet_no_dnat_rule(self, context, nsx_router_id, subnet):
# Add NO-DNAT rule to allow internal traffic between VMs, even if
# they have floating ips
if self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_NO_DNAT_NO_SNAT):
self.nsxlib.logical_router.add_nat_rule(
nsx_router_id, "NO_DNAT", None,
dest_net=subnet['cidr'],
@ -3532,6 +3534,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
def _del_subnet_no_dnat_rule(self, context, nsx_router_id, subnet):
# Delete the previously created NO-DNAT rules
if self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_NO_DNAT_NO_SNAT):
self.nsxlib.logical_router.delete_nat_rule_by_values(
nsx_router_id,
action="NO_DNAT",