NSX|P: Add ipv6-specific router adv rule
Since NAT is not a use case for ipv6, all connected ipv6 subnets need to be advertised. There seems to be no way to add single rule for all ipv6 subnets, therefore an allow rule will be added for all ipv6 subnets. Change-Id: Iaf89738f8d71a2f743ba699bebd5c8361c130a3c
This commit is contained in:
parent
e871f7d2e9
commit
ec41aa8fda
@ -125,6 +125,7 @@ SLAAC_NDRA_PROFILE_ID = 'neutron-slaac-profile'
|
|||||||
DEFAULT_NDRA_PROFILE_ID = 'default'
|
DEFAULT_NDRA_PROFILE_ID = 'default'
|
||||||
|
|
||||||
IPV6_RA_SERVICE = 'neutron-ipv6-ra'
|
IPV6_RA_SERVICE = 'neutron-ipv6-ra'
|
||||||
|
IPV6_ROUTER_ADV_RULE_NAME = 'all-ipv6'
|
||||||
|
|
||||||
# Priorities for NAT rules: (FIP specific rules should come before GW rules)
|
# Priorities for NAT rules: (FIP specific rules should come before GW rules)
|
||||||
NAT_RULE_PRIORITY_FIP = 2000
|
NAT_RULE_PRIORITY_FIP = 2000
|
||||||
@ -1561,13 +1562,35 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
|||||||
for subnet in router_subnets:
|
for subnet in router_subnets:
|
||||||
self._add_subnet_no_dnat_rule(context, router_id, subnet)
|
self._add_subnet_no_dnat_rule(context, router_id, subnet)
|
||||||
|
|
||||||
|
# always advertise ipv6 subnets if gateway is set
|
||||||
|
actions['advertise_ipv6_subnets'] = True if info else False
|
||||||
|
|
||||||
|
self._update_router_advertisement(router_id, actions, router_subnets)
|
||||||
|
|
||||||
|
if actions['remove_service_router']:
|
||||||
|
self.delete_service_router(router['project_id'], router_id)
|
||||||
|
|
||||||
|
def _update_router_advertisement(self, router_id, actions, subnets):
|
||||||
|
|
||||||
self.nsxpolicy.tier1.update_route_advertisement(
|
self.nsxpolicy.tier1.update_route_advertisement(
|
||||||
router_id,
|
router_id,
|
||||||
nat=actions['advertise_route_nat_flag'],
|
nat=actions['advertise_route_nat_flag'],
|
||||||
subnets=actions['advertise_route_connected_flag'])
|
subnets=actions['advertise_route_connected_flag'])
|
||||||
|
|
||||||
if actions['remove_service_router']:
|
# There is no NAT for ipv6 - all connected ipv6 segments should be
|
||||||
self.delete_service_router(router['project_id'], router_id)
|
# advertised
|
||||||
|
ipv6_cidrs = [s['cidr'] for s in subnets if s.get('ip_version') == 6]
|
||||||
|
if ipv6_cidrs and actions['advertise_ipv6_subnets']:
|
||||||
|
self.nsxpolicy.tier1.add_advertisement_rule(
|
||||||
|
router_id,
|
||||||
|
IPV6_ROUTER_ADV_RULE_NAME,
|
||||||
|
policy_constants.ADV_RULE_PERMIT,
|
||||||
|
policy_constants.ADV_RULE_OPERATOR_EQ,
|
||||||
|
[policy_constants.ADV_RULE_TIER1_CONNECTED],
|
||||||
|
ipv6_cidrs)
|
||||||
|
else:
|
||||||
|
self.nsxpolicy.tier1.remove_advertisement_rule(
|
||||||
|
router_id, IPV6_ROUTER_ADV_RULE_NAME)
|
||||||
|
|
||||||
def create_router(self, context, router):
|
def create_router(self, context, router):
|
||||||
r = router['router']
|
r = router['router']
|
||||||
|
Loading…
x
Reference in New Issue
Block a user