When finding the overlay transport zone of a tier0 router,
if its advanced_config already has transport_zone_id defined,
then return it directly. Otherwise search through the edge nodes
in the corresponding edge_cluster.
Change-Id: Idf1efd9d0cd2c2ef5af895d22fc156630d855488
Added support to create centralized service port to attach Tier1
router to Logical Switch
Added support to get centralized service port for a given Tier1
router
Change-Id: I4e017b8e11c5fd6bfcd689238e0f71ebd29c379e
Add return value to add_router_link_port method then an API call could
be saved if client code needs the ports.
Change-Id: I5cc2f33be75888e014fda9aad3f4e0c80674ea27
This code is for checking whether a service router exists.
Change-Id: Ife28174802460f16c11aea521628124dada8339a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Adding a section for handling API call to enable/disable
firewall on logical router.
Change-Id: I5527f8316445e27ba0f96f71c089c27e2bd8bbb0
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
The following methods now have the ability to name nat rules:
- add_fip_nat_rules
- add_gw_snat_rule
- add_nat_rule
Change-Id: I62b36fcec1a53b6d2c0c0b64c9dcb4200c9b0ae9
The following methods now have the ability to add tags:
- add_fip_nat_rules
- add_gw_snat_rule
- add_nat_rule
Change-Id: I6dc34ab3749ff4a5f1a575f407d8474538c69f96
In NSX 2.2 & up, there is a logical router advanced config of
an overlay transport-zone-id.
Also adding a router api to get the tier0 router overlay TZ to
be used here.
Change-Id: I3a447202785b7b6ac320ddbb6a3f2cdeac1f78aa
1. Add support for the transport nodes resource basic operations
2. Use it for getting the list of TZ of a tier0 router
Change-Id: I381c947044454c04efbc1c38ed7691ef8213ffef
The patch removes the neutron-lib from the dependencies. We do not
want/need the consumers of this library to pull in all of the
neutron-lib dependencies.
The patch adds the following:
1. callback to bind is_attr_set - set_is_attr_callback
2. A new exception NsxLibInvalidInput - this is raised when inputs
are invalid.
Change-Id: Ia8ec71dee2d5de921700a9b4fd7e789d2aed4679
Create/update a router port with a DHCP service UUID
This will be supported only if the nsx version is 2.0.0
or above.
Change-Id: I0843fd91e1631bec80ec19e9fa1edcc013523c28
Support different methods for deleting router nat rules
- delete a single rule with gw-ip
- delete a single rule with gw-ip and source ip
- delete all rules matching a gw-ip
Change-Id: Id43a2ced7d6526f538f485f345c20ba44673c7b2
Adding nat_pass parameter to router NAT rules creation.
The backend default value for this parameter is True, meaning the
firewall rules will be bypassed.
So this is also the default of the api, for backwards compatibility.
This parameter is acceptable only since nsx v2, so the api needs the
ability to check the supported features before creating the request body.
For that use, the core_resources will now get the nsxlib object at init.
Change-Id: I7c9dfe13a146a47b180fc3df2d4d6174f252e0a3
When we create FIP in Neutron, default DNAT is created without
passing match_ports to add_fip_nat_rules. However, when adding
nat rules, [] is not None, and it goes ahead to create default
DNAT rule only allowing TCP protocol which is wrong. We should
ANY protocol for FIP DNAT.
Closes-Bug: #1672939
Change-Id: Ib3743018646c521923bb8bbc5fad1409eb4fbe16
uRPF check which prevents evil endpoints from spoofing source
IP address needs to be disabled for logical router ports on
logical switches with container ports in case of Kubernetes.
This is to enable kubelet to perform health check. So in this
scenario the kubelet runs on the minion and the container runs
on the same minion. The packet from the kubelet hairpins back
into the VM via the tier-1 router.
Interestingly, the 'urpf_mode' property is only valid in the port
create body when the router is either of type LogicalRouterUplinkPort
or LogicalRouterDownlinkPort.
The other two port types LogicalRouterLinkPortOnTIER0 and
LogicalRouterLinkPortOnTier1 do not have 'urpf_mode' as their object
properties, and passing them results in a API validation error.
Hence in the code in the base LogicalRouterPort create method, we
add the urpf_mode to the body only if its not None. And we pass
'urpf_mode' only when creating the Downlink port ie. when attaching
the logical router to the logical switch.
Change-Id: Ib266da6e6f232e78e07f8d6c56cb69606f2ee9fe
While adding NAT rules, if match_ports argument is set,
add a match_service parameter in the the request body to match
the service type, protocol and port for the corresponding rule.
Also add support to delete nat rules by using internal IP only.
Change-Id: I7c3f37bfea6c9f348d966e3f97e9f3b141bdfad3
