From 05885457ecc32e4714914056c11244e0d021bf50 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Wed, 1 May 2013 13:23:08 -0700
Subject: [PATCH] PVLAN: Simplify OVS policy

We can resubmit the packet against the flow table to get simplier result.

Now we don't need to check if VM is in the same host as DHCP server or not.
---
 .../cloud/agent/api/PvlanSetupCommand.java    | 25 ++----
 .../xen/resource/CitrixResourceBase.java      | 18 ++--
 .../hypervisor/xenserver/ovs-get-dhcp-port.sh | 26 ++++++
 scripts/vm/hypervisor/xenserver/ovs-pvlan     | 68 ++++----------
 .../vm/hypervisor/xenserver/xenserver60/patch |  2 +-
 scripts/vm/network/ovs-pvlan-dhcp-host.sh     | 34 +++++--
 .../vm/network/ovs-pvlan-vm-in-dhcp-host.sh   | 88 -------------------
 scripts/vm/network/ovs-pvlan-vm.sh            | 15 +++-
 .../network/element/VirtualRouterElement.java | 10 ---
 .../VirtualNetworkApplianceManager.java       |  2 -
 .../VirtualNetworkApplianceManagerImpl.java   | 53 +----------
 ...MockVpcVirtualNetworkApplianceManager.java |  8 --
 12 files changed, 104 insertions(+), 245 deletions(-)
 create mode 100644 scripts/vm/hypervisor/xenserver/ovs-get-dhcp-port.sh
 delete mode 100755 scripts/vm/network/ovs-pvlan-vm-in-dhcp-host.sh

diff --git a/api/src/com/cloud/agent/api/PvlanSetupCommand.java b/api/src/com/cloud/agent/api/PvlanSetupCommand.java
index 22a828afa8b..e5d4da09003 100644
--- a/api/src/com/cloud/agent/api/PvlanSetupCommand.java
+++ b/api/src/com/cloud/agent/api/PvlanSetupCommand.java
@@ -23,17 +23,16 @@ import com.cloud.utils.net.NetUtils;
 public class PvlanSetupCommand extends Command {
 	public enum Type {
 		DHCP,
-		VM,
-		VM_IN_DHCP_HOST
+		VM
 	}
 	private String op;
 	private String bridge;
 	private String primary;
 	private String isolated;
 	private String vmMac;
+	private String dhcpName;
 	private String dhcpMac;
 	private String dhcpIp;
-	private boolean strict;
 	private Type type;
 
 	protected PvlanSetupCommand() {}
@@ -45,12 +44,12 @@ public class PvlanSetupCommand extends Command {
 		this.bridge = bridge;
 		this.primary = NetUtils.getPrimaryPvlanFromUri(uri);
 		this.isolated = NetUtils.getIsolatedPvlanFromUri(uri);
-		this.strict = true;
 	}
 	
-	static public PvlanSetupCommand createDhcpSetup(String op, String bridge, URI uri, String dhcpMac, String dhcpIp)
+	static public PvlanSetupCommand createDhcpSetup(String op, String bridge, URI uri, String dhcpName, String dhcpMac, String dhcpIp)
 	{
 		PvlanSetupCommand cmd = new PvlanSetupCommand(Type.DHCP, op, bridge, uri);
+		cmd.setDhcpName(dhcpName);
 		cmd.setDhcpMac(dhcpMac);
 		cmd.setDhcpIp(dhcpIp);
 		return cmd;
@@ -63,14 +62,6 @@ public class PvlanSetupCommand extends Command {
 		return cmd;
 	}
 	
-	static public PvlanSetupCommand createVmInDhcpHostSetup(String op, String bridge, URI uri, String dhcpMac, String vmMac)
-	{
-		PvlanSetupCommand cmd = new PvlanSetupCommand(Type.VM_IN_DHCP_HOST, op, bridge, uri);
-		cmd.setDhcpMac(dhcpMac);
-		cmd.setVmMac(vmMac);
-		return cmd;
-	}
-	
 	@Override
 	public boolean executeInSequence() {
 		return true;
@@ -120,11 +111,11 @@ public class PvlanSetupCommand extends Command {
 		return type;
 	}
 
-	public boolean isStrict() {
-		return strict;
+	public String getDhcpName() {
+		return dhcpName;
 	}
 
-	public void setStrict(boolean strict) {
-		this.strict = strict;
+	public void setDhcpName(String dhcpName) {
+		this.dhcpName = dhcpName;
 	}
 }
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 34b590e40c9..933f4d33eff 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -1475,13 +1475,16 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
     	String isolatedPvlan = cmd.getIsolated();
     	String op = cmd.getOp();
     	String bridge = cmd.getBridge();
-    	String result = null;
+    	String dhcpName = cmd.getDhcpName();
     	String dhcpMac = cmd.getDhcpMac();
     	String dhcpIp = cmd.getDhcpIp();
     	String vmMac = cmd.getVmMac();
+    	
+    	String result = null;
     	if (cmd.getType() == PvlanSetupCommand.Type.DHCP) {
     		result = callHostPlugin(conn, "ovs-pvlan", "setup-pvlan-dhcp", "op", op, "bridge", bridge,
-    				"primary-pvlan", primaryPvlan, "isolated-pvlan", isolatedPvlan, "dhcp-ip", dhcpIp, "dhcp-mac", dhcpMac);
+    				"primary-pvlan", primaryPvlan, "isolated-pvlan", isolatedPvlan, "dhcp-name", dhcpName,
+    				"dhcp-ip", dhcpIp, "dhcp-mac", dhcpMac);
     		if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
     			s_logger.warn("Failed to program pvlan for dhcp server with mac " + dhcpMac);
     			return new Answer(cmd, false, result);
@@ -1489,7 +1492,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
     			s_logger.info("Programmed pvlan for dhcp server with mac " + dhcpMac);
     		}
     	} else if (cmd.getType() == PvlanSetupCommand.Type.VM) {
-    		result = callHostPlugin(conn, "ovs-pvlan", "setup-pvlan-vm-alone", "op", op, "bridge", bridge,
+    		result = callHostPlugin(conn, "ovs-pvlan", "setup-pvlan-vm", "op", op, "bridge", bridge,
     				"primary-pvlan", primaryPvlan, "isolated-pvlan", isolatedPvlan, "vm-mac", vmMac);
     		if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
     			s_logger.warn("Failed to program pvlan for vm with mac " + vmMac);
@@ -1497,15 +1500,6 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
     		} else {
     			s_logger.info("Programmed pvlan for vm with mac " + vmMac);
     		}
-    	} else if (cmd.getType() == PvlanSetupCommand.Type.VM_IN_DHCP_HOST) {
-    		result = callHostPlugin(conn, "ovs-pvlan", "setup-pvlan-vm-dhcp", "op", op, "bridge", bridge,
-    				"primary-pvlan", primaryPvlan, "isolated-pvlan", isolatedPvlan, "vm-mac", vmMac, "dhcp-mac", dhcpMac);
-    		if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
-    			s_logger.warn("Failed to program pvlan for vm in dhcp host with mac " + vmMac);
-    			return new Answer(cmd, false, result);
-    		} else {
-    			s_logger.info("Programmed pvlan for vm in dhcp host with mac " + vmMac);
-    		}
     	}
     	return new Answer(cmd, true, result);
     }
diff --git a/scripts/vm/hypervisor/xenserver/ovs-get-dhcp-port.sh b/scripts/vm/hypervisor/xenserver/ovs-get-dhcp-port.sh
new file mode 100644
index 00000000000..a30b180bed0
--- /dev/null
+++ b/scripts/vm/hypervisor/xenserver/ovs-get-dhcp-port.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+#!/bin/bash
+
+bridge=$1
+dhcp_name=$2
+dom_id=`xe vm-list is-control-domain=false power-state=running params=dom-id name-label=$dhcp_name|cut -d ':' -f 2 |tr -d ' ' `
+iface="vif${dom_id}.0"
+port=`ovs-ofctl show $bridge|grep $iface|cut -d '(' -f 1|tr -d ' '`
+echo $port
diff --git a/scripts/vm/hypervisor/xenserver/ovs-pvlan b/scripts/vm/hypervisor/xenserver/ovs-pvlan
index 2c1e3af8f77..372d3c8d05b 100755
--- a/scripts/vm/hypervisor/xenserver/ovs-pvlan
+++ b/scripts/vm/hypervisor/xenserver/ovs-pvlan
@@ -33,8 +33,8 @@ from time import localtime as _localtime, asctime as _asctime
 xePath = "/opt/xensource/bin/xe"
 lib.setup_logging("/var/log/ovs-pvlan.log")
 dhcpSetupPath = "/opt/xensource/bin/ovs-pvlan-dhcp-host.sh"
-vmAloneSetupPath = "/opt/xensource/bin/ovs-pvlan-vm.sh"
-vmDhcpSetupPath = "/opt/xensource/bin/ovs-pvlan-vm-in-dhcp-host.sh"
+vmSetupPath = "/opt/xensource/bin/ovs-pvlan-vm.sh"
+getDhcpPortPath = "/opt/xensource/bin/ovs-get-dhcp-port.sh"
 pvlanCleanupPath = "/opt/xensource/bin/ovs-pvlan-cleanup.sh"
 
 def echo(fn):
@@ -53,17 +53,21 @@ def setup_pvlan_dhcp(session, args):
     bridge = args.pop("bridge")
     primary = args.pop("primary-pvlan")
     isolated = args.pop("isolated-pvlan")
-    dhcp_ip = args.pop("dhcp-ip");
-    dhcp_mac = args.pop("dhcp-mac");
+    dhcp_name = args.pop("dhcp-name")
+    dhcp_ip = args.pop("dhcp-ip")
+    dhcp_mac = args.pop("dhcp-mac")
 
     res = lib.check_switch()
     if res != "SUCCESS":
         return "FAILURE:%s" % res
 
     if op == "add":
+        logging.debug("Try to get dhcp vm %s port on the switch:%s" % (dhcp_name, bridge))
+        dhcp_port = lib.do_cmd([getDhcpPortPath, bridge, dhcp_name])
         logging.debug("About to setup dhcp vm on the switch:%s" % bridge)
         res = lib.do_cmd([dhcpSetupPath, "-A", "-b", bridge, "-p", primary,
-            "-i", isolated, "-d", dhcp_ip, "-m", dhcp_mac])
+            "-i", isolated, "-n", dhcp_name, "-d", dhcp_ip, "-m", dhcp_mac,
+            "-P", dhcp_port])
 	if res:
 	    result = "FAILURE:%s" % res
 	    return result;
@@ -71,7 +75,7 @@ def setup_pvlan_dhcp(session, args):
     elif op == "delete":
         logging.debug("About to remove dhcp the switch:%s" % bridge)
         res = lib.do_cmd([dhcpSetupPath, "-D", "-b", bridge, "-p", primary,
-            "-i", isolated, "-d", dhcp_ip, "-m", dhcp_mac])
+            "-i", isolated, "-n", dhcp_name, "-d", dhcp_ip, "-m", dhcp_mac])
 	if res:
 	    result = "FAILURE:%s" % res
 	    return result;
@@ -82,9 +86,10 @@ def setup_pvlan_dhcp(session, args):
     return result
 
 @echo
-def setup_pvlan_vm_alone(session, args):
+def setup_pvlan_vm(session, args):
     op = args.pop("op")
     bridge = args.pop("bridge")
+    primary = args.pop("primary-pvlan")
     isolated = args.pop("isolated-pvlan")
     vm_mac = args.pop("vm-mac")
     trunk_port = 1
@@ -94,58 +99,24 @@ def setup_pvlan_vm_alone(session, args):
         return "FAILURE:%s" % res
 
     if op == "add":
-        logging.debug("About to setup vm alone on the switch:%s" % bridge)
-        res = lib.do_cmd([vmAloneSetupPath, "-A", "-b", bridge, "-i", isolated, "-v", vm_mac])
+        logging.debug("About to setup vm on the switch:%s" % bridge)
+        res = lib.do_cmd([vmSetupPath, "-A", "-b", bridge, "-p", primary, "-i", isolated, "-v", vm_mac])
 	if res:
 	    result = "FAILURE:%s" % res
 	    return result;
-	logging.debug("Setup vm alone on switch program done")
+	logging.debug("Setup vm on switch program done")
     elif op == "delete":
-        logging.debug("About to remove vm alone on the switch:%s" % bridge)
-        res = lib.do_cmd([vmAloneSetupPath, "-D", "-b", bridge, "-i", isolated, "-v", vm_mac])
+        logging.debug("About to remove vm on the switch:%s" % bridge)
+        res = lib.do_cmd([vmSetupPath, "-D", "-b", bridge, "-p", primary, "-i", isolated, "-v", vm_mac])
 	if res:
 	    result = "FAILURE:%s" % res
 	    return result;
-	logging.debug("Remove vm alone on switch program done")
+	logging.debug("Remove vm on switch program done")
 
     result = "true"
     logging.debug("Setup_pvlan_vm_alone completed with result:%s" % result)
     return result
 
-@echo
-def setup_pvlan_vm_dhcp(session, args):
-    op = args.pop("op")
-    bridge = args.pop("bridge")
-    isolated = args.pop("isolated-pvlan")
-    vm_mac = args.pop("vm-mac")
-    dhcp_mac = args.pop("dhcp-mac");
-    trunk_port = 1
-
-    res = lib.check_switch()
-    if res != "SUCCESS":
-        return "FAILURE:%s" % res
-
-    if op == "add":
-        logging.debug("About to setup vm dhcp on the switch:%s" % bridge)
-        res = lib.do_cmd([vmDhcpSetupPath, "-A", "-b", bridge, "-i", isolated,
-            "-v", vm_mac, "-m", dhcp_mac])
-	if res:
-	    result = "FAILURE:%s" % res
-	    return result;
-	logging.debug("Setup vm dhcp on switch program done")
-    elif op == "delete":
-        logging.debug("About to remove vm dhcp on the switch:%s" % bridge)
-        res = lib.do_cmd([vmDhcpSetupPath, "-D", "-b", bridge, "-i", isolated,
-            "-v", vm_mac, "-m", dhcp_mac])
-	if res:
-	    result = "FAILURE:%s" % res
-	    return result;
-	logging.debug("Remove vm dhcp on switch program done")
-
-    result = "true"
-    logging.debug("Setup_pvlan_vm_dhcp completed with result:%s" % result)
-    return result
-
 @echo
 def cleanup(session, args):
     res = lib.check_switch()
@@ -163,6 +134,5 @@ def cleanup(session, args):
 
 if __name__ == "__main__":
     XenAPIPlugin.dispatch({"setup-pvlan-dhcp": setup_pvlan_dhcp,
-                           "setup-pvlan-vm-alone": setup_pvlan_vm_alone,
-                           "setup-pvlan-vm-dhcp": setup_pvlan_vm_dhcp,
+                           "setup-pvlan-vm": setup_pvlan_vm,
                            "cleanup":cleanup})
diff --git a/scripts/vm/hypervisor/xenserver/xenserver60/patch b/scripts/vm/hypervisor/xenserver/xenserver60/patch
index c767f1af7df..97595190904 100644
--- a/scripts/vm/hypervisor/xenserver/xenserver60/patch
+++ b/scripts/vm/hypervisor/xenserver/xenserver60/patch
@@ -69,6 +69,6 @@ swiftxen=..,0755,/etc/xapi.d/plugins
 s3xen=..,0755,/etc/xapi.d/plugins
 ovs-pvlan=..,0755,/etc/xapi.d/plugins
 ovs-pvlan-dhcp-host.sh=../../../network,0755,/opt/xensource/bin
-ovs-pvlan-vm-in-dhcp-host.sh=../../../network,0755,/opt/xensource/bin
 ovs-pvlan-vm.sh=../../../network,0755,/opt/xensource/bin
 ovs-pvlan-cleanup.sh=../../../network,0755,/opt/xensource/bin
+ovs-get-dhcp-port.sh=..,0755,/opt/xensource/bin
diff --git a/scripts/vm/network/ovs-pvlan-dhcp-host.sh b/scripts/vm/network/ovs-pvlan-dhcp-host.sh
index e12fbce0f18..93f56534beb 100755
--- a/scripts/vm/network/ovs-pvlan-dhcp-host.sh
+++ b/scripts/vm/network/ovs-pvlan-dhcp-host.sh
@@ -16,20 +16,26 @@
 # specific language governing permissions and limitations
 # under the License.
 
+#!/bin/bash
+
+source ovs-func.sh
+
 usage() {
-  printf "Usage: %s: (-A|-D) -b <bridge/switch> -p <primary vlan> -i <secondary isolated vlan> -d <DHCP server IP> -m <DHCP server MAC> -v <VM MAC> -h \n" $(basename $0) >&2
+  printf "Usage: %s: (-A|-D) -b <bridge/switch> -p <primary vlan> -i <secondary isolated vlan> -n <DHCP server name> -d <DHCP server IP> -m <DHCP server MAC> -P <DHCP on OVS port> -v <VM MAC> -h \n" $(basename $0) >&2
   exit 2
 }
 
 br=
 pri_vlan=
 sec_iso_vlan=
+dhcp_name=
 dhcp_ip=
 dhcp_mac=
+dhcp_port=
 vm_mac=
 op=
 
-while getopts 'ADb:p:i:d:m:v:h' OPTION
+while getopts 'ADb:p:i:d:m:v:n:P:h' OPTION
 do
   case $OPTION in
   A)  op="add"
@@ -42,10 +48,14 @@ do
       ;;
   i)  sec_iso_vlan="$OPTARG"
       ;;
+  n)  dhcp_name="$OPTARG"
+      ;;
   d)  dhcp_ip="$OPTARG"
       ;;
   m)  dhcp_mac="$OPTARG"
       ;;
+  P)  dhcp_port="$OPTARG"
+      ;;
   v)  vm_mac="$OPTARG"
       ;;
   h)  usage
@@ -78,6 +88,12 @@ then
     exit 1
 fi
 
+if [ -z "$dhcp_name" ]
+then
+    echo Missing parameter DHCP NAME!
+    exit 1
+fi
+
 if [ -z "$dhcp_ip" ]
 then
     echo Missing parameter DHCP IP!
@@ -90,12 +106,18 @@ then
     exit 1
 fi
 
+if [ "$op" == "add" -a -z "$dhcp_port" ]
+then
+    echo Missing parameter DHCP PORT!
+    exit 1
+fi
+
 if [ "$op" == "add" ]
 then
-    ovs-ofctl add-flow $br priority=200,arp,dl_vlan=$sec_iso_vlan,nw_dst=$dhcp_ip,actions=mod_vlan_vid:$pri_vlan,NORMAL
-    ovs-ofctl add-flow $br priority=180,arp,nw_dst=$dhcp_ip,actions=NORMAL
-    ovs-ofctl add-flow $br priority=150,dl_vlan=$sec_iso_vlan,dl_dst=$dhcp_mac,actions=mod_vlan_vid:$pri_vlan,NORMAL
-    ovs-ofctl add-flow $br priority=100,udp,dl_vlan=$sec_iso_vlan,nw_dst=255.255.255.255,tp_dst=67,actions=mod_vlan_vid:$pri_vlan,NORMAL
+    ovs-ofctl add-flow $br priority=200,arp,dl_vlan=$sec_iso_vlan,nw_dst=$dhcp_ip,actions=strip_vlan,output:$dhcp_port
+    ovs-ofctl add-flow $br priority=180,arp,nw_dst=$dhcp_ip,actions=strip_vlan,output:$dhcp_port
+    ovs-ofctl add-flow $br priority=150,dl_vlan=$sec_iso_vlan,dl_dst=$dhcp_mac,actions=strip_vlan,output:$dhcp_port
+    ovs-ofctl add-flow $br priority=100,udp,dl_vlan=$sec_iso_vlan,nw_dst=255.255.255.255,tp_dst=67,actions=strip_vlan,output:$dhcp_port
 else
     ovs-ofctl del-flows --strict $br priority=200,arp,dl_vlan=$sec_iso_vlan,nw_dst=$dhcp_ip
     ovs-ofctl del-flows --strict $br priority=180,arp,nw_dst=$dhcp_ip
diff --git a/scripts/vm/network/ovs-pvlan-vm-in-dhcp-host.sh b/scripts/vm/network/ovs-pvlan-vm-in-dhcp-host.sh
deleted file mode 100755
index de37882159c..00000000000
--- a/scripts/vm/network/ovs-pvlan-vm-in-dhcp-host.sh
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-# 
-#   http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-usage() {
-  printf "Usage: %s: (-A|-D) -b <bridge/switch> -p <primary vlan> -i <secondary isolated vlan> -d <DHCP server IP> -m <DHCP server MAC> -v <VM MAC> -h \n" $(basename $0) >&2
-  exit 2
-}
-
-br=
-pri_vlan=
-sec_iso_vlan=
-dhcp_ip=
-dhcp_mac=
-vm_mac=
-op=
-
-while getopts 'ADb:p:i:d:m:v:h' OPTION
-do
-  case $OPTION in
-  A)  op="add"
-      ;;
-  D)  op="del"
-      ;;
-  b)  br="$OPTARG"
-      ;;
-  p)  pri_vlan="$OPTARG"
-      ;;
-  i)  sec_iso_vlan="$OPTARG"
-      ;;
-  d)  dhcp_ip="$OPTARG"
-      ;;
-  m)  dhcp_mac="$OPTARG"
-      ;;
-  v)  vm_mac="$OPTARG"
-      ;;
-  h)  usage
-      exit 1
-      ;;
-  esac
-done
-
-if [ -z "$op" ]
-then
-    echo Missing operation pararmeter!
-    exit 1
-fi
-
-if [ -z "$br" ]
-then
-    echo Missing parameter bridge!
-    exit 1
-fi
-
-if [ -z "$vm_mac" ]
-then
-    echo Missing parameter VM MAC!
-    exit 1
-fi
-
-if [ -z "$dhcp_mac" ]
-then
-    echo Missing parameter DHCP MAC!
-    exit 1
-fi
-
-if [ "$op" == "add" ]
-then
-    ovs-ofctl add-flow $br priority=120,dl_src=$vm_mac,dl_dst=$dhcp_mac,actions=NORMAL
-    ovs-ofctl add-flow $br priority=80,udp,dl_src=$vm_mac,nw_dst=255.255.255.255,tp_dst=67,actions=NORMAL
-else
-    ovs-ofctl del-flows --strict $br priority=120,dl_src=$vm_mac,dl_dst=$dhcp_mac
-    ovs-ofctl del-flows --strict $br priority=80,udp,dl_src=$vm_mac,nw_dst=255.255.255.255,tp_dst=67
-fi
diff --git a/scripts/vm/network/ovs-pvlan-vm.sh b/scripts/vm/network/ovs-pvlan-vm.sh
index 8ac20df5ad1..4bad11c7624 100755
--- a/scripts/vm/network/ovs-pvlan-vm.sh
+++ b/scripts/vm/network/ovs-pvlan-vm.sh
@@ -16,6 +16,8 @@
 # specific language governing permissions and limitations
 # under the License.
 
+#!/bin/bash
+
 usage() {
   printf "Usage: %s: (-A|-D) -b <bridge/switch> -p <primary vlan> -i <secondary isolated vlan> -d <DHCP server IP> -m <DHCP server MAC> -v <VM MAC> -h \n" $(basename $0) >&2
   exit 2
@@ -72,6 +74,12 @@ then
     exit 1
 fi
 
+if [ -z "$pri_vlan" ]
+then
+    echo Missing parameter secondary isolate vlan!
+    exit 1
+fi
+
 if [ -z "$sec_iso_vlan" ]
 then
     echo Missing parameter secondary isolate vlan!
@@ -82,9 +90,10 @@ trunk_port=1
 
 if [ "$op" == "add" ]
 then
-    ovs-ofctl add-flow $br priority=50,dl_src=$vm_mac,actions=mod_vlan_vid:$sec_iso_vlan,output:$trunk_port
+    ovs-ofctl add-flow $br priority=50,dl_vlan=0xffff,dl_src=$vm_mac,actions=mod_vlan_vid:$sec_iso_vlan,resubmit:$trunk_port
+    ovs-ofctl add-flow $br priority=60,dl_vlan=$sec_iso_vlan,dl_src=$vm_mac,actions=output:1
 else
-    # it would delete any rule related to this vm, not only the rule added above
-    ovs-ofctl del-flows $br dl_src=$vm_mac
+    ovs-ofctl del-flows --strict $br priority=50,dl_vlan=0xffff,dl_src=$vm_mac
+    ovs-ofctl del-flows --strict $br priority=60,dl_vlan=$sec_iso_vlan,dl_src=$vm_mac
 fi
 
diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java
index d9c43567d06..5c73bcdd80e 100755
--- a/server/src/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VirtualRouterElement.java
@@ -215,16 +215,6 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
             throw new ResourceUnavailableException("Can't find at least one running router!",
                     DataCenter.class, network.getDataCenterId());
         }
-        
-        // Setup PVlan for vm if necessary
-        if (network.getTrafficType() == TrafficType.Guest && network.getBroadcastDomainType() == BroadcastDomainType.Pvlan) {
-        	assert routers.size() == 1;
-        	DomainRouterVO router = routers.get(0);
-        	if (router.getHostId() == dest.getHost().getId()) {
-        		_routerMgr.setupVmWithDhcpHostForPvlan(true, router, nic);
-        	}
-        }
-        
         return true;      
     }
 
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
index 4dfd78c2a52..075b014cb0b 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
@@ -105,6 +105,4 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
 	
 	boolean applyUserData(Network config, NicProfile nic, VirtualMachineProfile<UserVm> vm, DeployDestination dest, 
 	        List<DomainRouterVO> routers) throws ResourceUnavailableException;
-
-	void setupVmWithDhcpHostForPvlan(boolean add, DomainRouterVO router, NicProfile profile) throws ResourceUnavailableException;
 }
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index bb31e1cf5e8..d22c7fc6d31 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2211,35 +2211,6 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
         return dhcpRange;
     }
 
-    private boolean setupDhcpForPvlanOnHost(boolean add, DomainRouterVO router, Nic routerNic) {
-    	if (!routerNic.getBroadcastUri().getScheme().equals("pvlan")) {
-    		return false;
-    	}
-    	setupDhcpForPvlan(add, router, routerNic);
-    	Long hostId = router.getHostId();
-    	List<UserVmVO> vms = _userVmDao.listByHostId(hostId);
-    	for (UserVmVO vm : vms) {
-    		if (vm.getState() != State.Running) {
-    			continue;
-    		}
-    		List<NicVO> nics = _nicDao.listByVmId(vm.getId());
-    		for (NicVO nic : nics) {
-    			if (nic.getNetworkId() == routerNic.getNetworkId()) {
-    				try {
-    					Network network = _networkDao.findById(routerNic.getNetworkId());
-    					NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), 
-    							null, _networkModel.isSecurityGroupSupportedInNetwork(network), _networkModel.getNetworkTag(vm.getHypervisorType(), network));
-						setupVmWithDhcpHostForPvlan(add, router, profile);
-					} catch (ResourceUnavailableException e) {
-						s_logger.warn("Fail to program pvlan on nic " + nic.getMacAddress(), e);
-						return false;
-					}
-    			}
-    		}
-    	}
-    	return true;
-    }
-    
     private boolean setupDhcpForPvlan(boolean add, DomainRouterVO router, Nic nic) {
     	if (!nic.getBroadcastUri().getScheme().equals("pvlan")) {
     		return false;
@@ -2248,7 +2219,7 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
     	if (!add) {
     		op = "delete";
     	}
-    	PvlanSetupCommand cmd = PvlanSetupCommand.createDhcpSetup(op, "xenbr0", nic.getBroadcastUri(), nic.getMacAddress(), nic.getIp4Address());
+    	PvlanSetupCommand cmd = PvlanSetupCommand.createDhcpSetup(op, "xenbr0", nic.getBroadcastUri(), router.getInstanceName(), nic.getMacAddress(), nic.getIp4Address());
     	Commands cmds = new Commands(cmd);
     	// In fact we send command to the host of router, we're not programming router but the host
     	try {
@@ -2260,23 +2231,6 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
     	return true;
     }
     
-    @Override
-    public void setupVmWithDhcpHostForPvlan(boolean add, DomainRouterVO router, NicProfile profile) throws ResourceUnavailableException
-    {
-    	if (!profile.getBroadCastUri().getScheme().equals("pvlan")) {
-    		return;
-    	}
-    	String op = "add";
-    	if (!add) {
-    		op = "delete";
-    	}
-    	NicVO routerNic = _nicDao.findByInstanceIdAndNetworkId(profile.getNetworkId(), router.getId());
-    	PvlanSetupCommand cmd = PvlanSetupCommand.createVmInDhcpHostSetup(op, "xenbr0", profile.getBroadCastUri(), routerNic.getMacAddress(), profile.getMacAddress());
-    	Commands cmds = new Commands(cmd);
-    	// In fact we send command to the host of router, we're not programming router but the host
-    	sendCommandsToRouter(router, cmds);
-    }
-    
     @Override
     public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<DomainRouterVO> profile, 
             DeployDestination dest, ReservationContext context) throws ResourceUnavailableException {
@@ -2577,7 +2531,7 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
             if (network.getTrafficType() == TrafficType.Guest) {
                 guestNetworks.add(network);
                 if (nic.getBroadcastUri().getScheme().equals("pvlan")) {
-                	result = setupDhcpForPvlanOnHost(true, router, nic);
+                	result = setupDhcpForPvlan(true, router, nic);
                 }
             }
         }
@@ -2615,9 +2569,10 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
             for (Nic nic : routerNics) {
             	Network network = _networkModel.getNetwork(nic.getNetworkId());
             	if (network.getTrafficType() == TrafficType.Guest && nic.getBroadcastUri().getScheme().equals("pvlan")) {
-            		setupDhcpForPvlanOnHost(false, domR, nic);
+            		setupDhcpForPvlan(false, domR, nic);
             	}
             }
+
         }
     }
 
diff --git a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
index 5278b339e19..e86fc09ce2c 100644
--- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
+++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
@@ -401,12 +401,4 @@ VpcVirtualNetworkApplianceService {
         // TODO Auto-generated method stub
         return null;
     }
-
-	@Override
-	public void setupVmWithDhcpHostForPvlan(boolean add,
-			DomainRouterVO router, NicProfile nic) throws ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		
-	}
-
 }