From 19668713ed2f12e61f538a238422d7dfd4841009 Mon Sep 17 00:00:00 2001 From: Jayapal Date: Mon, 26 May 2014 15:10:35 +0530 Subject: [PATCH] CLOUDSTACK-6761: Fixed removing proxy arp rule on deleting static nat or PF rule on ip The proxy-arp add/del is done on firewall rule add/del. The proxy-arp rule is deleted only when there is no static nat or dest nat rule is not using the ip. When there is static nat or PF and firewall rule a. Delete firewall rule. It skips delete proxy-arp because the rule is used by static nat rule. b. After deleting fw rule if we disable static nat there is no way to delete proxy-arp rule. On VM expunge we are deleting firewall rules first then static nat rules. This caused the stale proxy-arp rules. With this fix adding/deleting proxy arp rule on static nat/PF rule add/del. --- .../src/com/cloud/network/resource/JuniperSrxResource.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java index ed6011b9a7a..2089b1d66dd 100644 --- a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java +++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java @@ -965,6 +965,7 @@ public class JuniperSrxResource implements ServerResource { private void addStaticNatRule(Long publicVlanTag, String publicIp, String privateIp, List rules) throws ExecutionException { manageStaticNatRule(SrxCommand.ADD, publicIp, privateIp); manageAddressBookEntry(SrxCommand.ADD, _privateZone, privateIp, null); + manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp); // Add a new security policy with the current set of applications addSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp, extractApplications(rules)); @@ -979,6 +980,7 @@ public class JuniperSrxResource implements ServerResource { removeSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp); manageAddressBookEntry(SrxCommand.DELETE, _privateZone, privateIp, null); + manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp); s_logger.debug("Removed static NAT rule for public IP " + publicIp + ", and private IP " + privateIp); } @@ -1248,6 +1250,7 @@ public class JuniperSrxResource implements ServerResource { List applications = new ArrayList(); applications.add(new Object[] {protocol, destPortStart, destPortEnd}); addSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp, applications); + manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp); String srcPortRange = srcPortStart + "-" + srcPortEnd; String destPortRange = destPortStart + "-" + destPortEnd; @@ -1258,6 +1261,7 @@ public class JuniperSrxResource implements ServerResource { private void removeDestinationNatRule(Long publicVlanTag, String publicIp, String privateIp, int srcPort, int destPort) throws ExecutionException { manageDestinationNatRule(SrxCommand.DELETE, publicIp, privateIp, srcPort, destPort); manageDestinationNatPool(SrxCommand.DELETE, privateIp, destPort); + manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp); removeSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp);