etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

findbug fixes, added some comments, bug fixes

This commit is contained in:
Murali Reddy 2014-03-14 15:51:49 +05:30
parent 7b0677a2c2
commit 42b553e30e
5 changed files with 186 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -1147,7 +1147,11 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
if (vmSpec != null) {
vifr.otherConfig.put("cloudstack-vm-id", vmSpec.getUuid());
}
// OVS plugin looks at network UUID in the vif 'otherconfig' details to group VIF's & tunnel ports as part of tier
// when bridge is setup for distributed routing
vifr.otherConfig.put("cloudstack-network-id", nic.getNetworkUuid());
vifr.network = getNetwork(conn, nic);
if (nic.getNetworkRateMbps() != null && nic.getNetworkRateMbps().intValue() != -1) {
@ -5285,7 +5289,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
Connection conn = getConnection();
try {
Network nw = findOrCreateTunnelNetwork(conn, cmd.getBridgeName());
String bridgeName = nw.getBridge(conn);;
String bridgeName = nw.getBridge(conn);
String result = callHostPlugin(conn, "ovstunnel", "configure_ovs_bridge_for_network_topology", "bridge",
bridgeName, "config", cmd.getVpcConfigInJson(), "host-id", ((Long)cmd.getHostId()).toString());
if (result.startsWith("SUCCESS")) {
@ -5302,8 +5306,11 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
public Answer execute(OvsVpcRoutingPolicyConfigCommand cmd) {
Connection conn = getConnection();
try {
Network nw = findOrCreateTunnelNetwork(conn, cmd.getBridgeName());
String bridgeName = nw.getBridge(conn);
String result = callHostPlugin(conn, "ovstunnel", "configure_ovs_bridge_for_routing_policies", "bridge",
cmd.getBridgeName(), "host-id", ((Long)cmd.getHostId()).toString(), "config",
bridgeName, "host-id", ((Long)cmd.getHostId()).toString(), "config",
cmd.getVpcConfigInJson());
if (result.startsWith("SUCCESS")) {
return new Answer(cmd, true, result);

1
plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
View File

@ -151,6 +151,7 @@ public class OvsGuestNetworkGuru extends GuestNetworkGuru {
implemented.setBroadcastDomainType(BroadcastDomainType.Vswitch);
// for the networks that are part of VPC enabled for distributed routing use scheme vs://vpcid.GRE key for network
if (network.getVpcId() != null && isVpcEnabledForDistributedRouter(network.getVpcId())) {
String keyStr = BroadcastDomainType.getValue(implemented.getBroadcastUri());
Long vpcid= network.getVpcId();

21
plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
View File

@ -91,6 +91,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vpcHostIds;
}
/**
* get the list of VPC id's of the vpc's for which one or more VM's from the VPC are running on the host
*/
@Override
public List<Long> getVpcOnHost(long hostId) {
List<Long> vpcIds = new ArrayList<>();
@ -109,6 +112,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vpcIds;
}
/**
* get the list of all active Vm id's in a network
*/
@Override
public List<Long> getAllActiveVmsInNetwork(long networkId) {
List <Long> vmIds = new ArrayList<>();
@ -117,7 +123,6 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
VirtualMachine.State.Migrating);
// Find routers for the network
List<DomainRouterVO> routers = _routerDao.findByNetwork(networkId);
List<VMInstanceVO> ins = new ArrayList<VMInstanceVO>();
if (vms != null) {
for (UserVmVO vm : vms) {
@ -132,6 +137,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vmIds;
}
/**
* get the list of all active Vm id's in the VPC for all ther tiers
*/
@Override
public List<Long> getAllActiveVmsInVpc(long vpcId) {
@ -148,6 +156,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vmIds;
}
/**
* get the list of all Vm id's in the VPC for all the tiers that are running on the host
*/
@Override
public List<Long> getActiveVmsInVpcOnHost(long vpcId, long hostId) {
Set<Long> vmIdsSet = new HashSet<>();
@ -163,6 +174,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vmIds;
}
/**
* get the list of all Vm id's in the network that are running on the host
*/
@Override
public List<Long> getActiveVmsInNetworkOnHost(long networkId, long hostId) {
List <Long> vmIds = new ArrayList<>();
@ -171,7 +185,6 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
VirtualMachine.State.Migrating);
// Find routers for the network
List<DomainRouterVO> routers = _routerDao.findByNetwork(networkId);
List<VMInstanceVO> ins = new ArrayList<VMInstanceVO>();
if (vms != null) {
for (UserVmVO vm : vms) {
@ -188,13 +201,15 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
return vmIds;
}
/**
* get the list of all Vpc id's in which, a VM has a nic in the network that is part of VPC
*/
@Override
public List<Long> getVpcIdsVmIsPartOf(long vmId) {
List<Long> vpcIds = new ArrayList<>();
List<NicVO> nics = _nicDao.listByVmId(vmId);
if (nics == null)
return null;
for (Nic nic: nics) {
Network network = _networkDao.findById(nic.getNetworkId());
if (network != null && network.getTrafficType() == Networks.TrafficType.Guest && network.getVpcId() != null) {

56
plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
View File

@ -665,7 +665,6 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
public boolean postStateTransitionEvent(VirtualMachine.State oldState, VirtualMachine.Event event,
VirtualMachine.State newState, VirtualMachine vm,
boolean status, Object opaque) {
if (!status) {
return false;
}
@ -720,7 +719,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
public boolean sendVpcTopologyChangeUpdate(OvsVpcPhysicalTopologyConfigCommand updateCmd, long hostId, String bridgeName) {
try {
s_logger.debug("Sending VPC topology update to the host " + hostId);
s_logger.debug("Sending VPC topology change update to the host " + hostId);
updateCmd.setHostId(hostId);
updateCmd.setBridgeName(bridgeName);
Answer ans = _agentMgr.send(hostId, updateCmd);
@ -732,7 +731,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
return false;
}
} catch (Exception e) {
s_logger.debug("Failed to updated the host " + hostId + " with latest VPC topology." );
s_logger.debug("Failed to updated the host " + hostId + " with latest VPC topology.", e );
return false;
}
}
@ -797,6 +796,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
vmInstance.getHostId(), vmNics.toArray(new OvsVpcPhysicalTopologyConfigCommand.Nic[vmNics.size()]));
vms.add(vm);
}
return new OvsVpcPhysicalTopologyConfigCommand(
hosts.toArray(new OvsVpcPhysicalTopologyConfigCommand.Host[hosts.size()]),
tiers.toArray(new OvsVpcPhysicalTopologyConfigCommand.Tier[tiers.size()]),
@ -804,47 +804,58 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
vpc.getCidr());
}
// Subscriber to ACL replace events. On acl replace event, if the vpc is enabled for distributed routing
// send the ACL update to all the hosts on which VPC spans
// Subscriber to ACL replace events. On acl replace event, if the vpc for the tier is enabled for
// distributed routing send the ACL update to all the hosts on which VPC spans
public class NetworkAclEventsSubscriber implements MessageSubscriber {
@Override
public void onPublishMessage(String senderAddress, String subject, Object args) {
NetworkVO network = (NetworkVO) args;
String bridgeName=generateBridgeNameForVpc(network.getVpcId());
if (network.getVpcId() != null & isVpcEnabledForDistributedRouter(network.getVpcId())) {
long vpcId = network.getVpcId();
OvsVpcRoutingPolicyConfigCommand cmd = prepareVpcRoutingPolicyUpdate(vpcId);
List<Long> vpcSpannedHostIds = _ovsNetworkToplogyGuru.getVpcSpannedHosts(vpcId);
for (Long id: vpcSpannedHostIds) {
if (!sendVpcRoutingPolicyChangeUpdate(cmd, id, bridgeName)) {
s_logger.debug("Failed to send VPC routing policy change update to host : " + id +
". But moving on with sending the host updates to the rest of the hosts.");
try {
NetworkVO network = (NetworkVO) args;
String bridgeName=generateBridgeNameForVpc(network.getVpcId());
if (network.getVpcId() != null & isVpcEnabledForDistributedRouter(network.getVpcId())) {
long vpcId = network.getVpcId();
OvsVpcRoutingPolicyConfigCommand cmd = prepareVpcRoutingPolicyUpdate(vpcId);
List<Long> vpcSpannedHostIds = _ovsNetworkToplogyGuru.getVpcSpannedHosts(vpcId);
for (Long id: vpcSpannedHostIds) {
if (!sendVpcRoutingPolicyChangeUpdate(cmd, id, bridgeName)) {
s_logger.debug("Failed to send VPC routing policy change update to host : " + id +
". But moving on with sending the updates to the rest of the hosts.");
}
}
}
} catch (Exception e) {
s_logger.debug("Failed to send VPC routing policy change updates all hosts in vpc", e);
}
}
}
private OvsVpcRoutingPolicyConfigCommand prepareVpcRoutingPolicyUpdate(long vpcId) {
VpcVO vpc = _vpcDao.findById(vpcId);
assert (vpc != null): "invalid vpc id";
List<OvsVpcRoutingPolicyConfigCommand.Acl> acls = new ArrayList<>();
List<OvsVpcRoutingPolicyConfigCommand.Tier> tiers = new ArrayList<>();
VpcVO vpc = _vpcDao.findById(vpcId);
List<? extends Network> vpcNetworks = _vpcMgr.getVpcNetworks(vpcId);
assert (vpc != null && (vpcNetworks != null && !vpcNetworks.isEmpty())): "invalid vpc id";
for (Network network : vpcNetworks) {
Long networkAclId = network.getNetworkACLId();
if (networkAclId == null)
continue;
NetworkACLVO networkAcl = _networkACLDao.findById(networkAclId);
List<OvsVpcRoutingPolicyConfigCommand.AclItem> aclItems = new ArrayList<>();
List<NetworkACLItemVO> aclItemVos = _networkACLItemDao.listByACL(networkAclId);
for (NetworkACLItemVO aclItem : aclItemVos) {
String[] sourceCidrs = aclItem.getSourceCidrList().toArray(new String[aclItem.getSourceCidrList().size()]);
aclItems.add(new OvsVpcRoutingPolicyConfigCommand.AclItem(
aclItem.getNumber(), aclItem.getUuid(), aclItem.getAction().name(),
aclItem.getTrafficType().name(),
aclItem.getSourcePortStart().toString(), aclItem.getSourcePortEnd().toString(),
aclItem.getProtocol(), sourceCidrs));
((aclItem.getSourcePortStart() != null) ?aclItem.getSourcePortStart().toString() :null),
((aclItem.getSourcePortEnd() != null) ?aclItem.getSourcePortEnd().toString() :null),
aclItem.getProtocol(),
sourceCidrs));
}
OvsVpcRoutingPolicyConfigCommand.Acl acl = new OvsVpcRoutingPolicyConfigCommand.Acl(networkAcl.getUuid(),
@ -862,10 +873,9 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
return cmd;
}
public boolean sendVpcRoutingPolicyChangeUpdate(OvsVpcRoutingPolicyConfigCommand updateCmd, long hostId, String bridgeName) {
try {
s_logger.debug("Sending VPC routing policy change update to the host " + hostId);
s_logger.debug("Sending VPC routing policies change update to the host " + hostId);
updateCmd.setHostId(hostId);
updateCmd.setBridgeName(bridgeName);
Answer ans = _agentMgr.send(hostId, updateCmd);
@ -873,11 +883,11 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
s_logger.debug("Successfully updated the host " + hostId + " with latest VPC routing policies." );
return true;
} else {
s_logger.debug("Failed to update the host " + hostId + " with latest routing policy." );
s_logger.debug("Failed to update the host " + hostId + " with latest routing policies." );
return false;
}
} catch (Exception e) {
s_logger.debug("Failed to updated the host " + hostId + " with latest routing policy." );
s_logger.debug("Failed to updated the host " + hostId + " with latest routing policies due to" , e );
return false;
}
}

222
scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
View File

@ -321,62 +321,66 @@ def configure_bridge_for_network_topology(bridge, this_host_id, json_config):
logging.debug("WARNING:Can't find VPC info in json config file")
return "FAILURE:IMPROPER_JSON_CONFG_FILE"
# get the list of Vm's in the VPC from the JSON config
this_host_vms = get_vms_on_host(vpconfig, this_host_id)
try:
# get the list of Vm's in the VPC from the JSON config
this_host_vms = get_vms_on_host(vpconfig, this_host_id)
for vm in this_host_vms:
for nic in vm.nics:
mac_addr = nic.macaddress
ip = nic.ipaddress
vif_name = get_vif_name_from_macaddress(mac_addr)
of_port = get_ofport_for_vif(vif_name)
network = get_network_details(vpconfig, nic.networkuuid)
# Add flow rule in L2 look up table, if the destination mac = MAC of the nic send packet on the found OFPORT
add_mac_lookup_table_entry(bridge, mac_addr, of_port)
# Add flow rule in L3 look up table: if the destination IP = VM's IP then modify the packet
# to set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
# Add flow entry to send with intra tier traffic from the NIC to L2 lookup path)
action_str = "table=0, in_port=%s," %of_port + " ip, nw_dst=%s," %network.cidr + " actions=resubmit(,1)"
addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
do_cmd(addflow)
#add flow entry to send inter-tier traffic from the NIC to egress ACL table(to L3 lookup path)
action_str = "table=0, in_port=%s," % of_port + " ip, dl_dst=%s," %network.gatewaymac +\
"nw_dst=%s," %vpconfig.cidr + "actions=resubmit(,3)"
addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
do_cmd(addflow)
# get the list of hosts on which VPC spans from the JSON config
vpc_spanning_hosts = vpconfig.hosts
for host in vpc_spanning_hosts:
if str(this_host_id) == str(host.hostid):
continue
other_host_vms = get_vms_on_host(vpconfig, host.hostid)
for vm in other_host_vms:
for vm in this_host_vms:
for nic in vm.nics:
mac_addr = nic.macaddress
ip = nic.ipaddress
vif_name = get_vif_name_from_macaddress(mac_addr)
of_port = get_ofport_for_vif(vif_name)
network = get_network_details(vpconfig, nic.networkuuid)
gre_key = network.grekey
# generate tunnel name from tunnel naming convention
tunnel_name = "t%s-%s-%s" % (gre_key, this_host_id, host.hostid)
of_port = get_ofport_for_vif(tunnel_name)
# Add flow rule in L2 look up table, if the destination mac = MAC of the nic send packet tunnel port
# Add flow rule in L2 look up table, if the destination mac = MAC of the nic send packet on the found OFPORT
add_mac_lookup_table_entry(bridge, mac_addr, of_port)
# Add flow tule in L3 look up table: if the destination IP = VM's IP then modify the packet
# set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
# Add flow rule in L3 look up table: if the destination IP = VM's IP then modify the packet
# to set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
return "SUCCESS: successfully configured bridge as per the VPC topology"
# Add flow entry to send with intra tier traffic from the NIC to L2 lookup path)
action_str = "table=0, in_port=%s," %of_port + " ip, nw_dst=%s," %network.cidr + " actions=resubmit(,1)"
addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
do_cmd(addflow)
#add flow entry to send inter-tier traffic from the NIC to egress ACL table(to L3 lookup path)
action_str = "table=0, in_port=%s," % of_port + " ip, dl_dst=%s," %network.gatewaymac +\
"nw_dst=%s," %vpconfig.cidr + "actions=resubmit(,3)"
addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
do_cmd(addflow)
# get the list of hosts on which VPC spans from the JSON config
vpc_spanning_hosts = vpconfig.hosts
for host in vpc_spanning_hosts:
if str(this_host_id) == str(host.hostid):
continue
other_host_vms = get_vms_on_host(vpconfig, host.hostid)
for vm in other_host_vms:
for nic in vm.nics:
mac_addr = nic.macaddress
ip = nic.ipaddress
network = get_network_details(vpconfig, nic.networkuuid)
gre_key = network.grekey
# generate tunnel name from tunnel naming convention
tunnel_name = "t%s-%s-%s" % (gre_key, this_host_id, host.hostid)
of_port = get_ofport_for_vif(tunnel_name)
# Add flow rule in L2 look up table, if the destination mac = MAC of the nic send packet tunnel port
add_mac_lookup_table_entry(bridge, mac_addr, of_port)
# Add flow tule in L3 look up table: if the destination IP = VM's IP then modify the packet
# set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
return "SUCCESS: successfully configured bridge as per the VPC topology"
except:
logging.debug("An unexpected error occurred while configuring bridge as per VPC topology.")
raise
def get_acl(vpcconfig, required_acl_id):
acls = vpcconfig.acls
@ -392,60 +396,84 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
logging.debug("WARNING:Can't find VPC info in json config file")
return "FAILURE:IMPROPER_JSON_CONFG_FILE"
# First flush current egress ACL's before re-applying the ACL's
del_flows(bridge, table=3)
try:
# First flush current egress ACL's before re-applying the ACL's
del_flows(bridge, table=3)
egress_rules_added = False
ingress_rules_added = False
egress_rules_added = False
ingress_rules_added = False
tiers = vpconfig.tiers
for tier in tiers:
tier_cidr = tier.cidr
acl = get_acl(vpconfig, tier.aclid)
acl_items = acl.aclitems
tiers = vpconfig.tiers
for tier in tiers:
tier_cidr = tier.cidr
acl = get_acl(vpconfig, tier.aclid)
acl_items = acl.aclitems
for acl_item in acl_items:
number = acl_item.number
action = acl_item.action
direction = acl_item.direction
source_port_start = acl_item.sourceportstart
source_port_end = acl_item.sourceportend
protocol = acl_item.protocol
source_cidrs = acl_item.sourcecidrs
acl_priority = 1000 + number
for source_cidr in source_cidrs:
if direction is "ingress":
ingress_rules_added = True
# add flow rule to do action (allow/deny) for flows where source IP of the packet is in
# source_cidr and destination ip is in tier_cidr
port = source_port_start
while (port < source_port_end):
if action is "deny":
add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr, nw_dst=tier_cidr, tp_dst=port,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr, nw_dst=tier_cidr, tp_dst=port,
nw_proto=protocol, actions='resubmit(,1)')
port = port + 1
for acl_item in acl_items:
number = acl_item.number
action = acl_item.action
direction = acl_item.direction
source_port_start = acl_item.sourceportstart
source_port_end = acl_item.sourceportend
protocol = acl_item.protocol
source_cidrs = acl_item.sourcecidrs
acl_priority = 1000 + number
for source_cidr in source_cidrs:
if direction is "ingress":
ingress_rules_added = True
elif direction in "egress":
egress_rules_added = True
# add flow rule to do action (allow/deny) for flows where destination IP of the packet is in
# source_cidr and source ip is in tier_cidr
port = source_port_start
while (port < source_port_end):
if action is "deny":
add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr, nw_dst=source_cidr, tp_dst=port,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr, nw_dst=source_cidr, tp_dst=port,
nw_proto=protocol, actions='resubmit(,1)')
port = port + 1
if source_port_start is None and source_port_end is None:
if action is "deny":
add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr, nw_dst=tier_cidr,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr, nw_dst=tier_cidr,
nw_proto=protocol, actions='resubmit(,1)')
continue
if egress_rules_added is False:
# add a default rule in egress table to forward packet to L3 lookup table
add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
# add flow rule to do action (allow/deny) for flows where source IP of the packet is in
# source_cidr and destination ip is in tier_cidr
port = source_port_start
while (port < source_port_end):
if action is "deny":
add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr, nw_dst=tier_cidr, tp_dst=port,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr, nw_dst=tier_cidr, tp_dst=port,
nw_proto=protocol, actions='resubmit(,1)')
port = port + 1
if ingress_rules_added is False:
# add a default rule in egress table drop packets
add_flow(bridge, priority=0, table=5, actions='drop')
elif direction in "egress":
egress_rules_added = True
if source_port_start is None and source_port_end is None:
if action is "deny":
add_flow(bridge, priority= acl_priority, table=3, nw_src=source_cidr, nw_dst=tier_cidr,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority,table=3, nw_src=source_cidr, nw_dst=tier_cidr,
nw_proto=protocol, actions='resubmit(,1)')
continue
# add flow rule to do action (allow/deny) for flows where destination IP of the packet is in
# source_cidr and source ip is in tier_cidr
port = source_port_start
while (port < source_port_end):
if action is "deny":
add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr, nw_dst=source_cidr, tp_dst=port,
nw_proto=protocol, actions='drop')
if action is "allow":
add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr, nw_dst=source_cidr, tp_dst=port,
nw_proto=protocol, actions='resubmit(,1)')
port = port + 1
if egress_rules_added is False:
# add a default rule in egress table to forward packet to L3 lookup table
add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
if ingress_rules_added is False:
# add a default rule in egress table drop packets
add_flow(bridge, priority=0, table=5, actions='drop')
except:
logging.debug("An unexpected error occurred while configuring bridge as per VPC's routing policies.")
raise