NSX: Fix Routed Mode for Isolated and VPC networks (#8534)

* NSX: Fix Routed Mode for Isolated and VPC networks * NSX: Fix Routed mode - add checks for ports added for FW rules * clean up code * fix build failure
2024-01-23 08:13:24 -05:00 · 2024-01-23 08:13:24 -05:00 · 80365c8333
parent e518f1933a
commit 80365c8333
3 changed files with 22 additions and 9 deletions
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxGuestNetworkGuru.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxGuestNetworkGuru.java
@ -39,6 +39,7 @@ import com.cloud.network.dao.PhysicalNetworkVO;
 import com.cloud.network.guru.GuestNetworkGuru;
 import com.cloud.network.vpc.VpcVO;
 import com.cloud.offering.NetworkOffering;
+import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
 import com.cloud.user.Account;
 import com.cloud.user.dao.AccountDao;
@ -227,7 +228,9 @@ public class NsxGuestNetworkGuru extends GuestNetworkGuru implements NetworkMigr
            throw new CloudRuntimeException(msg);
        }

-        if (isNull(network.getVpcId())) {
+        NetworkOfferingVO networkOfferingVO = networkOfferingDao.findById(network.getNetworkOfferingId());
+
+        if (isNull(network.getVpcId()) && networkOfferingVO.getNsxMode().equals(NetworkOffering.NsxMode.NATTED.name())) {
            long domainId = domain.getId();
            long accountId = account.getId();
            long dataCenterId = zone.getId();
--- a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
@ -701,7 +701,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
        for (FirewallRuleVO rule : rules) {
            // validate rule - for NSX
            long networkId = rule.getNetworkId();
-            validateNsxConstraints(networkId, rule.getProtocol(), rule.getIcmpType(), rule.getIcmpCode());
+            validateNsxConstraints(networkId, rule);
            // load cidrs if any
            rule.setSourceCidrList(_firewallCidrsDao.getSourceCidrs(rule.getId()));
            rule.setDestinationCidrsList(_firewallDcidrsDao.getDestCidrs(rule.getId()));
@ -723,18 +723,28 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
        return true;
    }

-    private void validateNsxConstraints(long networkId, String protocol, Integer icpmType, Integer icmpCode) {
+    private void validateNsxConstraints(long networkId, FirewallRuleVO rule) {
+        String protocol = rule.getProtocol();
        final Network network = entityManager.findById(Network.class, networkId);
        final DataCenter dc = entityManager.findById(DataCenter.class, network.getDataCenterId());
        final NsxProviderVO nsxProvider = nsxProviderDao.findByZoneId(dc.getId());
        if (Objects.isNull(nsxProvider)) {
            return;
        }
-        if (NetUtils.ICMP_PROTO.equals(protocol.toLowerCase(Locale.ROOT)) && (icpmType == -1 || icmpCode == -1)) {
+
+        if (NetUtils.ICMP_PROTO.equals(protocol.toLowerCase(Locale.ROOT)) && (rule.getIcmpType() == -1 || rule.getIcmpCode() == -1)) {
            String errorMsg = "Passing -1 for ICMP type is not supported for NSX enabled zones";
            s_logger.error(errorMsg);
            throw new InvalidParameterValueException(errorMsg);
        }
+
+        if (List.of(NetUtils.TCP_PROTO, NetUtils.UDP_PROTO).contains(protocol.toLowerCase(Locale.ROOT)) &&
+                (Objects.isNull(rule.getSourcePortStart()) || Objects.isNull(rule.getSourcePortEnd())) &&
+            State.Add.equals(rule.getState())) {
+            String errorMsg = "Source start and end ports are required to be passed";
+            s_logger.error(errorMsg);
+            throw new InvalidParameterValueException(errorMsg);
+        }
    }

    @Override
--- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@ -1246,16 +1246,16 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio
        serviceProviderMap.put(Service.Dhcp, routerProvider);
        serviceProviderMap.put(Service.Dns, routerProvider);
        serviceProviderMap.put(Service.UserData, routerProvider);
+        if (forVpc) {
+            serviceProviderMap.put(Service.NetworkACL, Provider.Nsx);
+        } else {
+            serviceProviderMap.put(Service.Firewall, Provider.Nsx);
+        }
        if (nsxMode == NetworkOffering.NsxMode.NATTED) {
            serviceProviderMap.put(Service.SourceNat, Provider.Nsx);
            serviceProviderMap.put(Service.StaticNat, Provider.Nsx);
            serviceProviderMap.put(Service.PortForwarding, Provider.Nsx);
            serviceProviderMap.put(Service.Lb, Provider.Nsx);
-            if (forVpc) {
-                serviceProviderMap.put(Service.NetworkACL, Provider.Nsx);
-            } else {
-                serviceProviderMap.put(Service.Firewall, Provider.Nsx);
-            }
        }
        return serviceProviderMap;
    }