etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2320: On NetScaler RNAT rules are not getting created, 

blocking public access to the VM's in basic zone using EIP.

Its required that both RNAT and INAT rules are required on the NetScaler
to provide public connectivity to user VM's in both in-bound and out-bound
directions. Currenely only INAT rule is added which permits inbound public
traffic to VM. This fix adds RNAT rule aswell, which ensures the outbound
public access from the user VM's
This commit is contained in:
Murali Reddy 2013-05-03 16:06:43 +05:30
parent a3a5862301
commit 8b909668fb
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java
View File

@ -1618,7 +1618,9 @@ public class NetscalerResource implements ServerResource {
String srcIp = rule.getSrcIp();
String dstIP = rule.getDstIp();
String iNatRuleName = generateInatRuleName(srcIp, dstIP);
String rNatRuleName = generateRnatRuleName(srcIp, dstIP);
inat iNatRule = null;
rnat rnatRule = null;
if (!rule.revoked()) {
try {
@ -1645,9 +1647,47 @@ public class NetscalerResource implements ServerResource {
}
s_logger.debug("Created Inat rule on the Netscaler device " + _ip + " to enable static NAT from " + srcIp + " to " + dstIP);
}
try {
rnat[] rnatRules = rnat.get(_netscalerService);
if (rnatRules != null) {
for (rnat rantrule : rnatRules) {
if (rantrule.get_network().equalsIgnoreCase(rNatRuleName)) {
rnatRule = rantrule;
break;
}
}
}
} catch (nitro_exception e) {
throw e;
}
if (rnatRule == null) {
rnatRule = new rnat();
rnatRule.set_natip(srcIp);
rnatRule.set_network(dstIP);
rnatRule.set_netmask("255.255.255.255");
try {
apiCallResult = rnat.update(_netscalerService, rnatRule);
} catch (nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_EXISTS) {
throw e;
}
}
s_logger.debug("Created Rnat rule on the Netscaler device " + _ip + " to enable revese static NAT from " + dstIP + " to " + srcIp);
}
} else {
try {
inat.delete(_netscalerService, iNatRuleName);
rnat[] rnatRules = rnat.get(_netscalerService);
if (rnatRules != null) {
for (rnat rantrule : rnatRules) {
if (rantrule.get_network().equalsIgnoreCase(dstIP)) {
rnatRule = rantrule;
rnat.clear(_netscalerService, rnatRule);
break;
}
}
}
} catch (nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_NOT_EXISTS) {
throw e;
@ -3090,6 +3130,10 @@ public class NetscalerResource implements ServerResource {
return genObjectName("Cloud-Inat", srcIp);
}
private String generateRnatRuleName(String srcIp, String dstIP) {
return genObjectName("Cloud-Rnat", srcIp);
}
private String generateNSVirtualServerName(String srcIp, long srcPort) {
return genObjectName("Cloud-VirtualServer", srcIp, srcPort);
}