etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding appropriate ACL rules for PF and static NAT

This commit is contained in:
Koushik Das 2013-03-07 12:16:29 +05:30
parent fb23c50365
commit cc824e8585
8 changed files with 326 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
View File

@ -16,7 +16,7 @@
<pair key="%natruledn%/nat-action">
<natpolicyNatAction
actionType="static"
destTranslatedIpPool=""
destTranslatedIpPool="%ippoolname%"
destTranslatedPortPool=""
dn="%natruledn%/nat-action"
id="0"
@ -25,7 +25,7 @@
isNoProxyArpEnabled="no"
isRoundRobinIpEnabled="no"
srcTranslatedIpPatPool=""
srcTranslatedIpPool="%ippoolname%"
srcTranslatedIpPool=""
srcTranslatedPortPool=""
status="created"/>
</pair>
@ -39,7 +39,7 @@
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
attrEp="destination"
dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
@ -59,7 +59,7 @@
name=""
placement="none"
status="created"
value="%srcip%"/>
value="%ip%"/>
</pair>
</inConfigs>
@ -70,5 +70,5 @@
natrulename="bbb"
descr=value
ippoolname="ccc"
srcip="10.147.30.230"
ip="10.147.30.230"
--!>

64
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml Executable file
View File

@ -0,0 +1,64 @@
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%ip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
ip="public ip at destination"
--!>

138
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml Executable file
View File

@ -0,0 +1,138 @@
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%ip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4">
<policyRuleCondition
dn="%aclruledn%/rule-cond-4"
id="4"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-4/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%startport%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%endport%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue="TCP" or "UDP"
ip="public ip at destination"
startport="start port at destination"
endport="end port at destination"
--!>

7
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
View File

@ -5,7 +5,7 @@
<pair key="%aclruledn%">
<policyRule
descr=""
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
@ -172,11 +172,12 @@
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue = "TCP" or UDP or ICMP
sourcestartip="source start ip"
sourceendip="source end ip"
startport="start port at destination"
endport="end port at destination"
deststartport="start port at destination"
destendport="end port at destination"
destinationip="public ip at destination"
--!>

24
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
View File

@ -16,8 +16,8 @@
<pair key="%natruledn%/nat-action">
<natpolicyNatAction
actionType="static"
destTranslatedIpPool=""
destTranslatedPortPool=""
destTranslatedIpPool="%ippoolname%"
destTranslatedPortPool="%portpoolname%"
dn="%natruledn%/nat-action"
id="0"
isBidirectionalEnabled="yes"
@ -25,8 +25,8 @@
isNoProxyArpEnabled="no"
isRoundRobinIpEnabled="no"
srcTranslatedIpPatPool=""
srcTranslatedIpPool="%ippoolname%"
srcTranslatedPortPool="%portpoolname%"
srcTranslatedIpPool=""
srcTranslatedPortPool=""
status="created"/>
</pair>
@ -39,7 +39,7 @@
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
attrEp="destination"
dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
@ -59,7 +59,7 @@
name=""
placement="none"
status="created"
value="%srcip%"/>
value="%ip%"/>
</pair>
<pair key="%natruledn%/rule-cond-3">
@ -71,7 +71,7 @@
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
attrEp="destination"
dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
@ -92,7 +92,7 @@
name=""
placement="begin"
status="created"
value="%srcportstart%"/>
value="%startport%"/>
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3">
<policyNetworkPort
@ -104,7 +104,7 @@
name=""
placement="end"
status="created"
value="%srcportend%"/>
value="%endport%"/>
</pair>
<pair key="%natruledn%/rule-cond-4">
@ -142,8 +142,8 @@
descr=value
ippoolname="ccc"
portpoolname="ddd"
srcip="10.147.30.230"
srcportstart="22"
srcportend="22"
ip="10.147.30.230"
startport="22"
endport="22"
protocolvalue="TCP"
--!>

17
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
View File

@ -76,7 +76,12 @@ public interface CiscoVnmcConnection {
public boolean createTenantVDCDNatRule(String tenantName,
String identifier, String policyIdentifier,
String sourceIp)
String publicIp)
throws ExecutionException;
public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier,
String publicIp)
throws ExecutionException;
public boolean createTenantVDCDNatPolicy(String tenantName, String identifier)
@ -97,8 +102,14 @@ public interface CiscoVnmcConnection {
public boolean createTenantVDCPFRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceIp,
String startSourcePort, String endSourcePort)
String protocol, String publicIp,
String startPort, String endPort)
throws ExecutionException;
public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
String identifier, String policyIdentifier,
String protocol, String publicIp,
String startPort, String endPort)
throws ExecutionException;
public boolean createTenantVDCPFPolicy(String tenantName, String identifier)

54
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
View File

@ -77,7 +77,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"),
CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE_FOR_PF("create-ingress-acl-rule-for-pf.xml", "policy-mgr"),
CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE_FOR_DNAT("create-ingress-acl-rule-for-dnat.xml", "policy-mgr"),
CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"),
CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"),
@ -662,9 +664,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
//xml = replaceXmlValue(xml, "descr", "Ingress ACL policy for Tenant VDC" + tenantName);
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "Ingress ACL policy for Tenant VDC" + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
@ -838,8 +840,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
@Override
public boolean createTenantVDCPFRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceIp,
String startSourcePort, String endSourcePort) throws ExecutionException {
String protocol, String publicIp,
String startPort, String endPort) throws ExecutionException {
String xml = VnmcXml.CREATE_PF_RULE.getXml();
String service = VnmcXml.CREATE_PF_RULE.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
@ -848,15 +850,35 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "descr", "PF rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "ippoolname", getNameForPFIpPool(tenantName, policyIdentifier + "-" + identifier));
xml = replaceXmlValue(xml, "portpoolname", getNameForPFPortPool(tenantName, policyIdentifier + "-" + identifier));
xml = replaceXmlValue(xml, "srcip", sourceIp);
xml = replaceXmlValue(xml, "srcportstart", startSourcePort);
xml = replaceXmlValue(xml, "srcportend", endSourcePort);
xml = replaceXmlValue(xml, "ip", publicIp);
xml = replaceXmlValue(xml, "startport", startPort);
xml = replaceXmlValue(xml, "endport", endPort);
xml = replaceXmlValue(xml, "protocolvalue", protocol);
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@Override
public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
String identifier, String policyIdentifier, String protocol,
String publicIp, String startPort, String endPort)
throws ExecutionException {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "ip", publicIp);
xml = replaceXmlValue(xml, "startport", startPort);
xml = replaceXmlValue(xml, "endport", endPort);
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@Override
public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier) throws ExecutionException {
return createTenantVDCNatPolicyRef(
@ -919,7 +941,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
@Override
public boolean createTenantVDCDNatRule(String tenantName,
String identifier, String policyIdentifier, String sourceIp)
String identifier, String policyIdentifier, String publicIp)
throws ExecutionException {
String xml = VnmcXml.CREATE_DNAT_RULE.getXml();
String service = VnmcXml.CREATE_DNAT_RULE.getService();
@ -928,7 +950,23 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "natrulename", getNameForDNatRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "DNAT rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier));
xml = replaceXmlValue(xml, "srcip", sourceIp);
xml = replaceXmlValue(xml, "ip", publicIp);
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@Override
public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier, String publicIp)
throws ExecutionException {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "ip", publicIp);
String response = sendRequest(service, xml);
return verifySuccess(response);

54
plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
View File

@ -347,9 +347,9 @@ public class CiscoVnmcResource implements ServerResource{
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.deleteTenantVDCAclPolicy(tenant, policyIdentifier)) {
/*if (!_connection.deleteTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}
}*/
// TODO for egress
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
@ -368,8 +368,12 @@ public class CiscoVnmcResource implements ServerResource{
String[] result = cidr.split("\\/");
assert (result.length == 2) : "Something is wrong with source cidr " + cidr;
long size = Long.valueOf(result[1]);
String externalStartIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
String externalEndIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
String externalStartIp = result[0];
String externalEndIp = result[0];
if (size < 32) {
externalStartIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
externalEndIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
}
if (!_connection.createIngressAclRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
@ -425,9 +429,9 @@ public class CiscoVnmcResource implements ServerResource{
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}
/*if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete DNAT policy in VNMC for guest network with vlan " + vlanId);
}*/
if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
@ -436,9 +440,17 @@ public class CiscoVnmcResource implements ServerResource{
throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
//_connection.deleteDNatRule(tenant, Long.toString(rule.getId()), publicIp);
//_connection.deleteDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier);
//_connection.deleteAclRule(tenant, Long.toString(rule.getId()), policyIdentifier);
} else {
if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId);
@ -448,6 +460,11 @@ public class CiscoVnmcResource implements ServerResource{
Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCIngressAclRuleForDNat(tenant,
Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
throw new Exception("Failed to create ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId);
}
}
}
}
@ -495,9 +512,9 @@ public class CiscoVnmcResource implements ServerResource{
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.deleteTenantVDCPFPolicy(tenant, policyIdentifier)) {
/*if (!_connection.deleteTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}
}*/
if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
@ -506,9 +523,17 @@ public class CiscoVnmcResource implements ServerResource{
throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
//_connection.deletePFRule(tenant, Long.toString(rule.getId()), publicIp);
//_connection.deletePFRule(tenant, Long.toString(rule.getId()), policyIdentifier);
//_connection.deleteAclRule(tenant, Long.toString(rule.getId()), policyIdentifier);
} else {
if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId);
@ -525,6 +550,13 @@ public class CiscoVnmcResource implements ServerResource{
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCIngressAclRuleForPF(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), rule.getSrcIp(),
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new Exception("Failed to create ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId);
}
}
}
}