Merge "NSX|P+V3: Do not allow external subnets overlapping with uplink cidr"
This commit is contained in:
Zuul
Gerrit Code Review
commit
1dec30d47c
@ -715,7 +715,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
"""Should be implemented by each plugin"""
|
||||
pass
|
||||
|
||||
def _get_tier0_uplink_ips(self, tier0_id):
|
||||
def _get_tier0_uplink_cidrs(self, tier0_id):
|
||||
"""Should be implemented by each plugin"""
|
||||
pass
|
||||
|
||||
@ -2248,6 +2248,9 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
return False
|
||||
return True if count == 1 else False
|
||||
|
||||
def _cidrs_overlap(self, cidr0, cidr1):
|
||||
return cidr0.first <= cidr1.last and cidr1.first <= cidr0.last
|
||||
|
||||
def _validate_address_space(self, context, subnet):
|
||||
# Only working for IPv4 at the moment
|
||||
if (subnet['ip_version'] != 4):
|
||||
@ -2277,7 +2280,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
LOG.error(msg)
|
||||
raise n_exc.InvalidInput(error_message=msg)
|
||||
|
||||
# Ensure that the NSX uplink does not lie on the same subnet as
|
||||
# Ensure that the NSX uplink cidr does not lie on the same subnet as
|
||||
# the external subnet
|
||||
filters = {'id': [subnet['network_id']],
|
||||
'router:external': [True]}
|
||||
@ -2287,12 +2290,13 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||
if ext_net.get(pnet.PHYSICAL_NETWORK)]
|
||||
|
||||
for tier0_rtr in set(tier0_routers):
|
||||
tier0_ips = self._get_tier0_uplink_ips(tier0_rtr)
|
||||
for ip_address in tier0_ips:
|
||||
tier0_cidrs = self._get_tier0_uplink_cidrs(tier0_rtr)
|
||||
for cidr in tier0_cidrs:
|
||||
tier0_subnet = netaddr.IPNetwork(cidr).cidr
|
||||
for subnet_network in subnet_networks:
|
||||
if (netaddr.IPAddress(ip_address) in subnet_network):
|
||||
if self._cidrs_overlap(tier0_subnet, subnet_network):
|
||||
msg = _("External subnet cannot overlap with T0 "
|
||||
"router address %s") % ip_address
|
||||
"router cidr %s") % cidr
|
||||
LOG.error(msg)
|
||||
raise n_exc.InvalidInput(error_message=msg)
|
||||
|
||||
|
||||
@ -2042,8 +2042,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||
def _has_native_dhcp_metadata(self):
|
||||
return True
|
||||
|
||||
def _get_tier0_uplink_ips(self, tier0_id):
|
||||
return self.nsxpolicy.tier0.get_uplink_ips(tier0_id)
|
||||
def _get_tier0_uplink_cidrs(self, tier0_id):
|
||||
# return a list of tier0 uplink ip/prefix addresses
|
||||
return self.nsxpolicy.tier0.get_uplink_cidrs(tier0_id)
|
||||
|
||||
def _is_vlan_router_interface_supported(self):
|
||||
return True
|
||||
|
||||
@ -3407,8 +3407,10 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
|
||||
source_net=subnet['cidr'],
|
||||
bypass_firewall=False)
|
||||
|
||||
def _get_tier0_uplink_ips(self, tier0_id):
|
||||
return self.nsxlib.logical_router_port.get_tier0_uplink_ips(tier0_id)
|
||||
def _get_tier0_uplink_cidrs(self, tier0_id):
|
||||
# return a list of tier0 uplink ip/prefix addresses
|
||||
return self.nsxlib.logical_router_port.get_tier0_uplink_cidrs(
|
||||
tier0_id)
|
||||
|
||||
def _get_neutron_net_ids_by_nsx_id(self, context, lswitch_id):
|
||||
return nsx_db.get_net_ids(context.session, lswitch_id)
|
||||
|
||||
@ -1084,8 +1084,8 @@ class NsxPTestSubnets(test_db_base_plugin_v2.TestSubnetsV2,
|
||||
'host_routes': None,
|
||||
'ip_version': 4}}
|
||||
with mock.patch.object(self.plugin.nsxpolicy.tier0,
|
||||
'get_uplink_ips',
|
||||
return_value=['172.20.1.60']):
|
||||
'get_uplink_cidrs',
|
||||
return_value=['172.20.1.60/24']):
|
||||
self.assertRaises(n_exc.InvalidInput,
|
||||
self.plugin.create_subnet,
|
||||
context.get_admin_context(), data)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user