@Override public boolean applyDefaultEgressFirewallRule(Long networkId, boolean defaultPolicy, boolean add) throws ResourceUnavailableException { s_logger.debug("applying default firewall egress rules "); NetworkVO network = _networkDao.findById(networkId); List<String> sourceCidr = new ArrayList<String>(); List<String> destCidr = new ArrayList<String>(); sourceCidr.add(network.getCidr()); destCidr.add(NetUtils.ALL_IP4_CIDRS); FirewallRuleVO ruleVO = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRuleType.System); ruleVO.setState(add ? State.Add : State.Revoke); List<FirewallRuleVO> rules = new ArrayList<FirewallRuleVO>(); rules.add(ruleVO); try { //this is not required to store in db because we don't to add this rule along with the normal rules if (!applyRules(rules, false, false)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply default egress rules for guest network due to ", ex); return false; } return true; }
private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, final long networkId) { final NetworkVO network = _networkDao.findById(networkId); final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); final Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy(); // The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here if (defaultEgressPolicy) { final List<String> sourceCidr = new ArrayList<String>(); final List<String> destCidr = new ArrayList<String>(); sourceCidr.add(network.getCidr()); destCidr.add(NetUtils.ALL_IP4_CIDRS); final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System); rules.add(rule); } else { s_logger.debug("Egress policy for the Network " + networkId + " is already defined as Deny. So, no need to default the rule to Allow. "); } }
@Override public Network design(NetworkOffering offering, DeploymentPlan plan, Network userSpecified, Account owner) { if (!canHandle(offering)) { return null; } NetworkVO network = new NetworkVO(offering.getTrafficType(), Mode.Dhcp, BroadcastDomainType.Lswitch, offering.getId(), Network.State.Allocated, plan.getDataCenterId(), plan.getPhysicalNetworkId(), offering.isRedundantRouter()); if (_mgmtCidr != null) { network.setCidr(_mgmtCidr); network.setGateway(_mgmtGateway); } s_logger.debug("Allocated network " + userSpecified.getName() + (network.getCidr() == null ? "" : " subnet: " + network.getCidr())); return network; }
@Override public Network design(NetworkOffering offering, DeploymentPlan plan, Network userSpecified, Account owner) { // Check of the isolation type of the related physical network is L3VPN PhysicalNetworkVO physnet = _physicalNetworkDao.findById(plan.getPhysicalNetworkId()); DataCenter dc = _dcDao.findById(plan.getDataCenterId()); if (!canHandle(offering, dc.getNetworkType(),physnet)) { s_logger.debug("Refusing to design this network"); return null; } NetworkVO network = new NetworkVO(offering.getTrafficType(), Mode.Dhcp, BroadcastDomainType.Lswitch, offering.getId(), State.Allocated, plan.getDataCenterId(), plan.getPhysicalNetworkId(), offering.isRedundantRouter()); if (userSpecified.getCidr() != null) { network.setCidr(userSpecified.getCidr()); network.setGateway(userSpecified.getGateway()); } s_logger.debug("Allocated network " + userSpecified.getName() + (network.getCidr() == null ? "" : " subnet: " + network.getCidr())); return network; }
public NetworkVO cidrToNetwork(ModelController controller, String cidr) { SearchBuilder<NetworkVO> searchBuilder = controller.getNetworkDao().createSearchBuilder(); searchBuilder.and("trafficType", searchBuilder.entity().getTrafficType(), Op.EQ); searchBuilder.and("cidr", searchBuilder.entity().getCidr(), Op.EQ); searchBuilder.and("networkOfferingId", searchBuilder.entity().getNetworkOfferingId(), Op.EQ); SearchCriteria<NetworkVO> sc = searchBuilder.create(); sc.setParameters("networkOfferingId", controller.getManager().getVpcRouterOffering().getId()); sc.setParameters("cidr", cidr); sc.setParameters("trafficType", Networks.TrafficType.Guest); List<NetworkVO> dbNets = controller.getNetworkDao().search(sc, null); if (dbNets == null || dbNets.size() == 0) { return null; } if (dbNets.size() > 1) { s_logger.warn("more than one network found with cidr: " + cidr); } return dbNets.get(0); }
isWindows, vm.getHostId(), network.getCidr()));
NetworkVO forUpdate = _networkDao.createForUpdate(networkId); if (isVpc && (!designedNetwork.getCidr().equals(updatedVspNetwork.getCidr()) || !designedNetwork.getGateway().equals(updatedVspNetwork.getGateway()))) { throw new CloudRuntimeException("Tier network does not match the VsdManaged subnet cidr or gateway."); } else {
if (!NetUtils.isNetworkAWithinNetworkB(guestVmCidr, network.getCidr())) { throw new InvalidParameterValueException("Invalid value of Guest VM CIDR. For IP Reservation, Guest VM CIDR should be a subset of network CIDR : " + network.getCidr()); if (NetUtils.isSameIpRange(guestVmCidr, network.getCidr()) && !guestVmCidr.equals(network.getCidr())) { throw new InvalidParameterValueException("The Start IP and End IP of guestvmcidr: " + guestVmCidr + " and CIDR: " + network.getCidr() + " are same, " + "even though both the cidrs appear to be different. As a precaution no IP Reservation will be applied."); network.setNetworkCidr(network.getCidr()); if (NetUtils.isNetworkAWithinNetworkB(network.getCidr(), network.getNetworkCidr())) { s_logger.warn( "Existing IP reservation will become ineffective for the network with id = " + networkId + " You need to reapply reservation after network reimplementation.");
RouterInterfaceData intf = new RouterInterfaceData(tenantId, netVO.getGateway(), netVO.getCidr(), netVO.getUuid(), netVO.getName()); routerData.getRouter().addInterface(intf);
AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("trafficType", AllFieldsSearch.entity().getTrafficType(), Op.EQ); AllFieldsSearch.and("cidr", AllFieldsSearch.entity().getCidr(), Op.EQ); AllFieldsSearch.and("broadcastType", AllFieldsSearch.entity().getBroadcastDomainType(), Op.EQ); AllFieldsSearch.and("offering", AllFieldsSearch.entity().getNetworkOfferingId(), Op.EQ); AccountSearch.join("accounts", join, AccountSearch.entity().getId(), join.entity().getNetworkId(), JoinBuilder.JoinType.INNER); AccountSearch.and("datacenter", AccountSearch.entity().getDataCenterId(), Op.EQ); AccountSearch.and("cidr", AccountSearch.entity().getCidr(), Op.EQ); AccountSearch.and("vpcId", AccountSearch.entity().getVpcId(), Op.EQ); AccountSearch.done();