NSX|V3: ensure that MAC learning does not invoke switch profiles

There are cases where MAC learning on a port may have a a DHCP server. Here we do not want to disacrd traffic. So we set a default switch profile that enables all traffic to pass. Change-Id: I7914bd01681c7ae6351ff5e900da028009bead2c (cherry picked from commit 02c28ee5ea)
2017-08-14 11:48:14 -07:00 · 2017-08-14 11:48:14 -07:00 · 612e52ec4f
parent 6195f523bf
commit 612e52ec4f
1 changed files with 7 additions and 0 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -114,6 +114,7 @@ NSX_V3_DHCP_PROFILE_NAME = 'neutron_port_dhcp_profile'
 NSX_V3_MAC_LEARNING_PROFILE_NAME = 'neutron_port_mac_learning_profile'
 NSX_V3_FW_DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups'
 NSX_V3_EXCLUDED_PORT_NSGROUP_NAME = 'neutron_excluded_port_nsgroup'
+NSX_V3_NON_VIF_PROFILE = 'nsx-default-switch-security-non-vif-profile'


 # NOTE(asarfaty): the order of inheritance here is important. in order for the
@ -284,6 +285,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                                "profile: %(name)s. Reason: %(reason)s"),
                            {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME,
                             'reason': e})
+            self._no_switch_security = profiles.build_switch_profile_ids(
+                self._switching_profiles,
+                self._switching_profiles.find_by_display_name(
+                        NSX_V3_NON_VIF_PROFILE)[0])[0]

    def _translate_configured_names_to_uuids(self):
        # default VLAN transport zone name / uuid
@ -1628,6 +1633,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
             (validators.is_attr_set(port_data.get(mac_ext.MAC_LEARNING)) and
              port_data.get(mac_ext.MAC_LEARNING) is True))):
            profiles.append(self._mac_learning_profile)
+            profiles.append(self._no_switch_security)

        name = self._get_port_name(context, port_data)

@ -2331,6 +2337,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            (mac_learning_profile_set or
             updated_port.get(mac_ext.MAC_LEARNING) is True)):
            switch_profile_ids.append(self._mac_learning_profile)
+            switch_profile_ids.append(self._no_switch_security)

        try:
            self._port_client.update(