IPv4 support for Policy DHCP depending on the NSX version & on config.
Including devstack support for configuration & cleanup, and admin utilility
for migration from MP implementation to Policy one.
IPv6 support will follow in a future patch.
Change-Id: I01bfb5bd530c63ca8b635bbebcac47659187077e
The driver is loaded, then terminated whenever a request is issued.
This behavior causes termination of the Octavia listener which is
responsible to the processing of the driver status updates and
statistics processing.
The following change implements an agent which will execute the
listener.
Change-Id: I566aaa65df4ba7455577a539aa9eebb6cc36a099
Commit Ia4f4b335295c0e6add79fe0db5dd31b4327fdb54 removed all the
neutron-lbaas code from the master (Train) branch
Change-Id: I9035f6238773aad0591436c856550b7a5e01e687
This patch:
- Updates git.openstack based URLs to use opendev.
- Cleans up the lower-constraints.txt file to only include what we
really need.
Change-Id: I3eecd97c313c33c820ca2be8f01f6848244cd52a
Implement the loadbalancer delete cascade for NSX-V3, and NSX-V
The NSX-V implementation is the naive one, and should be improved in
the future.
Change-Id: Ia055d06790fc841fa41ab13d08334424a560b940
This patch adds a driver for FWaaS V2 support in the NSX-V plugin.
It supports setting firewall rules per router interface port on the router
edge firewall.
In addition, the FWaaS TVD driver will now support NSX-V as well.
The driver code is a combination of the NSX-V3 FWaas-V2 code, and the old
NSX-V FWaaS-V1 code that is being deleted.
Change-Id: Iacc7eaff0c70b68156516008cf0277c154edd76b
- Fix devstck doc to enable the python client for octavia
- Support health monitor expected codes
- fix error handling on failure to create loadbalancer
- add logging for status updates
- remove extra logging for statistics updates (which overload the logs)
- Fix error handling in case lb service creation failed
- Fix driver pool translation to include the loadbalancer in the listener
Change-Id: If7d554a92d9df62ffb55e882a575da63221ee8ec
Implementing the Octavia support for NSX-V & NSX-T.
Follow up patches will handle the TVD plugin, Status updates,
and migration.
Since Octavia is not (yet?) in the requirements, using a hack to allow unittests
to be skipped.
Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: Iadb24e7eadcab658faf3e646cc528c2a8a6976e5
The VPNaaS plugin expects the driver to update the connection status
from a separate process/thread/agent.
When the user requests a connection/list, the status is retrived from the VPNaaS DB,
without calling the driver.
To avoid adding a process to actively query and update all connections statuses, this
patch creates a new VPNaaS plugin, to be used instead of hte default one.
This plugin (vmware_nsx_vpnaas) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Change-Id: Ib750bfb8f0c8ad12265fa71506182ff5d7e8030a
The LBaaS V2 plugin expects the driver to update the LB objects operating
status from a separate process/thread.
When the user requests the LB status (or just the LB object itself with GET),
the operating status is retrived from the LBaaS DB, without calling the driver.
To avoid adding a process to actively query and update all objects statuses,
this patch creates a new LBaaSV2 plugin, to be used instead of the default one.
This plugin (vmware_nsx_lbaasv2) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Depends-on: I71a56b87144aad743795ad1295ec636b17429035
Change-Id: I3c4e75d92a1bacdb14292a8db727deb4923a85d9
NSX-T is the common name, not "Transformers" or "v3". This makes that
change throughout the docs and conf help. It also fixes a broken link
to the NSX-T pubs.
This change does not rename conf groups and options that use "v3".
That should be considered for a follow-on effort (with appropriate
deprecation).
Change-Id: I466f60e4476cedc439e17cba39a333a3853a32d9
Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin
Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
Adding FWaaS v1/v2 plugins to be used with the TVD core plugin.
The plugins will make sure to separate the v/t returned lists
using the same solution that was introduced for the LBass, now as a
general class decorator.
Change-Id: I5f01b8cf093d5ef3b340dce2d12fc41031dd12e9
New support for VPNaaS on NSX-V3 2.2
Creating a vpn service per neutron service,
and ike/ipsec/dpd policies + endpoints + connection per neutron connection
Change-Id: Iad3778c1d826ae67f1b602625f5be0fe2f4c8fe3
Using Q_SERVICE_PLUGIN_CLASSES insead of the neutron service_plugin
allows using multiple plugins at once
Change-Id: Idd9a0a05eb4dab0ed6c5612335e4a28ac80808e3
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
FWaaS V2 support in NSX-v3.
Support different firewall group per router interface port for
igress/egress.
limitation: cannot support egress rules with source ip, or ingress
rules with destination ips.
Depends-on: I2a37be5518bfc8124ffca2ab05f684d8c1c3d673
Change-Id: I3ed70fa48d078bed15f30e855b73bdfb11d11c6e
Adding FW rules to protect the traffic north-south behind a T1 router.
This will be done only if a firewall was attached to the router.
This includes:
- FWaaS rules
- Drop all default rule
When the firewall is deleted or the router removed from it,
a default allow all rule will be set.
For the rotuer firewall to work, the rotuer NAT rules should set
nat-bypass=False.
Change-Id: Iba03db8ca67ee10d1c54b96fb41a888cb549684d
1. Use new enginefacade + l3_db breakage
Use reader and writer for db operations.
Partially-Implements blueprint: enginefacade-switch
2. Fix the callback pass for _prevent_l3_port_delete_callback
which was changed in commit Ia8ac4f510c003667cac95f76dea0e9ae55159878
3. QoS driver integration
Commit I5f747635be3fd66b70326d9f94c85a6736286bd2 removes the qos
notification driver.
Fixing the nsx-v and nsx-v3 to work only with the regular driver
4. _get_extra_routes_dict_by_router_id was removed by
Ia815d6c597730bd5cb49455e7409ca747a4cc22c
5. Floating IP association without subnet gateway IP
not supported by our plugins.
Added in commit If212c36d918ed57400a53f4b5fa1925b3d1fa6fd
Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I277ec5c38c5895337011019f71d586b254bfafde
This change implement's a new BGP plugin which allows BGP support in Openstack,
using NSXv service edges (ESG).
When a BGP speaker is associated with an external network, service edges which
accommodates tenant routers that have their GW port on this network would be
configured to enable BGP/Dynamic-routing.
The specific BGP configuration (e.g - localAS, neighbours) for the edge is
retrieved from the BGP speaker object and its peers.
This change also adds an extension to the BGP peer object, this
extension allows the cloud operator to associate a BGP peer with a specific
service edge that will serve as GW edge for the network, multiple GW
edges are supported by enabling ECMP on tenant service edges.
Co-Authored: yuyangbj <yangyu@vmware.com>
Change-Id: Ife69b97f3232bee378a48d91dc53bdc8837de7f5
The nsx-v FWaaS driver will add the configured firewall rules to
the router edges.
Currently there is not support for shared routers.
The rules will be edded after the current rules (NAT, LBaaS, external traffic)
for exclusive routers edges and distributed routers PLR edged.
Change-Id: I82ba90070ef4e739a0b5c4463ef03a807e26adfb
The platform support will be changing so we will remove this in the
mean time.
The patch also remove false positives for test failures.
Change-Id: I118010085d305883f521fa01a5fd341e775eea5a
asarfaty