From ec41aa8fdae3ef1b8735966707acc54a43461af2 Mon Sep 17 00:00:00 2001
From: Anna Khmelnitsky <akhmelnitsky@vmware.com>
Date: Tue, 9 Apr 2019 12:50:58 -0700
Subject: [PATCH] NSX|P: Add ipv6-specific router adv rule

Since NAT is not a use case for ipv6, all connected ipv6 subnets
need to be advertised. There seems to be no way to add single rule
for all ipv6 subnets, therefore an allow rule will be added for all
ipv6 subnets.

Change-Id: Iaf89738f8d71a2f743ba699bebd5c8361c130a3c
---
 vmware_nsx/plugins/nsx_p/plugin.py | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py
index 65e704cbfc..97945c0071 100644
--- a/vmware_nsx/plugins/nsx_p/plugin.py
+++ b/vmware_nsx/plugins/nsx_p/plugin.py
@@ -125,6 +125,7 @@ SLAAC_NDRA_PROFILE_ID = 'neutron-slaac-profile'
 DEFAULT_NDRA_PROFILE_ID = 'default'
 
 IPV6_RA_SERVICE = 'neutron-ipv6-ra'
+IPV6_ROUTER_ADV_RULE_NAME = 'all-ipv6'
 
 # Priorities for NAT rules: (FIP specific rules should come before GW rules)
 NAT_RULE_PRIORITY_FIP = 2000
@@ -1561,13 +1562,35 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
             for subnet in router_subnets:
                 self._add_subnet_no_dnat_rule(context, router_id, subnet)
 
+        # always advertise ipv6 subnets if gateway is set
+        actions['advertise_ipv6_subnets'] = True if info else False
+
+        self._update_router_advertisement(router_id, actions, router_subnets)
+
+        if actions['remove_service_router']:
+            self.delete_service_router(router['project_id'], router_id)
+
+    def _update_router_advertisement(self, router_id, actions, subnets):
+
         self.nsxpolicy.tier1.update_route_advertisement(
             router_id,
             nat=actions['advertise_route_nat_flag'],
             subnets=actions['advertise_route_connected_flag'])
 
-        if actions['remove_service_router']:
-            self.delete_service_router(router['project_id'], router_id)
+        # There is no NAT for ipv6 - all connected ipv6 segments should be
+        # advertised
+        ipv6_cidrs = [s['cidr'] for s in subnets if s.get('ip_version') == 6]
+        if ipv6_cidrs and actions['advertise_ipv6_subnets']:
+            self.nsxpolicy.tier1.add_advertisement_rule(
+                router_id,
+                IPV6_ROUTER_ADV_RULE_NAME,
+                policy_constants.ADV_RULE_PERMIT,
+                policy_constants.ADV_RULE_OPERATOR_EQ,
+                [policy_constants.ADV_RULE_TIER1_CONNECTED],
+                ipv6_cidrs)
+        else:
+            self.nsxpolicy.tier1.remove_advertisement_rule(
+                router_id, IPV6_ROUTER_ADV_RULE_NAME)
 
     def create_router(self, context, router):
         r = router['router']