Fix auto-PTG policy for IPv6

The implicit policy created for the auto-PTG does not allow traffic for IPv6. This prevents IPv6 traffic from flowing between PTs in the auto-PTG and user-created PTGs, which includes things like ICMPv6, DHCPv6, and IPv6 DNS and HTTP traffic between the DHCP server and PTs. Change-Id: I28fe713e24744e36e2912d7f5d830b64a658f8bd Closes-Bug: 1696438 (cherry picked from commit 5dc13b75a6)
2017-06-05 13:47:56 +00:00 · 2017-06-05 13:47:56 +00:00 · 0a65a06752
parent 5f3334d573
commit 0a65a06752
2 changed files with 22 additions and 3 deletions
--- a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping_lib.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping_lib.py
@ -150,6 +150,10 @@ def get_service_contract_filter_entries():
                  'prot': 'icmp'}
    entries['icmp'] = icmp_attrs

+    icmpv6_attrs = {'etherT': 'ip',
+                    'prot': 58}
+    entries['icmpv6'] = icmpv6_attrs
+
    # DHCP
    dhcp_attrs = {'etherT': 'ip',
                  'prot': 'udp',
@ -166,6 +170,21 @@ def get_service_contract_filter_entries():
                    'sFromPort': 68}
    entries['r-dhcp'] = r_dhcp_attrs

+    dhcpv6_attrs = {'etherT': 'ip',
+                    'prot': 'udp',
+                    'dToPort': 546,
+                    'dFromPort': 546,
+                    'sToPort': 547,
+                    'sFromPort': 547}
+    entries['dhcpv6'] = dhcpv6_attrs
+    r_dhcpv6_attrs = {'etherT': 'ip',
+                      'prot': 'udp',
+                      'dToPort': 547,
+                      'dFromPort': 547,
+                      'sToPort': 546,
+                      'sFromPort': 546}
+    entries['r-dhcpv6'] = r_dhcpv6_attrs
+
    # ARP
    arp_entries = get_arp_filter_entry()
    for k, v in arp_entries.iteritems():
--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py
@ -395,7 +395,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase,
            self.assertEqual(0, len(aim_contract_subjects[0].in_filters))
            self.assertEqual(0, len(aim_contract_subjects[0].out_filters))
            if contract_name_prefix == alib.SERVICE_PREFIX:
-                self.assertEqual(8, len(aim_contract_subjects[0].bi_filters))
+                self.assertEqual(11, len(aim_contract_subjects[0].bi_filters))
            else:
                self.assertEqual(1, len(aim_contract_subjects[0].bi_filters))
                if l2p:
@ -410,7 +410,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase,
            if not afilter.name.endswith(l3p_id):
                aim_filters.remove(afilter)

-        self.assertEqual(9, len(aim_filters))
+        self.assertEqual(12, len(aim_filters))

        aim_filter_entries = self.aim_mgr.find(
            self._aim_context, aim_resource.FilterEntry,
@ -420,7 +420,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase,
            if not afilterentry.filter_name.endswith(l3p_id):
                aim_filter_entries.remove(afilterentry)

-        self.assertEqual(9, len(aim_filter_entries))
+        self.assertEqual(12, len(aim_filter_entries))

        entries_attrs = alib.get_service_contract_filter_entries().values()
        entries_attrs.extend(alib.get_arp_filter_entry().values())