The NSX-V3 plugin will use the NSX-V3 backend IPAM. An IP pool will be created for each subnet, and port IPs will be allocated from this pool. The current backend limitation is that we cannot allocate a specific IP, so port create/update with fixed_ips will fail, unless the requested ip is the subnet gateway ip. To enable this option set 'ipam_driver = vmware_nsxv3_ipam' in the neutron.conf Change-Id: I5263555cbb776018a5d01f19d0997fd2adf6483d
199 lines
7.8 KiB
# Copyright 2016 VMware, Inc.
# All Rights Reserved
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import netaddr
import xml.etree.ElementTree as et
from oslo_log import log as logging
from neutron.extensions import external_net as ext_net_extn
from neutron.extensions import multiprovidernet as mpnet
from neutron.extensions import providernet as pnet
from neutron.ipam import exceptions as ipam_exc
from neutron.ipam import requests as ipam_req
from neutron_lib.api import validators
from vmware_nsx._i18n import _, _LE
from vmware_nsx.plugins.nsx_v.vshield.common import constants
from vmware_nsx.plugins.nsx_v.vshield.common import exceptions as vc_exc
from vmware_nsx.services.ipam.common import driver as common
LOG = logging.getLogger(__name__)
class NsxVIpamBase(common.NsxIpamBase):
def _vcns(self):
p = self.get_core_plugin()
return p.nsx_v.vcns
class NsxvIpamDriver(common.NsxAbstractIpamDriver, NsxVIpamBase):
"""IPAM Driver For NSX-V external & provider networks."""
def _is_ext_or_provider_net(self, subnet_request):
"""Return True if the network of the request is external or
provider network
network_id = subnet_request.network_id
if network_id:
network = self._fetch_network(self._context, network_id)
if network.get(ext_net_extn.EXTERNAL):
# external network
return True
if (validators.is_attr_set(network.get(mpnet.SEGMENTS)) or
# provider network
return True
return False
def _is_ipv6_subnet(self, subnet_request):
"""Return True if the network of the request is an ipv6 network"""
if isinstance(subnet_request, ipam_req.SpecificSubnetRequest):
return subnet_request.subnet_cidr.version == 6
if subnet_request.allocation_pools:
for pool in subnet_request.allocation_pools:
if pool.version == 6:
return True
return False
def _is_supported_net(self, subnet_request):
"""This driver supports only ipv4 external/provider networks"""
return (self._is_ext_or_provider_net(subnet_request) and
not self._is_ipv6_subnet(subnet_request))
def _subnet_class(self):
return NsxvIpamSubnet
def allocate_backend_pool(self, subnet_request):
"""Create a pool on the NSX backend and return its ID"""
if subnet_request.allocation_pools:
ranges = [
{'startAddress': netaddr.IPAddress(pool.first),
'endAddress': netaddr.IPAddress(pool.last)}}
for pool in subnet_request.allocation_pools]
ranges = []
request = {'ipamAddressPool':
# max name length on backend is 255, so there is no problem here
{'name': 'subnet_' + subnet_request.subnet_id,
'prefixLength': subnet_request.prefixlen,
'gateway': subnet_request.gateway_ip,
'ipRanges': ranges}}
response = self._vcns.create_ipam_ip_pool(request)
nsx_pool_id = response[1]
except vc_exc.VcnsApiException as e:
msg = _('Failed to create subnet IPAM: %s') % e
raise ipam_exc.IpamValueInvalid(message=msg)
return nsx_pool_id
def delete_backend_pool(self, nsx_pool_id):
except vc_exc.VcnsApiException as e:
LOG.error(_LE("Failed to delete IPAM from backend: %s"), e)
# Continue anyway, since this subnet was already removed
class NsxvIpamSubnet(common.NsxAbstractIpamSubnet, NsxVIpamBase):
"""Manage IP addresses for the NSX-V IPAM driver."""
def _get_vcns_error_code(self, e):
"""Get the error code out of VcnsApiException"""
desc = et.fromstring(e.response)
return int(desc.find('errorCode').text)
except Exception:
LOG.error(_LE('IPAM pool: Error code not present. %s'),
def backend_allocate(self, address_request):
# allocate a specific IP
if isinstance(address_request, ipam_req.SpecificAddressRequest):
# This handles both specific and automatic address requests
ip_address = str(address_request.address)
# Allocate any free IP
response = self._vcns.allocate_ipam_ip_from_pool(
# get the ip from the response
root = et.fromstring(response)
ip_address = root.find('ipAddress').text
except vc_exc.VcnsApiException as e:
# handle backend failures
error_code = self._get_vcns_error_code(e)
if error_code == constants.NSX_ERROR_IPAM_ALLOCATE_IP_USED:
# This IP is already in use
raise ipam_exc.IpAddressAlreadyAllocated(
ip=ip_address, subnet_id=self._subnet_id)
if error_code == constants.NSX_ERROR_IPAM_ALLOCATE_ALL_USED:
# No more IP addresses available on the pool
raise ipam_exc.IpAddressGenerationFailure(
raise ipam_exc.IPAllocationFailed()
return ip_address
def backend_deallocate(self, address):
self._vcns.release_ipam_ip_to_pool(self._nsx_pool_id, address)
except vc_exc.VcnsApiException as e:
LOG.error(_LE("NSX IPAM failed to free ip %(ip)s of subnet %(id)s:"
" %(e)s"),
{'e': e.response,
'ip': address,
'id': self._subnet_id})
raise ipam_exc.IpAddressAllocationNotFound(
def _get_pool_cidr(self, pool):
# rebuild the cidr from the pool range & prefix using the first
# range in the pool, because they all should belong to the same cidr
cidr = '%s/%s' % (pool['ipRanges'][0]['startAddress'],
# convert to a proper cidr
cidr = netaddr.IPNetwork(cidr).cidr
return str(cidr)
def get_details(self):
"""Return subnet data as a SpecificSubnetRequest"""
# get the pool from the backend
pool_details = self._vcns.get_ipam_ip_pool(self._nsx_pool_id)[1]
gateway_ip = pool_details['gateway']
# rebuild the cidr from the range & prefix
cidr = self._get_pool_cidr(pool_details)
pools = []
for ip_range in pool_details['ipRanges']:
return ipam_req.SpecificSubnetRequest(
self._tenant_id, self._subnet_id,
cidr, gateway_ip=gateway_ip, allocation_pools=pools)