Skip to content

CLOUDSTACK-10003 automatic configure juniper srx/vsrx nat loopback, #2184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yadvr merged 2 commits into from
Dec 16, 2017
Merged

CLOUDSTACK-10003 automatic configure juniper srx/vsrx nat loopback, #2184

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cfe12d0
automatic configure juniper srx/vsrx nat loopback,
ming416 Jul 14, 2017
8a61403
check private
ming416 Jul 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 68 additions & 3 deletions plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@ public String getCountName() {
}

private enum SrxCommand {
LOGIN, OPEN_CONFIGURATION, CLOSE_CONFIGURATION, COMMIT, ROLLBACK, CHECK_IF_EXISTS, CHECK_IF_IN_USE, ADD, DELETE, GET_ALL;
LOGIN, OPEN_CONFIGURATION, CLOSE_CONFIGURATION, COMMIT, ROLLBACK, CHECK_IF_EXISTS, CHECK_IF_IN_USE, ADD, DELETE, GET_ALL, CHECK_PRIVATE_IF_EXISTS;
}

private enum Protocol {
Expand Down Expand Up @@ -2011,6 +2011,7 @@ private String genStaticNatRuleName(String publicIp, String privateIp) {

private boolean manageStaticNatRule(SrxCommand command, String publicIp, String privateIp) throws ExecutionException {
String ruleName = genStaticNatRuleName(publicIp, privateIp);
String ruleName_private = genStaticNatRuleName(privateIp, publicIp);
String xml;

switch (command) {
Expand All @@ -2022,7 +2023,13 @@ private boolean manageStaticNatRule(SrxCommand command, String publicIp, String
xml = replaceXmlValue(xml, "from-zone", _publicZone);
xml = replaceXmlValue(xml, "rule-name", ruleName);
return sendRequestAndCheckResponse(command, xml, "name", ruleName);

case CHECK_PRIVATE_IF_EXISTS:
xml = SrxXml.STATIC_NAT_RULE_GETONE.getXml();
xml = setDelete(xml, false);
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);
return sendRequestAndCheckResponse(command, xml, "name", ruleName_private);
case ADD:
if (manageStaticNatRule(SrxCommand.CHECK_IF_EXISTS, publicIp, privateIp)) {
return true;
Expand All @@ -2038,6 +2045,16 @@ private boolean manageStaticNatRule(SrxCommand command, String publicIp, String
if (!sendRequestAndCheckResponse(command, xml)) {
throw new ExecutionException("Failed to add static NAT rule from public IP " + publicIp + " to private IP " + privateIp);
} else {
xml = SrxXml.STATIC_NAT_RULE_ADD.getXml();
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);
xml = replaceXmlValue(xml, "original-ip", publicIp);
xml = replaceXmlValue(xml, "translated-ip", privateIp);
if (!sendRequestAndCheckResponse(command, xml))
{
throw new ExecutionException("Failed to add trust static NAT rule from public IP " + publicIp + " to private IP " + privateIp);
}
return true;
}

Expand All @@ -2055,6 +2072,18 @@ private boolean manageStaticNatRule(SrxCommand command, String publicIp, String
if (!sendRequestAndCheckResponse(command, xml, "name", ruleName)) {
throw new ExecutionException("Failed to delete static NAT rule from public IP " + publicIp + " to private IP " + privateIp);
} else {
if (manageStaticNatRule(SrxCommand.CHECK_PRIVATE_IF_EXISTS, publicIp, privateIp)){
xml = SrxXml.STATIC_NAT_RULE_GETONE.getXml();
xml = setDelete(xml, true);
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);
}

if (!sendRequestAndCheckResponse(command, xml, "name", ruleName_private))
{
throw new ExecutionException("Failed to delete trust static NAT rule from public IP " + publicIp + " to private IP " + privateIp);
}
return true;
}

Expand Down Expand Up @@ -2184,6 +2213,7 @@ private String genDestinationNatRuleName(String publicIp, String privateIp, long

private boolean manageDestinationNatRule(SrxCommand command, String publicIp, String privateIp, long srcPort, long destPort) throws ExecutionException {
String ruleName = genDestinationNatRuleName(publicIp, privateIp, srcPort, destPort);
String ruleName_private = ruleName + "p";
String poolName = genDestinationNatPoolName(privateIp, destPort);
String xml;

Expand All @@ -2196,7 +2226,13 @@ private boolean manageDestinationNatRule(SrxCommand command, String publicIp, St
xml = replaceXmlValue(xml, "from-zone", _publicZone);
xml = replaceXmlValue(xml, "rule-name", ruleName);
return sendRequestAndCheckResponse(command, xml, "name", ruleName);

case CHECK_PRIVATE_IF_EXISTS:
xml = SrxXml.DEST_NAT_RULE_GETONE.getXml();
xml = setDelete(xml, false);
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);
return sendRequestAndCheckResponse(command, xml, "name", ruleName_private);
case ADD:
if (manageDestinationNatRule(SrxCommand.CHECK_IF_EXISTS, publicIp, privateIp, srcPort, destPort)) {
return true;
Expand All @@ -2219,6 +2255,20 @@ private boolean manageDestinationNatRule(SrxCommand command, String publicIp, St
throw new ExecutionException("Failed to add destination NAT rule from public IP " + publicIp + ", public port " + srcPort + ", private IP " +
privateIp + ", and private port " + destPort);
} else {

xml = SrxXml.DEST_NAT_RULE_ADD.getXml();
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);
xml = replaceXmlValue(xml, "public-address", publicIp);
xml = replaceXmlValue(xml, "src-port", String.valueOf(srcPort));
xml = replaceXmlValue(xml, "pool-name", poolName);

if (!sendRequestAndCheckResponse(command, xml))
{
s_logger.debug("Purple: loopback Failed to add " + _privateZone + " destination NAT rule from public IP " + publicIp + ", public port " + srcPort + ", private IP " +
privateIp + ", and private port " + destPort);
}
return true;
}

Expand All @@ -2237,6 +2287,21 @@ private boolean manageDestinationNatRule(SrxCommand command, String publicIp, St
throw new ExecutionException("Failed to delete destination NAT rule from public IP " + publicIp + ", public port " + srcPort + ", private IP " +
privateIp + ", and private port " + destPort);
} else {
if (manageDestinationNatRule(SrxCommand.CHECK_PRIVATE_IF_EXISTS, publicIp, privateIp, srcPort, destPort))
{
xml = SrxXml.DEST_NAT_RULE_GETONE.getXml();
xml = setDelete(xml, true);
xml = replaceXmlValue(xml, "rule-set", _privateZone);
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "rule-name", ruleName_private);

if (!sendRequestAndCheckResponse(command, xml))
{
s_logger.debug("Purple: Failed to delete " + _privateZone + " destination NAT rule from public IP " + publicIp + ", public port " + srcPort + ", private IP " +
privateIp + ", and private port " + destPort);
}
}

return true;
}

Expand Down