Repository: cloudstack Updated Branches: refs/heads/4.3 76f5f3048 -> d81b67939
CLOUDSTACK-6761: Fixed removing proxy arp rule on deleting static nat or PF rule on ip The proxy-arp add/del is done on firewall rule add/del. The proxy-arp rule is deleted only when there is no static nat or dest nat rule is not using the ip. When there is static nat or PF and firewall rule a. Delete firewall rule. It skips delete proxy-arp because the rule is used by static nat rule. b. After deleting fw rule if we disable static nat there is no way to delete proxy-arp rule. On VM expunge we are deleting firewall rules first then static nat rules. This caused the stale proxy-arp rules. With this fix adding/deleting proxy arp rule on static nat/PF rule add/del. (cherry picked from commit 19668713ed2f12e61f538a238422d7dfd4841009) Signed-off-by: Rohit Yadav <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d81b6793 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d81b6793 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d81b6793 Branch: refs/heads/4.3 Commit: d81b67939fc7290e4026e037c313a12bbe9bd762 Parents: 76f5f30 Author: Jayapal <[email protected]> Authored: Mon May 26 15:10:35 2014 +0530 Committer: Rohit Yadav <[email protected]> Committed: Fri Nov 14 15:47:46 2014 +0530 ---------------------------------------------------------------------- .../src/com/cloud/network/resource/JuniperSrxResource.java | 4 ++++ 1 file changed, 4 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d81b6793/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java index a0278ca..a483ec7 100644 --- a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java +++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java @@ -969,6 +969,7 @@ public class JuniperSrxResource implements ServerResource { private void addStaticNatRule(Long publicVlanTag, String publicIp, String privateIp, List<FirewallRuleTO> rules) throws ExecutionException { manageStaticNatRule(SrxCommand.ADD, publicIp, privateIp); manageAddressBookEntry(SrxCommand.ADD, _privateZone, privateIp, null); + manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp); // Add a new security policy with the current set of applications addSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp, extractApplications(rules)); @@ -983,6 +984,7 @@ public class JuniperSrxResource implements ServerResource { removeSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp); manageAddressBookEntry(SrxCommand.DELETE, _privateZone, privateIp, null); + manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp); s_logger.debug("Removed static NAT rule for public IP " + publicIp + ", and private IP " + privateIp); } @@ -1250,6 +1252,7 @@ public class JuniperSrxResource implements ServerResource { List<Object[]> applications = new ArrayList<Object[]>(); applications.add(new Object[]{protocol, destPortStart, destPortEnd}); addSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp, applications); + manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp); String srcPortRange = srcPortStart + "-" + srcPortEnd; String destPortRange = destPortStart + "-" + destPortEnd; @@ -1259,6 +1262,7 @@ public class JuniperSrxResource implements ServerResource { private void removeDestinationNatRule(Long publicVlanTag, String publicIp, String privateIp, int srcPort, int destPort) throws ExecutionException { manageDestinationNatRule(SrxCommand.DELETE, publicIp, privateIp, srcPort, destPort); manageDestinationNatPool(SrxCommand.DELETE, privateIp, destPort); + manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp); removeSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp);
