| Matteo Scandolo | aca8665 | 2017-08-08 13:05:27 -0700 | [diff] [blame] | 1 | |
| 2 | # Copyright 2017-present Open Networking Foundation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | |
| 16 | |
| AyumuUeha | 76a01bc | 2017-05-18 13:34:13 +0900 | [diff] [blame] | 17 | #!/usr/bin/env bash |
| 18 | #************************************************************/ |
| 19 | #** File: vsg_vcpe_gwbr_setup.sh */ |
| 20 | #** Contents: Contains shell script to setup vcpe_gwbr */ |
| 21 | #** in VSG to allow traffic to flow between */ |
| 22 | #** VCPE, VSG and nova-compute nodes. */ |
| 23 | #************************************************************/ |
| 24 | |
| 25 | date |
| 26 | echo "vsg_vcpe_gwbr_setup.sh: Begin" |
| 27 | |
| 28 | function setup_vcpe_gwbr_in_vsg() { |
| 29 | if brctl show $VCPEGW_BR_NAME ; then |
| 30 | echo "$VCPEGW_BR_NAME already exists...delete and recreate it again" |
| 31 | sudo -E ip link set dev $VCPEGW_BR_NAME down |
| 32 | sleep 1 |
| 33 | sudo -E brctl delbr $VCPEGW_BR_NAME |
| 34 | fi |
| 35 | |
| 36 | sleep 1 |
| 37 | sudo -E brctl addbr $VCPEGW_BR_NAME |
| 38 | sleep 1 |
| 39 | sudo -E ip link set dev $VCPEGW_BR_NAME dynamic off |
| 40 | sleep 1 |
| 41 | sudo -E ip link set dev $VCPEGW_BR_NAME up |
| 42 | echo "Setting vcpe_gwbr IP in VSG ($vsg_id) as $vcpe_gwbr_ip" |
| 43 | sudo -E ip addr add $vcpe_gwbr_ip/$VCPEGW_NETMASK_BITS dev $VCPEGW_BR_NAME |
| 44 | ifconfig $VCPEGW_BR_NAME |
| 45 | sudo -E brctl addif $VCPEGW_BR_NAME $NETCFG_UP_IFACE |
| 46 | echo "$VCPEGW_BR_NAME successfully setup.." |
| 47 | } |
| 48 | # |
| 49 | # Setup the NAT rules to allow VCPE GW instances to |
| 50 | # access the internet. The vcpe docker instances created |
| 51 | # by XOS go directly through br-wan. So, there is no need |
| 52 | # to setup any NAT rules. In the case of VCPE GW instance, |
| 53 | # the traffic will go through vcpe_gwbr and get NAT'd and |
| 54 | # sent through br-wan. So, we need to setup the NAT rules |
| 55 | # in VSG to make this work. |
| 56 | # |
| 57 | |
| 58 | function setup_dnat_for_vcpegw_traffic() { |
| 59 | |
| 60 | sudo /sbin/iptables -t nat -A POSTROUTING -s $VCPEGW_BR_SUBNET/$VCPEGW_NETMASK_BITS -o $VSG_WAN_BR_NAME -j MASQUERADE |
| 61 | sudo /sbin/iptables -A FORWARD -i $VCPEGW_BR_NAME -o $VSG_WAN_BR_NAME -m state --state RELATED,ESTABLISHED -j ACCEPT |
| 62 | sudo /sbin/iptables -A FORWARD -i $VSG_WAN_BR_NAME -o $VCPEGW_BR_NAME -j ACCEPT |
| 63 | } |
| 64 | |
| 65 | if [ -z $HOME_DIR ]; then |
| 66 | HOME_DIR=`pwd` |
| 67 | echo "WARNING>>>>HOME_DIR was not setup properly...!!!" |
| 68 | echo "Using $HOME_DIR as the home directory" |
| 69 | fi |
| 70 | |
| 71 | setup_vcpe_gwbr_in_vsg |
| 72 | setup_dnat_for_vcpegw_traffic |
| 73 | date |
| 74 | echo "vsg_vcpe_gwbr_setup.sh: End" |
| 75 | |