CLOUDSTACK-6761: Fixed removing proxy arp rule on deleting static nat or PF rule on ip

Jayapal · Jayapal · commit 19668713ed2f · 2014-05-27T15:13:54.000+05:30
The proxy-arp add/del is done on firewall rule add/del.
 The proxy-arp rule is deleted only when there is no static nat or dest nat rule is not using the ip.

 When there is static nat or PF and firewall rule
   a. Delete firewall rule. It skips delete proxy-arp because the rule is used by static nat rule.
   b. After deleting fw rule if we disable static nat there is no way to delete proxy-arp rule.

   On VM expunge we are deleting firewall rules first then static nat rules. This caused the stale proxy-arp
   rules.

   With this fix adding/deleting proxy arp rule on static nat/PF rule add/del.
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
@@ -965,6 +965,7 @@ private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
     private void addStaticNatRule(Long publicVlanTag, String publicIp, String privateIp, List<FirewallRuleTO> rules) throws ExecutionException {
         manageStaticNatRule(SrxCommand.ADD, publicIp, privateIp);
         manageAddressBookEntry(SrxCommand.ADD, _privateZone, privateIp, null);
+        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);
 
         // Add a new security policy with the current set of applications
         addSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp, extractApplications(rules));
@@ -979,6 +980,7 @@ private void removeStaticNatRule(Long publicVlanTag, String publicIp, String pri
         removeSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp);
 
         manageAddressBookEntry(SrxCommand.DELETE, _privateZone, privateIp, null);
+        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);
 
         s_logger.debug("Removed static NAT rule for public IP " + publicIp + ", and private IP " + privateIp);
     }
@@ -1248,6 +1250,7 @@ private void addDestinationNatRule(Protocol protocol, Long publicVlanTag, String
         List<Object[]> applications = new ArrayList<Object[]>();
         applications.add(new Object[] {protocol, destPortStart, destPortEnd});
         addSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp, applications);
+        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);
 
         String srcPortRange = srcPortStart + "-" + srcPortEnd;
         String destPortRange = destPortStart + "-" + destPortEnd;
@@ -1258,6 +1261,7 @@ private void addDestinationNatRule(Protocol protocol, Long publicVlanTag, String
     private void removeDestinationNatRule(Long publicVlanTag, String publicIp, String privateIp, int srcPort, int destPort) throws ExecutionException {
         manageDestinationNatRule(SrxCommand.DELETE, publicIp, privateIp, srcPort, destPort);
         manageDestinationNatPool(SrxCommand.DELETE, privateIp, destPort);
+        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);
 
         removeSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp);
 
