Skip to content

Commit

Permalink
fix underlay access to node through ovn0 (#2846)
Browse files Browse the repository at this point in the history
  • Loading branch information
@changluyi
changluyi authored May 23, 2023
1 parent ae226e3 commit 767e102
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
6 changes: 3 additions & 3 deletions pkg/controller/subnet.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2146,7 +2146,7 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
prio 31000 match: "ip4.dst == underlay subnet cidr && ip4.dst != node ips" action: allow
policy2:
prio 31000 match: "ip4.dst == node ips && ip4.src == underlay subnet cidr" action: allow
prio 31000 match: "ip4.dst == node ips && ip4.src == underlay subnet cidr" action: reoute physical gw
policy3:
prio 29000 match: "ip4.src == underlay subnet cidr" action: reroute physical gw
Expand All @@ -2161,8 +2161,8 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
return err
}

klog.Infof("add u2o interconnection policy for router: %s, match %s, action %s", subnet.Spec.Vpc, match2, "allow")
if err := c.ovnLegacyClient.AddPolicyRoute(subnet.Spec.Vpc, util.SubnetRouterPolicyPriority, match2, "allow", "", externalIDs); err != nil {
klog.Infof("add u2o interconnection policy for router: %s, match %s, action %s, nexthop %s", subnet.Spec.Vpc, match2, "reroute", nextHop)
if err := c.ovnLegacyClient.AddPolicyRoute(subnet.Spec.Vpc, util.SubnetRouterPolicyPriority, match2, "reroute", nextHop, externalIDs); err != nil {
klog.Errorf("failed to add u2o interconnection policy2 for subnet %s %v", subnet.Name, err)
return err
}
Expand Down
6 changes: 4 additions & 2 deletions test/e2e/kube-ovn/underlay/underlay.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -608,11 +608,13 @@ func checkU2OItems(isEnableU2O bool, subnet *apiv1.Subnet, underlayPod, overlayP
}
agName := strings.Replace(fmt.Sprintf("%s.u2o_exclude_ip.%s", subnet.Name, protocolStr), "-", ".", -1)
ginkgo.By(fmt.Sprintf("checking underlay subnet's policy1 route %s", protocolStr))
hitPolicyStr := fmt.Sprintf("%d %s.dst == $%s && %s.src == %s allow", util.SubnetRouterPolicyPriority, protocolStr, agName, protocolStr, cidr)

hitPolicyStr := fmt.Sprintf("%d %s.dst == %s && %s.dst != $%s allow", util.SubnetRouterPolicyPriority, protocolStr, cidr, protocolStr, agName)
checkPolicy(hitPolicyStr, isEnableU2O)

ginkgo.By(fmt.Sprintf("checking underlay subnet's policy2 route %s", protocolStr))
hitPolicyStr = fmt.Sprintf("%d %s.dst == %s && %s.dst != $%s allow", util.SubnetRouterPolicyPriority, protocolStr, cidr, protocolStr, agName)
hitPolicyStr = fmt.Sprintf("%d %s.dst == $%s && %s.src == %s reroute %s", util.SubnetRouterPolicyPriority, protocolStr, agName, protocolStr, cidr, gw)

checkPolicy(hitPolicyStr, isEnableU2O)

ginkgo.By(fmt.Sprintf("checking underlay subnet's policy3 route %s", protocolStr))
Expand Down

0 comments on commit 767e102

Please sign in to comment.