fix u2o policy route generate too many flow tables cause oom

Author: changluyi

pkg/controller/subnet.go

@@ -2212,13 +2212,13 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
 			U2OexcludeIPAs = u2oExcludeIp6Ag
 		}
 
-		match1 := fmt.Sprintf("%s.dst == %s && %s.dst != $%s", ipSuffix, cidrBlock, ipSuffix, U2OexcludeIPAs)
+		match1 := fmt.Sprintf("%s.dst == %s", ipSuffix, cidrBlock)
 		match2 := fmt.Sprintf("%s.dst == $%s && %s.src == %s", ipSuffix, U2OexcludeIPAs, ipSuffix, cidrBlock)
 		match3 := fmt.Sprintf("%s.src == %s", ipSuffix, cidrBlock)
 
 		/*
 			policy1:
-			prio 31000 match: "ip4.dst == underlay subnet cidr && ip4.dst != node ips"  action: allow
+			prio 29400 match: "ip4.dst == underlay subnet cidr"                         action: allow
 
 			policy2:
 			prio 31000 match: "ip4.dst == node ips && ip4.src == underlay subnet cidr"  action: reroute physical gw
@@ -2233,7 +2233,7 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
 
 		if subnet.Spec.Vpc == c.config.ClusterRouter {
 			klog.Infof("add u2o interconnection policy for router: %s, match %s, action %s", subnet.Spec.Vpc, match1, "allow")
-			if err := c.ovnLegacyClient.AddPolicyRoute(subnet.Spec.Vpc, util.SubnetRouterPolicyPriority, match1, "allow", "", externalIDs); err != nil {
+			if err := c.ovnLegacyClient.AddPolicyRoute(subnet.Spec.Vpc, util.U2OSubnetPolicyPriority, match1, "allow", "", externalIDs); err != nil {
 				klog.Errorf("failed to add u2o interconnection policy1 for subnet %s %v", subnet.Name, err)
 				return err
 			}

pkg/util/const.go

@@ -161,6 +161,7 @@ const (
 	OvnFip      = "ovn"
 	IptablesFip = "iptables"
 
+	U2OSubnetPolicyPriority     = 29400
 	GatewayRouterPolicyPriority = 29000
 	NodeRouterPolicyPriority    = 30000
 	SubnetRouterPolicyPriority  = 31000