@@ -1856,16 +1856,16 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
18561856 U2OexcludeIPAs = u2oExcludeIp6Ag
18571857 }
18581858
1859- match1 := fmt .Sprintf ("%s.dst == %s && %s.dst != $%s " , ipSuffix , cidrBlock , ipSuffix , U2OexcludeIPAs )
1859+ match1 := fmt .Sprintf ("%s.dst == %s" , ipSuffix , cidrBlock )
18601860 match2 := fmt .Sprintf ("%s.dst == $%s && %s.src == %s" , ipSuffix , U2OexcludeIPAs , ipSuffix , cidrBlock )
18611861 match3 := fmt .Sprintf ("%s.src == %s" , ipSuffix , cidrBlock )
18621862
18631863 /*
18641864 policy1:
1865- prio 31000 match: "ip4.dst == underlay subnet cidr && ip4.dst != node ips" action: allow
1865+ prio 29400 match: "ip4.dst == underlay subnet cidr" action: allow
18661866
18671867 policy2:
1868- prio 31000 match: "ip4.dst == node ips && ip4.src == underlay subnet cidr" action: reoute physical gw
1868+ prio 31000 match: "ip4.dst == node ips && ip4.src == underlay subnet cidr" action: reroute physical gw
18691869
18701870 policy3:
18711871 prio 29000 match: "ip4.src == underlay subnet cidr" action: reroute physical gw
@@ -1875,7 +1875,7 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
18751875 policy3: underlay pod first access u2o interconnection lrp and then reoute to physical gw
18761876 */
18771877 klog .Infof ("add u2o interconnection policy for router: %s, match %s, action %s" , subnet .Spec .Vpc , match1 , "allow" )
1878- if err := c .ovnLegacyClient .AddPolicyRoute (subnet .Spec .Vpc , util .SubnetRouterPolicyPriority , match1 , "allow" , "" , externalIDs ); err != nil {
1878+ if err := c .ovnLegacyClient .AddPolicyRoute (subnet .Spec .Vpc , util .U2OSubnetPolicyPriority , match1 , "allow" , "" , externalIDs ); err != nil {
18791879 klog .Errorf ("failed to add u2o interconnection policy1 for subnet %s %v" , subnet .Name , err )
18801880 return err
18811881 }
0 commit comments