схема базы данных OVN_Northbound (OVN_Northbound database schema)
Logical_Router_Policy TABLE
Each row in this table represents one routing policy for a
logical router that points to it through its policies
column. The
action
column for the highest-priority
matching row in this table
determines a packet's treatment. If no row matches, packets are
allowed by default. (Default-deny treatment is possible: add a
rule with priority
0, 1
as match
, and drop
as action
.)
Summary:
priority
integer, in range 0 to 32,767
match
string
action
string, one of allow
, drop
, or
reroute
nexthop
optional string
Details:
priority
: integer, in range 0 to 32,767
The routing policy's priority. Rules with numerically
higher priority take precedence over those with lower. A
rule is uniquely identified by the priority and match
string.
match
: string
The packets that the routing policy should match, in the
same expression language used for the match
column in the
OVN Southbound database's Logical_Flow
table.
By default all traffic is allowed. When writing a more
restrictive policy, it is important to remember to allow
flows such as ARP and IPv6 neighbor discovery packets.
action
: string, one of allow
, drop
, or reroute
The action to take when the routing policy matches:
• allow
: Forward the packet.
• drop
: Silently drop the packet.
• reroute
: Reroute packet to nexthop
.
nexthop
: optional string
Next-hop IP address for this route, which should be the IP
address of a connected router port or the IP address of a
logical port.