This Series: Policy-Based Routing. This Patch: Add routing policies in the northbound schema. --- ovn/ovn-nb.ovsschema | 20 ++++++++++++++++- ovn/ovn-nb.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 1 deletion(-)
diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema index 705cc27..8465f12 100644 --- a/ovn/ovn-nb.ovsschema +++ b/ovn/ovn-nb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Northbound", "version": "5.13.1", - "cksum": "749176366 20467", + "cksum": "3389984310 21532", "tables": { "NB_Global": { "columns": { @@ -241,6 +241,11 @@ "refType": "strong"}, "min": 0, "max": "unlimited"}}, + "policies": {"type": {"key": {"type": "uuid", + "refTable": "Logical_Router_Policy", + "refType": "strong"}, + "min": 0, + "max": "unlimited"}}, "enabled": {"type": {"key": "boolean", "min": 0, "max": 1}}, "nat": {"type": {"key": {"type": "uuid", "refTable": "NAT", @@ -302,6 +307,19 @@ "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}, "isRoot": false}, + "Logical_Router_Policy": { + "columns": { + "name": {"type": {"key": {"type": "string", + "maxLength": 63}, + "min": 0, "max": 1}}, + "priority": {"type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 32767}}}, + "match": {"type": "string"}, + "action": {"type": {"key": {"type": "string", + "enum": ["set", ["allow", "drop", "reroute"]]}}}, + "nexthop": {"type": {"key": "string", "min": 0, "max": 1}}}, + "isRoot": false}, "NAT": { "columns": { "external_ip": {"type": "string"}, diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index c0739fe..496bcf6 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -1225,6 +1225,10 @@ One or more static routes for the router. </column> + <column name="policies"> + One or more routing policies for the router. + </column> + <column name="enabled"> This column is used to administratively set router state. If this column is empty or is set to <code>true</code>, the router is enabled. If this @@ -1782,6 +1786,65 @@ </table> + <table name="Logical_Router_Policy" title="Logical router policies"> + <p> + Each row in this table represents one routing policy for a logical router + that points to it through its <ref column="policies"/> column. The <ref + column="action"/> column for the highest-<ref column="priority"/> + matching row in this table determines a packet's treatment. If no row + matches, packets are allowed by default. (Default-deny treatment is + possible: add a rule with <ref column="priority"/> 0, <code>0</code> as + <ref column="match"/>, and <code>drop</code> as <ref column="action"/>.) + </p> + <column name="name"> + A name for the router policy. Names are ASCII and must match + <code>[a-zA-Z_.][a-zA-Z_.0-9]*</code>. + </column> + <column name="priority"> + <p> + The routing policy's priority. Rules with numerically higher priority + take precedence over those with lower. A rule is uniquely identified + by the priority and match string. + </p> + </column> + <column name="match"> + <p> + The packets that the routing policy should match, in the same expression + language used for the <ref column="match" table="Logical_Flow" + db="OVN_Southbound"/> column in the OVN Southbound database's + <ref table="Logical_Flow" db="OVN_Southbound"/> table. The + <code>outport</code> logical port is only available in the + <code>to-lport</code> direction (the <code>inport</code> is + available in both directions). + </p> + <p> + By default all traffic is allowed. When writing a more + restrictive policy, it is important to remember to allow flows + such as ARP and IPv6 neighbor discovery packets. + </p> + </column> + <column name="action"> + <p>The action to take when the routing policy matches:</p> + <ul> + <li> + <code>allow</code>: Forward the packet. + </li> + <li> + <code>drop</code>: Silently drop the packet. + </li> + <li> + <code>reroute</code>: Reroute packet to nexthop + </li> + </ul> + </column> + <column name="nexthop"> + <p> + Nexthop IP address for this route. Nexthop IP address should be the IP + address of a connected router port or the IP address of a logical port. + </p> + </column> + </table> + <table name="NAT" title="NAT rules"> <p> Each record represents a NAT rule. -- 1.8.3.1 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev