@@ -1,7 +1,7 @@
{
"name": "OVN_Northbound",
"version": "5.13.1",
- "cksum": "749176366 20467",
+ "cksum": "3389984310 21532",
"tables": {
"NB_Global": {
"columns": {
@@ -241,6 +241,11 @@
"refType": "strong"},
"min": 0,
"max": "unlimited"}},
+ "policies": {"type": {"key": {"type": "uuid",
+ "refTable": "Logical_Router_Policy",
+ "refType": "strong"},
+ "min": 0,
+ "max": "unlimited"}},
"enabled": {"type": {"key": "boolean", "min": 0, "max": 1}},
"nat": {"type": {"key": {"type": "uuid",
"refTable": "NAT",
@@ -302,6 +307,19 @@
"type": {"key": "string", "value": "string",
"min": 0, "max": "unlimited"}}},
"isRoot": false},
+ "Logical_Router_Policy": {
+ "columns": {
+ "name": {"type": {"key": {"type": "string",
+ "maxLength": 63},
+ "min": 0, "max": 1}},
+ "priority": {"type": {"key": {"type": "integer",
+ "minInteger": 0,
+ "maxInteger": 32767}}},
+ "match": {"type": "string"},
+ "action": {"type": {"key": {"type": "string",
+ "enum": ["set", ["allow", "drop", "reroute"]]}}},
+ "nexthop": {"type": {"key": "string", "min": 0, "max": 1}}},
+ "isRoot": false},
"NAT": {
"columns": {
"external_ip": {"type": "string"},
@@ -1225,6 +1225,10 @@
One or more static routes for the router.
</column>
+ <column name="policies">
+ One or more routing policies for the router.
+ </column>
+
<column name="enabled">
This column is used to administratively set router state. If this column
is empty or is set to <code>true</code>, the router is enabled. If this
@@ -1782,6 +1786,65 @@
</table>
+ <table name="Logical_Router_Policy" title="Logical router policies">
+ <p>
+ Each row in this table represents one routing policy for a logical router
+ that points to it through its <ref column="policies"/> column. The <ref
+ column="action"/> column for the highest-<ref column="priority"/>
+ matching row in this table determines a packet's treatment. If no row
+ matches, packets are allowed by default. (Default-deny treatment is
+ possible: add a rule with <ref column="priority"/> 0, <code>0</code> as
+ <ref column="match"/>, and <code>drop</code> as <ref column="action"/>.)
+ </p>
+ <column name="name">
+ A name for the router policy. Names are ASCII and must match
+ <code>[a-zA-Z_.][a-zA-Z_.0-9]*</code>.
+ </column>
+ <column name="priority">
+ <p>
+ The routing policy's priority. Rules with numerically higher priority
+ take precedence over those with lower. A rule is uniquely identified
+ by the priority and match string.
+ </p>
+ </column>
+ <column name="match">
+ <p>
+ The packets that the routing policy should match, in the same expression
+ language used for the <ref column="match" table="Logical_Flow"
+ db="OVN_Southbound"/> column in the OVN Southbound database's
+ <ref table="Logical_Flow" db="OVN_Southbound"/> table. The
+ <code>outport</code> logical port is only available in the
+ <code>to-lport</code> direction (the <code>inport</code> is
+ available in both directions).
+ </p>
+ <p>
+ By default all traffic is allowed. When writing a more
+ restrictive policy, it is important to remember to allow flows
+ such as ARP and IPv6 neighbor discovery packets.
+ </p>
+ </column>
+ <column name="action">
+ <p>The action to take when the routing policy matches:</p>
+ <ul>
+ <li>
+ <code>allow</code>: Forward the packet.
+ </li>
+ <li>
+ <code>drop</code>: Silently drop the packet.
+ </li>
+ <li>
+ <code>reroute</code>: Reroute packet to nexthop
+ </li>
+ </ul>
+ </column>
+ <column name="nexthop">
+ <p>
+ Nexthop IP address for this route. Nexthop IP address should be the IP
+ address of a connected router port or the IP address of a logical port.
+ </p>
+ </column>
+ </table>
+
<table name="NAT" title="NAT rules">
<p>
Each record represents a NAT rule.