Make conntrack the highest priority rule

Initially 300 was the highest priority but now we have a rule that is 400, make it 1000 so that it's guaranteed that the flow is always evaluated.
openshift · Oct 21, 2020 · 75dfcb7 · 75dfcb7
1 parent de8f5fb
commit 75dfcb7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/network/node/ovscontroller.go b/pkg/network/node/ovscontroller.go
@@ -98,7 +98,7 @@ func (oc *ovsController) SetupOVS(clusterNetworkCIDR []string, serviceNetworkCID
 
 	// Table 0: initial dispatch based on in_port
 	if oc.useConnTrack {
-		otx.AddFlow("table=0, priority=300, ip, ct_state=-trk, actions=ct(table=0)")
+		otx.AddFlow("table=0, priority=1000, ip, ct_state=-trk, actions=ct(table=0)")
 	}
 	// vxlan0
 	for _, clusterCIDR := range clusterNetworkCIDR {