@@ -359,11 +359,22 @@ func (udng *UserDefinedNetworkGateway) AddNetwork() error {
359359 if err = udng .vrfManager .AddVRFRoutes (vrfDeviceName , routes ); err != nil {
360360 return fmt .Errorf ("could not add VRF %s routes for network %s, err: %v" , vrfDeviceName , udng .GetNetworkName (), err )
361361 }
362+
363+ isNetworkAdvertised := util .IsPodNetworkAdvertisedAtNode (udng .NetInfo , udng .node .Name )
364+
362365 // create the iprules for this network
363- err = udng .updateUDNVRFIPRule ()
364- if err != nil {
366+ if err = udng .updateUDNVRFIPRules (isNetworkAdvertised ); err != nil {
365367 return fmt .Errorf ("failed to update IP rules for network %s: %w" , udng .GetNetworkName (), err )
366368 }
369+
370+ if err = udng .updateAdvertisedUDNIsolationRules (isNetworkAdvertised ); err != nil {
371+ return fmt .Errorf ("failed to update isolation rules for network %s: %w" , udng .GetNetworkName (), err )
372+ }
373+
374+ if err := udng .updateUDNVRFIPRoute (isNetworkAdvertised ); err != nil {
375+ return fmt .Errorf ("failed to update ip routes for network %s: %w" , udng .GetNetworkName (), err )
376+ }
377+
367378 // add loose mode for rp filter on management port
368379 mgmtPortName := util .GetNetworkScopedK8sMgmtHostIntfName (uint (udng .GetNetworkID ()))
369380 if err := addRPFilterLooseModeForManagementPort (mgmtPortName ); err != nil {
@@ -777,12 +788,11 @@ func (udng *UserDefinedNetworkGateway) getV6MasqueradeIP() (*net.IPNet, error) {
777788// 2000: from all to 10.132.0.0/14 lookup 1007
778789// 2000: from all fwmark 0x1001 lookup 1009
779790// 2000: from all to 10.134.0.0/14 lookup 1009
780- func (udng * UserDefinedNetworkGateway ) constructUDNVRFIPRules () ([]netlink.Rule , []netlink.Rule , error ) {
791+ func (udng * UserDefinedNetworkGateway ) constructUDNVRFIPRules (isNetworkAdvertised bool ) ([]netlink.Rule , []netlink.Rule , error ) {
781792 var addIPRules []netlink.Rule
782793 var delIPRules []netlink.Rule
783794 var masqIPRules []netlink.Rule
784795 var subnetIPRules []netlink.Rule
785- isNetworkAdvertised := util .IsPodNetworkAdvertisedAtNode (udng .NetInfo , udng .node .Name )
786796 masqIPv4 , err := udng .getV4MasqueradeIP ()
787797 if err != nil {
788798 return nil , nil , err
@@ -911,7 +921,7 @@ func (udng *UserDefinedNetworkGateway) doReconcile() error {
911921 isNetworkAdvertised := util .IsPodNetworkAdvertisedAtNode (udng .NetInfo , udng .node .Name )
912922 udng .openflowManager .defaultBridge .netConfig [udng .GetNetworkName ()].advertised .Store (isNetworkAdvertised )
913923
914- if err := udng .updateUDNVRFIPRule ( ); err != nil {
924+ if err := udng .updateUDNVRFIPRules ( isNetworkAdvertised ); err != nil {
915925 return fmt .Errorf ("error while updating ip rule for UDN %s: %s" , udng .GetNetworkName (), err )
916926 }
917927
@@ -932,10 +942,10 @@ func (udng *UserDefinedNetworkGateway) doReconcile() error {
932942 return nil
933943}
934944
935- // updateUDNVRFIPRule updates IP rules for a network depending on whether the
945+ // updateUDNVRFIPRules updates IP rules for a network depending on whether the
936946// network is advertised or not
937- func (udng * UserDefinedNetworkGateway ) updateUDNVRFIPRule ( ) error {
938- addIPRules , deleteIPRules , err := udng .constructUDNVRFIPRules ()
947+ func (udng * UserDefinedNetworkGateway ) updateUDNVRFIPRules ( isNetworkAdvertised bool ) error {
948+ addIPRules , deleteIPRules , err := udng .constructUDNVRFIPRules (isNetworkAdvertised )
939949 if err != nil {
940950 return fmt .Errorf ("unable to get iprules for network %s, err: %v" , udng .GetNetworkName (), err )
941951 }
0 commit comments