yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2112297] [NEW] [RFE] Support Policy Based Routing for LRs in Neutron OVN driver

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dmitriy Rabotyagov <2112297@xxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Jun 2025 07:45:38 -0000
Reply-to: Bug 2112297 <2112297@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Logical Router Policies were added to OVN in 2.12.0 [1][2] release
(which was in 2019). This functionality extends Logical Router Static
Routes, by allowing to apply ACLs to re-route the traffic based on
matched rules, as well as mark traffic for further use.

As a usecase here could be  implementation of corporate traffic inside
of the cloud, where a router has multiple external gateways: one on
regular public network, another one within RFC 1918 network which is
generally available within premise by all employees.

So most applications should be working only within this corporate
network and do not have access to a public one, except specific hosts
which are assigned floating IPs from the public network or serving as a
squid reverse proxy servers.

Thus, having ability to create stateless ACLs on Logical Router should
be able to help implementing such usecase without a need of spawning
Linux-based routers on VMs with VRRP to achieve this.


[1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2112297

Title:
  [RFE] Support Policy Based Routing for LRs in Neutron OVN driver

Status in neutron:
  New

Bug description:
  Logical Router Policies were added to OVN in 2.12.0 [1][2] release
  (which was in 2019). This functionality extends Logical Router Static
  Routes, by allowing to apply ACLs to re-route the traffic based on
  matched rules, as well as mark traffic for further use.

  As a usecase here could be  implementation of corporate traffic inside
  of the cloud, where a router has multiple external gateways: one on
  regular public network, another one within RFC 1918 network which is
  generally available within premise by all employees.

  So most applications should be working only within this corporate
  network and do not have access to a public one, except specific hosts
  which are assigned floating IPs from the public network or serving as
  a squid reverse proxy servers.

  Thus, having ability to create stateless ACLs on Logical Router should
  be able to help implementing such usecase without a need of spawning
  Linux-based routers on VMs with VRRP to achieve this.

  
  [1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624
  [2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2112297/+subscriptions