yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #95950
[Bug 2112297] [NEW] [RFE] Support Policy Based Routing for LRs in Neutron OVN driver
Public bug reported:
Logical Router Policies were added to OVN in 2.12.0 [1][2] release
(which was in 2019). This functionality extends Logical Router Static
Routes, by allowing to apply ACLs to re-route the traffic based on
matched rules, as well as mark traffic for further use.
As a usecase here could be implementation of corporate traffic inside
of the cloud, where a router has multiple external gateways: one on
regular public network, another one within RFC 1918 network which is
generally available within premise by all employees.
So most applications should be working only within this corporate
network and do not have access to a public one, except specific hosts
which are assigned floating IPs from the public network or serving as a
squid reverse proxy servers.
Thus, having ability to create stateless ACLs on Logical Router should
be able to help implementing such usecase without a need of spawning
Linux-based routers on VMs with VRRP to achieve this.
[1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2112297
Title:
[RFE] Support Policy Based Routing for LRs in Neutron OVN driver
Status in neutron:
New
Bug description:
Logical Router Policies were added to OVN in 2.12.0 [1][2] release
(which was in 2019). This functionality extends Logical Router Static
Routes, by allowing to apply ACLs to re-route the traffic based on
matched rules, as well as mark traffic for further use.
As a usecase here could be implementation of corporate traffic inside
of the cloud, where a router has multiple external gateways: one on
regular public network, another one within RFC 1918 network which is
generally available within premise by all employees.
So most applications should be working only within this corporate
network and do not have access to a public one, except specific hosts
which are assigned floating IPs from the public network or serving as
a squid reverse proxy servers.
Thus, having ability to create stateless ACLs on Logical Router should
be able to help implementing such usecase without a need of spawning
Linux-based routers on VMs with VRRP to achieve this.
[1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624
[2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2112297/+subscriptions