Public bug reported: Logical Router Policies were added to OVN in 2.12.0 [1][2] release (which was in 2019). This functionality extends Logical Router Static Routes, by allowing to apply ACLs to re-route the traffic based on matched rules, as well as mark traffic for further use.
As a usecase here could be implementation of corporate traffic inside of the cloud, where a router has multiple external gateways: one on regular public network, another one within RFC 1918 network which is generally available within premise by all employees. So most applications should be working only within this corporate network and do not have access to a public one, except specific hosts which are assigned floating IPs from the public network or serving as a squid reverse proxy servers. Thus, having ability to create stateless ACLs on Logical Router should be able to help implementing such usecase without a need of spawning Linux-based routers on VMs with VRRP to achieve this. [1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2112297 Title: [RFE] Support Policy Based Routing for LRs in Neutron OVN driver Status in neutron: New Bug description: Logical Router Policies were added to OVN in 2.12.0 [1][2] release (which was in 2019). This functionality extends Logical Router Static Routes, by allowing to apply ACLs to re-route the traffic based on matched rules, as well as mark traffic for further use. As a usecase here could be implementation of corporate traffic inside of the cloud, where a router has multiple external gateways: one on regular public network, another one within RFC 1918 network which is generally available within premise by all employees. So most applications should be working only within this corporate network and do not have access to a public one, except specific hosts which are assigned floating IPs from the public network or serving as a squid reverse proxy servers. Thus, having ability to create stateless ACLs on Logical Router should be able to help implementing such usecase without a need of spawning Linux-based routers on VMs with VRRP to achieve this. [1] https://github.com/ovn-org/ovn/blob/1850925e95b2395eb13706168b633ecad01dd0b1/NEWS#L624 [2] https://mail.openvswitch.org/pipermail/ovs-dev/2019-April/357834.html To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2112297/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
