Use case
==========
In real data center, it may contains several external gateways to access external network. The VM instances can access all of them in L3 layer. Each gateway may from different network service providers, and different network performance(such as stability, bandwidth, speed). Cloud users may want to make the VMs in the specified subnet of network to routing the traffic which from some specified source IP/CIDR to the site which own the best connection line. But the other VMs'traffic which locate on other subnets in the same network pass through the original gateway as default. So we need to route the specified traffic to other gateway.
Also another use case, if cloud user A launched 2 VMs in different subnets, One VM X is used by the customers, and the other VM Y is used for accessing the private env which deployed by cloud user A and contains some security process(private FW, etc..), so there is a requirement that cloud user A need some traffic from VM X(maybe the traffic from VMX which want to access the internet) to pass through the cloud user A's private env to access the internet firstly. Also, this private env can not expose to the customer of user A, user A dont allow that the route table in VM inject the specified routing rules.
So we need another way to process this traffic, like PBR on router. The traffic from each subnets which attached on this router, may need a individual route table for each subnet now.
requests/propose
===========
For openstack, neutron. we need neutron to provide the ability to control the tenant network traffic based on subnet. That means we need the ability of forward this kind traffic based on source IP/CIDR. It may be called "routing traffic based on subnet". Each subnet may has individual route table, each subnet may have mutil different nexthops for supporting more flexible routing.For a subnet, the different traffic of VMs in this subnet may routing to different nexthop.
Whenever I see the word policy I fear that the topic can be turned into a huge discussion and we could easily go and attempt to boil the ocean.
To this aim, we should try and shed some clarity on the problem scope:
* What do you mean by "Policy"
* How do you intend to alter existing routing rules
* What the impact is for IPv6, and distributed routing
* Whether you intend to expose this functionality in a plugin agnostic fashion.
At the same time, I wonder if this could potentially be solved with L3 flavors, where each one implements its own specific routing policy and then the tenant connects the subnet of choice to the flavor of choice in order to comply with a specific policy. Does that sound crazy?