There’s a significant change coming up in OpenShift which will have an impact on Submariner: User-Defined Networks. This is an OpenShift/OVN-K-specific implementation of micro-segmentation, applying the per-tenant networking model of OpenStack to OpenShift.

A major consequence of this for Submariner is that pods aren’t necessarily connected to all other pods; this might not be a problem for users (in fact, it’s desired), but it probably breaks Submariner’s gateway model. I’m not sure what the right solution is for this (perhaps one gateway per UDN?)

UDNs require changes in Submariner but they could be a net benefit for Submariner, especially regarding its security story: since they provide isolation without requiring network policies, if they can be extended through Submariner they might provide a good multi-cluster security story.

UDN enhancement proposal: https://github.com/openshift/enhancements/blob/master/enhancements/network/user-defined-network-segmentation.md

Technical Enablement: https://docs.google.com/presentation/d/1Hx1Fzm1F9EkmqrmTjbMHPBAuIls-2-oK1IVrzFnW3L4/edit#slide=id.g2b0413958dc_0_5426