Users need a way to install their OCP cluters directly onto provider networks in both IPI and UPI. In this use case, the provider network will serve as the primary network device for openstack nodes. We need to define what we already support, then work to clear as many hurdles to deploying this as possible. We should target the use cases for IPI first since a lot of the known issues affect both IPI and UPI. Once they are supported in IPI, support in UPI can be added easily with nothing more than documentation.

The requirements are as follows:

• OSP nodes' primary NIC on L2 provider networks
• IPI support
• UPI support
• Pod permissions remain the same as a typical installation
• DHCP or IPAM services for VM IP addresses
  • ML2/OVS  DHCP/metadata services
  • OVN  distributed DHCP/metadata services
• static VM MAC/IP with config-drive
• security groups for provider networks
• QE builds CI to verify

The following User stories apply:

• L2 networking with provider network VLANs to pods is the main usecase;
• use single pair of physical NICs on node with one or more VLANs as OCP primary and secondary interfaces (optional)
• pod to pod (East-West) connectivity with OCP SDN services (overlays) using OVN-k8s or openshift-sdn
• OCP provides Ingress routing and LB services
• OCP provides network policy

Stretch userstory

• Spine-Leaf Enterprise and DCN Edge
• OVN with Routed Provider Networks with Neutron AZs 
  • ML2/OVS site local DHCP/metadata services
  • ML2/OVS distributed DHCP/metadata services

Known Issues:

• IPI and UPI installer relies on the Nova Metadata service to set the hostname for nodes
• IPI installer requires permission to create ports with fixed IPs
• IPI installer requires permission to tag the network

Usage:
IPI: Should be implementable using the BYO networks and FIPless feature workflows in the IPI installer.