1. Proposed title of this feature request
Support of routed ingress for secondary OVN Kubernetes networks

2. What is the nature and description of the request?
OVN Kubernetes secondary network overlay should add a support for a new ingress method. While RFE-4938 already asks for a NAT'ed approach, this new RFE is interested in routed ingress.

PoCs of this approach exist online:

• Implementation using a FRR router pod https://josecastillolema.github.io/icni2/
• Implementation using OVN https://developers.redhat.com/blog/2018/11/08/how-to-create-an-open-virtual-network-distributed-gateway-router#

We already have FRR controller available in MetalLB CNF-10216 https://github.com/metallb/frr-k8s, that may handle the route advertisement part of the implementation. The changes on OVN Kubernetes should be similar to those done for NAT'ed approach, possibly just being a new "mode" of ingress.

3. Why does the customer need this? (List the business requirements here)

• A customer requires that their virtual machines on OpenShift are directly routable from inside and outside of the cluster. A virtual machine should get an IP address so that clients running in OpenShift pods and clients running outside of OpenShift can open a connection to the VM.
• It is required that we use no NAT to achieve this. The IP address the VM has must be the IP that is used to communicate with it, both for inbound and outbound communication patterns.
• It would be nice if we could use NetworkPolicies to filter the VM traffic.
• So far, the customer has been connecting the VMs to a custom VLAN via bridge to achieve the direct routing goal. The customer doesn't like this approach since it's difficult to automate the management of VLAN configurations on the cluster nodes and physical switches …
• It is known that the VMware NSX Edge router provides such functionality.

4. List any affected packages or components.
OVN Kubernetes, MetalLB FRR controller