Nanami DocsGuide
Search docsFilter pages by title

Routing Policies MVP

Routing Policies MVP adds explicit traffic intent objects at tenant and network scope.

Policy types

  • Direct: default path, no gateway chain.
  • ViaGateway: ordered path (gatewayPath) for target CIDR/service traffic.

Example:

json
{
  "name": "corp-egress",
  "type": "via_gateway",
  "destinationCidr": "10.0.0.0/24",
  "gatewayPath": ["g1", "g2", "g3"]
}

API

  • GET /api/v1/networks/:id/routing-policies
  • POST /api/v1/networks/:id/routing-policies
  • GET /api/v1/routing-policies/:id
  • PUT /api/v1/routing-policies/:id
  • DELETE /api/v1/routing-policies/:id

Validation

  • gateway IDs must exist,
  • gateway nodes must have Gateway role in the same network,
  • ordered path is required for via_gateway,
  • maximum hops controlled by ROUTING_POLICY_MAX_HOPS (default 3).

Dataplane status

  • P3 introduced routingIntent[] desired-state export in generated WireGuard payloads.
  • P4 adds gateway-daemon dataplane enforcement (Linux policy routing + iptables fwmark) behind ROUTING_ENFORCEMENT_ENABLED.
  • Current via_gateway enforcement is single-hop practical enforcement; complex multi-hop remains limited.
Edit this page