Routing Policies MVP
Routing Policies MVP adds explicit traffic intent objects at tenant and network scope.
Policy types
Direct: default path, no gateway chain.ViaGateway: ordered path (gatewayPath) for target CIDR/service traffic.
Example:
json
{
"name": "corp-egress",
"type": "via_gateway",
"destinationCidr": "10.0.0.0/24",
"gatewayPath": ["g1", "g2", "g3"]
}
API
GET /api/v1/networks/:id/routing-policiesPOST /api/v1/networks/:id/routing-policiesGET /api/v1/routing-policies/:idPUT /api/v1/routing-policies/:idDELETE /api/v1/routing-policies/:id
Validation
- gateway IDs must exist,
- gateway nodes must have Gateway role in the same network,
- ordered path is required for
via_gateway, - maximum hops controlled by
ROUTING_POLICY_MAX_HOPS(default3).
Dataplane status
- P3 introduced
routingIntent[]desired-state export in generated WireGuard payloads. - P4 adds gateway-daemon dataplane enforcement (Linux policy routing + iptables fwmark) behind
ROUTING_ENFORCEMENT_ENABLED. - Current
via_gatewayenforcement is single-hop practical enforcement; complex multi-hop remains limited.