[DownstreamMerge] 07 jul 23

contrib/kind.sh

@@ -853,7 +853,8 @@ create_ovn_kube_manifests() {
     --multi-network-enable="${ENABLE_MULTI_NET}" \
     --ovnkube-metrics-scale-enable="${OVN_METRICS_SCALE_ENABLE}" \
     --compact-mode="${OVN_COMPACT_MODE}" \
-    --enable-interconnect="${OVN_ENABLE_INTERCONNECT}"
+    --enable-interconnect="${OVN_ENABLE_INTERCONNECT}" \
+    --enable-multi-external-gateway=true
   popd
 }
 

dist/images/daemonset.sh

@@ -300,6 +300,9 @@ while [ "$1" != "" ]; do
   --enable-interconnect)
     OVN_ENABLE_INTERCONNECT=$VALUE
     ;;
+  --enable-multi-external-gateway)
+    OVN_ENABLE_MULTI_EXTERNAL_GATEWAY=$VALUE
+    ;;
   *)
     echo "WARNING: unknown parameter \"$PARAM\""
     exit 1
@@ -456,6 +459,8 @@ ovnkube_compact_mode_enable=${COMPACT_MODE:-"false"}
 echo "ovnkube_compact_mode_enable: ${ovnkube_compact_mode_enable}"
 ovn_enable_interconnect=${OVN_ENABLE_INTERCONNECT}
 echo "ovn_enable_interconnect: ${ovn_enable_interconnect}"
+ovn_enable_multi_external_gateway=${OVN_ENABLE_MULTI_EXTERNAL_GATEWAY}
+echo "ovn_enable_multi_external_gateway: ${ovn_enable_multi_external_gateway}"
 
 ovn_image=${ovnkube_image} \
   ovnkube_compact_mode_enable=${ovnkube_compact_mode_enable} \
@@ -498,6 +503,7 @@ ovn_image=${ovnkube_image} \
   ovn_disable_ovn_iface_id_ver=${ovn_disable_ovn_iface_id_ver} \
   ovnkube_node_mgmt_port_netdev=${ovnkube_node_mgmt_port_netdev} \
   ovn_enable_interconnect=${ovn_enable_interconnect} \
+  ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   ovnkube_app_name=ovnkube-node \
   j2 ../templates/ovnkube-node.yaml.j2 -o ${output_dir}/ovnkube-node.yaml
 
@@ -572,6 +578,7 @@ ovn_image=${ovnkube_image} \
   ovn_stateless_netpol_enable=${ovn_netpol_acl_enable} \
   ovnkube_compact_mode_enable=${ovnkube_compact_mode_enable} \
   ovn_unprivileged_mode=${ovn_unprivileged_mode} \
+  ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   j2 ../templates/ovnkube-master.yaml.j2 -o ${output_dir}/ovnkube-master.yaml
 
 ovn_image=${ovnkube_image} \
@@ -603,6 +610,7 @@ ovn_image=${ovnkube_image} \
   ovn_gateway_mode=${ovn_gateway_mode} \
   ovn_ex_gw_networking_interface=${ovn_ex_gw_networking_interface} \
   ovn_enable_interconnect=${ovn_enable_interconnect} \
+  ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   j2 ../templates/ovnkube-control-plane.yaml.j2 -o ${output_dir}/ovnkube-control-plane.yaml
 
 ovn_image=${image} \
@@ -683,6 +691,7 @@ ovn_image=${ovnkube_image} \
   ovn_empty_lb_events=${ovn_empty_lb_events} \
   ovn_loglevel_nb=${ovn_loglevel_nb} ovn_loglevel_sb=${ovn_loglevel_sb} \
   ovn_enable_interconnect=${ovn_enable_interconnect} \
+  ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   j2 ../templates/ovnkube-single-node-zone.yaml.j2 -o ${output_dir}/ovnkube-single-node-zone.yaml
 
 ovn_image=${ovnkube_image} \
@@ -734,6 +743,7 @@ ovn_image=${ovnkube_image} \
   ovn_empty_lb_events=${ovn_empty_lb_events} \
   ovn_loglevel_nb=${ovn_loglevel_nb} ovn_loglevel_sb=${ovn_loglevel_sb} \
   ovn_enable_interconnect=${ovn_enable_interconnect} \
+  ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   j2 ../templates/ovnkube-zone-controller.yaml.j2 -o ${output_dir}/ovnkube-zone-controller.yaml
 
 ovn_image=${image} \

dist/images/ovnkube.sh

@@ -84,6 +84,7 @@ fi
 # OVN_ENCAP_IP - encap IP to be used for OVN traffic on the node. mandatory in case ovnkube-node-mode=="dpu"
 # OVN_HOST_NETWORK_NAMESPACE - namespace to classify host network traffic for applying network policies
 # OVN_DISABLE_FORWARDING - disable forwarding on OVNK controlled interfaces
+# OVN_ENABLE_MULTI_EXTERNAL_GATEWAY - enable multi external gateway for ovn-kubernetes
 
 # The argument to the command is the operation to be performed
 # ovn-master ovn-controller ovn-node display display_env ovn_debug
@@ -239,6 +240,8 @@ ovn_ipfix_cache_active_timeout=${OVN_IPFIX_CACHE_ACTIVE_TIMEOUT:-} \
 ovn_stateless_netpol_enable=${OVN_STATELESS_NETPOL_ENABLE:-false}
 #OVN_ENABLE_INTERCONNECT - enable interconnect with multiple zones
 ovn_enable_interconnect=${OVN_ENABLE_INTERCONNECT:-false}
+#OVN_ENABLE_MULTI_EXTERNAL_GATEWAY - enable multi external gateway
+ovn_enable_multi_external_gateway=${OVN_ENABLE_MULTI_EXTERNAL_GATEWAY:-false}
 
 # OVNKUBE_NODE_MODE - is the mode which ovnkube node operates
 ovnkube_node_mode=${OVNKUBE_NODE_MODE:-"full"}
@@ -1125,6 +1128,12 @@ ovn-master() {
   fi
   echo "ovn_stateless_netpol_enable_flag: ${ovn_stateless_netpol_enable_flag}"
 
+  ovnkube_enable_multi_external_gateway_flag=
+  if [[ ${ovn_enable_multi_external_gateway} == "true" ]]; then
+	  ovnkube_enable_multi_external_gateway_flag="--enable-multi-external-gateway"
+  fi
+  echo "ovnkube_enable_multi_external_gateway_flag=${ovnkube_enable_multi_external_gateway_flag}"
+
   init_node_flags=
   if [[ ${ovnkube_compact_mode_enable} == "true" ]]; then
     init_node_flags="--init-node ${K8S_NODE} --nodeport"
@@ -1165,6 +1174,7 @@ ovn-master() {
     ${ovnkube_metrics_scale_enable_flag} \
     ${multi_network_enabled_flag} \
     ${ovn_stateless_netpol_enable_flag} \
+    ${ovnkube_enable_multi_external_gateway_flag} \
     --metrics-bind-address ${ovnkube_master_metrics_bind_address} \
     --host-network-namespace ${ovn_host_network_namespace} &
 
@@ -1332,6 +1342,12 @@ ovnkube-controller() {
   fi
   echo "ovnkube_enable_interconnect_flag: ${ovnkube_enable_interconnect_flag}"
 
+  ovnkube_enable_multi_external_gateway_flag=
+  if [[ ${ovn_enable_multi_external_gateway} == "true" ]]; then
+	  ovnkube_enable_multi_external_gateway_flag="--enable-multi-external-gateway"
+  fi
+  echo "ovnkube_enable_multi_external_gateway_flag=${ovnkube_enable_multi_external_gateway_flag}"
+
   echo "=============== ovnkube-controller ========== MASTER ONLY"
   /usr/bin/ovnkube \
     --init-ovnkube-controller ${K8S_NODE} \
@@ -1361,6 +1377,7 @@ ovnkube-controller() {
     ${ovnkube_config_duration_enable_flag} \
     ${multi_network_enabled_flag} \
     ${ovnkube_enable_interconnect_flag} \
+    ${ovnkube_enable_multi_external_gateway_flag} \
     --zone ${ovn_zone} \
     --metrics-bind-address ${ovnkube_master_metrics_bind_address} \
     --host-network-namespace ${ovn_host_network_namespace} &
@@ -1445,6 +1462,12 @@ ovn-cluster-manager() {
   fi
   echo "ovnkube_enable_interconnect_flag: ${ovnkube_enable_interconnect_flag}"
 
+  ovnkube_enable_multi_external_gateway_flag=
+  if [[ ${ovn_enable_multi_external_gateway} == "true" ]]; then
+	  ovnkube_enable_multi_external_gateway_flag="--enable-multi-external-gateway"
+  fi
+  echo "ovnkube_enable_multi_external_gateway_flag=${ovnkube_enable_multi_external_gateway_flag}"
+
   echo "=============== ovn-cluster-manager ========== MASTER ONLY"
   /usr/bin/ovnkube \
     --init-cluster-manager ${K8S_NODE} \
@@ -1465,6 +1488,7 @@ ovn-cluster-manager() {
     ${multi_network_enabled_flag} \
     ${egressservice_enabled_flag} \
     ${ovnkube_enable_interconnect_flag} \
+    ${ovnkube_enable_multi_external_gateway_flag} \
     --metrics-bind-address ${ovnkube_cluster_manager_metrics_bind_address} \
     --host-network-namespace ${ovn_host_network_namespace} &
 
@@ -1726,6 +1750,12 @@ ovn-node() {
   ovn_zone=$(get_node_zone)
   echo "ovnkube-node's configured zone is ${ovn_zone}"
 
+  ovnkube_enable_multi_external_gateway_flag=
+  if [[ ${ovn_enable_multi_external_gateway} == "true" ]]; then
+	  ovnkube_enable_multi_external_gateway_flag="--enable-multi-external-gateway"
+  fi
+  echo "ovnkube_enable_multi_external_gateway_flag=${ovnkube_enable_multi_external_gateway_flag}"
+
   if [[ $ovn_nbdb != "local" ]]; then
       ovn_dbs="--nb-address=${ovn_nbdb}"
   fi
@@ -1776,6 +1806,7 @@ ovn-node() {
     --metrics-bind-address ${ovnkube_node_metrics_bind_address} \
      ${ovnkube_node_mode_flag} \
     ${egress_interface} \
+    ${ovnkube_enable_multi_external_gateway_flag} \
     ${ovnkube_enable_interconnect_flag} \
     --zone ${ovn_zone} \
     --host-network-namespace ${ovn_host_network_namespace} \

dist/templates/ovnkube-control-plane.yaml.j2

@@ -160,6 +160,8 @@ spec:
               key: host_network_namespace
         - name: OVN_ENABLE_INTERCONNECT
           value: "{{ ovn_enable_interconnect }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
       # end of container
 
       volumes:

dist/templates/ovnkube-master.yaml.j2

@@ -279,6 +279,8 @@ spec:
           value: "{{ ovn_acl_logging_rate_limit }}"
         - name: OVN_STATELESS_NETPOL_ENABLE
           value: "{{ ovn_stateless_netpol_enable }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
         - name: OVN_HOST_NETWORK_NAMESPACE
           valueFrom:
             configMapKeyRef:

dist/templates/ovnkube-node.yaml.j2

@@ -219,6 +219,8 @@ spec:
           value: "{{ ovn_multi_network_enable }}"
         - name: OVN_ENABLE_INTERCONNECT
           value: "{{ ovn_enable_interconnect }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
         {% endif -%}
         {% if ovnkube_app_name=="ovnkube-node-dpu-host" -%}
         - name: OVNKUBE_NODE_MODE

dist/templates/ovnkube-single-node-zone.yaml.j2

@@ -340,6 +340,8 @@ spec:
           value: "{{ ovn_acl_logging_rate_limit }}"
         - name: OVN_ENABLE_INTERCONNECT
           value: "{{ ovn_enable_interconnect }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
         - name: OVN_HOST_NETWORK_NAMESPACE
           valueFrom:
             configMapKeyRef:
@@ -524,6 +526,8 @@ spec:
           value: "local"
         - name: OVN_ENABLE_INTERCONNECT
           value: "{{ ovn_enable_interconnect }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
 
         readinessProbe:
           exec:

dist/templates/ovnkube-zone-controller.yaml.j2

@@ -356,6 +356,8 @@ spec:
           value: "{{ ovn_acl_logging_rate_limit }}"
         - name: OVN_ENABLE_INTERCONNECT
           value: "{{ ovn_enable_interconnect }}"
+        - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
+          value: "{{ ovn_enable_multi_external_gateway }}"
         - name: OVN_HOST_NETWORK_NAMESPACE
           valueFrom:
             configMapKeyRef:

docs/INSTALL.OPENSHIFT.md

@@ -2,7 +2,7 @@
 
 This section describes how an OVN overlay network is setup on Openshift 3.10 and later.
 It explains the various components and how they come together to establish the OVN overlay network.
-People that are interested in understatnding how the ovn cni plugin is installed will find this useful.
+People that are interested in understanding how the ovn cni plugin is installed will find this useful.
 
 As of OCP-3.10, the Openshift overlay network is managed using daemonsets. The ovs/ovn components are
 built into a Docker image that has all of the needed packages. Daemonsets are deployed on the nodes
@@ -22,7 +22,7 @@ nodes to specify where the daemonsets run.
 
 Both daemonsets use the same docker image. Configuration is passed from the daemonset to the
 image using environment variables and mounting directories from the host. The environment
-variables at set from a configmap that is created during installation. The image includes
+variables are set from a configmap that is created during installation. The image includes
 an control script that is the entrypoint for the container, ovnkube and the openvswitch and
 ovn rpms.
 
@@ -133,7 +133,7 @@ copies files into them.  In particular it copies in the entrypoint script, ovnku
 # docker tag ovn-kube netdev22:5000/ovn-kube:latest
 # docker push netdev22:5000/ovn-kube:latest
 ```
-The image is taged and pushed to a docker repository. This example uses the
+The image is tagged and pushed to a docker repository. This example uses the
 local development docker repo, netdev22:5000
 
 NOTE: At present go_controller is built and the resultant files are copied
@@ -146,6 +146,7 @@ from openvswitch-ovn-kubernetes rpm.
 There are three sources of configuration information in the daemonsets:
 
 1. /etc/origin/node/ files
+
 These files are installed by the Openshift install and are in the node daemonset
 which mounts them on the host. The ovn deamonsets mount them in the pod.
 

go-controller/go.mod

@@ -114,5 +114,4 @@ require (
 replace (
 	github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.8.20
 	github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
-	github.com/vishvananda/netlink => github.com/jcaamano/netlink v1.1.1-0.20220831114501-3a761ed61db6
 )

go-controller/go.sum

@@ -461,8 +461,6 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/j-keck/arping v1.0.2 h1:hlLhuXgQkzIJTZuhMigvG/CuSkaspeaD9hRDk2zuiMI=
 github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
-github.com/jcaamano/netlink v1.1.1-0.20220831114501-3a761ed61db6 h1:YZME7iAeCpRSGCd0TROrXuo4Tm/T/J15/42PVSaItkI=
-github.com/jcaamano/netlink v1.1.1-0.20220831114501-3a761ed61db6/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -744,7 +742,13 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.2.0 h1:JTTnM6wKzdA0Jqodd966MVj4vWbbquZykeX1sKbe2C4=
 github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
+github.com/vishvananda/netlink v1.2.1-beta.2.0.20230420174744-55c8b9515a01 h1:F9xjJm4IH8VjcqG4ujciOF+GIM4mjPkHhWLLzOghPtM=
+github.com/vishvananda/netlink v1.2.1-beta.2.0.20230420174744-55c8b9515a01/go.mod h1:cAAsePK2e15YDAMJNyOpGYEWNe4sIghTY7gpz4cX/Ik=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
@@ -929,6 +933,7 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -995,6 +1000,7 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=

go-controller/pkg/config/config.go

@@ -359,6 +359,7 @@ type OVNKubernetesFeatureConfig struct {
 	EnableMultiNetworkPolicy        bool `gcfg:"enable-multi-networkpolicy"`
 	EnableStatelessNetPol           bool `gcfg:"enable-stateless-netpol"`
 	EnableInterconnect              bool `gcfg:"enable-interconnect"`
+	EnableMultiExternalGateway      bool `gcfg:"enable-multi-external-gateway"`
 }
 
 // GatewayMode holds the node gateway mode
@@ -971,6 +972,12 @@ var OVNK8sFeatureFlags = []cli.Flag{
 		Destination: &cliConfig.OVNKubernetesFeature.EnableEgressService,
 		Value:       OVNKubernetesFeature.EnableEgressService,
 	},
+	&cli.BoolFlag{
+		Name:        "enable-multi-external-gateway",
+		Usage:       "Configure to use AdminPolicyBasedExternalRoute CRD feature with ovn-kubernetes.",
+		Destination: &cliConfig.OVNKubernetesFeature.EnableMultiExternalGateway,
+		Value:       OVNKubernetesFeature.EnableMultiExternalGateway,
+	},
 }
 
 // K8sFlags capture Kubernetes-related options

go-controller/pkg/config/config_test.go

@@ -219,6 +219,7 @@ egressip-node-healthcheck-port=1234
 enable-multi-network=false
 enable-multi-networkpolicy=false
 enable-interconnect=false
+enable-multi-external-gateway=false
 `
 
 	var newData string
@@ -317,6 +318,7 @@ var _ = Describe("Config Operations", func() {
 			gomega.Expect(OVNKubernetesFeature.EnableMultiNetwork).To(gomega.BeFalse())
 			gomega.Expect(OVNKubernetesFeature.EnableMultiNetworkPolicy).To(gomega.BeFalse())
 			gomega.Expect(OVNKubernetesFeature.EnableInterconnect).To(gomega.BeFalse())
+			gomega.Expect(OVNKubernetesFeature.EnableMultiExternalGateway).To(gomega.BeFalse())
 
 			for _, a := range []OvnAuthConfig{OvnNorth, OvnSouth} {
 				gomega.Expect(a.Scheme).To(gomega.Equal(OvnDBSchemeUnix))
@@ -555,6 +557,7 @@ var _ = Describe("Config Operations", func() {
 			"enable-multi-network=true",
 			"enable-multi-networkpolicy=true",
 			"enable-interconnect=true",
+			"enable-multi-external-gateway=true",
 			"zone=foo",
 		)
 		gomega.Expect(err).NotTo(gomega.HaveOccurred())
@@ -634,6 +637,7 @@ var _ = Describe("Config Operations", func() {
 			gomega.Expect(OVNKubernetesFeature.EgressIPNodeHealthCheckPort).To(gomega.Equal(1234))
 			gomega.Expect(OVNKubernetesFeature.EnableMultiNetwork).To(gomega.BeTrue())
 			gomega.Expect(OVNKubernetesFeature.EnableInterconnect).To(gomega.BeTrue())
+			gomega.Expect(OVNKubernetesFeature.EnableMultiExternalGateway).To(gomega.BeTrue())
 			gomega.Expect(HybridOverlay.ClusterSubnets).To(gomega.Equal([]CIDRNetworkEntry{
 				{ovntest.MustParseIPNet("11.132.0.0/14"), 23},
 			}))
@@ -724,6 +728,7 @@ var _ = Describe("Config Operations", func() {
 			gomega.Expect(OVNKubernetesFeature.EnableMultiNetwork).To(gomega.BeTrue())
 			gomega.Expect(OVNKubernetesFeature.EnableMultiNetworkPolicy).To(gomega.BeTrue())
 			gomega.Expect(OVNKubernetesFeature.EnableInterconnect).To(gomega.BeTrue())
+			gomega.Expect(OVNKubernetesFeature.EnableMultiExternalGateway).To(gomega.BeTrue())
 			gomega.Expect(HybridOverlay.ClusterSubnets).To(gomega.Equal([]CIDRNetworkEntry{
 				{ovntest.MustParseIPNet("11.132.0.0/14"), 23},
 			}))
@@ -786,6 +791,7 @@ var _ = Describe("Config Operations", func() {
 			"-enable-multi-network=true",
 			"-enable-multi-networkpolicy=true",
 			"-enable-interconnect=true",
+			"-enable-multi-external-gateway=true",
 			"-healthz-bind-address=0.0.0.0:4321",
 			"-zone=bar",
 		}

go-controller/pkg/node/default_node_network_controller.go

@@ -936,11 +936,13 @@ func (nc *DefaultNodeNetworkController) Start(ctx context.Context) error {
 			c.Run(1)
 		}()
 	}
-	nc.wg.Add(1)
-	go func() {
-		defer nc.wg.Done()
-		nc.apbExternalRouteNodeController.Run(1)
-	}()
+	if config.OVNKubernetesFeature.EnableMultiExternalGateway {
+		nc.wg.Add(1)
+		go func() {
+			defer nc.wg.Done()
+			nc.apbExternalRouteNodeController.Run(1)
+		}()
+	}
 
 	nc.wg.Add(1)
 	go func() {