Hi,

We have been deploying OpenStack for quite some time, using
Kolla-Ansible, and typically choose DVR and OVS with Amphorae deployed
by Octavia for load balancing.

With the issues that DVR has with Octavia's Amphorae and Virtual IPs,
with essentially non-functional automated fail-over, we have always
wanted to move to OVN since it appears to be the popular approach now.

I have also read that OVN appears to work properly with
allowed-address-pairs correctly, whereas with DVR, OVS does not, and
thus some of the issues with Amphorae Virtual IPs.

However, OVN, from what I understand, has issues with, or doesn't
support, VPNaaS, which we use extensively.  Plus, it only supports Layer
4 load balancing, whereas with Amphorae, we get Layer 7 load balancing -
also used extensively.  I'm not sure, though - maybe OVN with Octavia
still supports Amphorae if we need Layer 7 load balancing?

Am I wrong regarding any of the comments above?  What is the best
back-end networking architecture that provides scalability (so, not
VLANs), Layer 7 load balancing with Octavia, along with VPNaaS, in a
brand new install with the latest version of OpenStack?

Note that we used Midonet long long ago, and it seemed to have
everything we wanted, but shortly after purchasing it, Midokura
immediately decided to abandon support for OpenStack and went the
Kubernetes route.  Not sure if they still do this, but needless to say,
Midonet isn't a valid solution unfortunately.  Tungsten Fabric appears
like an alternate solution to Midonet, but that project is sunsetting in
2024, so that's dead too. :(

Thank you for any suggestions!

Eric