Thank you so much for your helpful answer, Slawek.

Could we modify the rules or even not so much code to redirect the traffic of the same L2 network to a centralized node?

Best regards,

Andy Zhou

On Wed, Oct 1, 2025 at 12:08 AM Sławek Kapłoński <skaplons@redhat.com> wrote:

Hi,

Dnia wtorek, 30 września 2025 01:35:38 czas środkowoeuropejski letni Andy Zhou pisze:
> Hello Everyone,
>
> Any advice about configure of Openstack or OVN/OVS, to implement a
> centralized gateway of all the flows of VMs for flow audit?
> Since the default type is distributed mode for the East-West flow, I want
> to know if we can change to a centralized one?
>
> Thank you!
> Best regards,
> Andy Zhou
>

In ML2/OVN east-west traffic is always distributed. In ML2/OVS you can use centralized routers so that all traffic going through the router will be centralized but even then your traffic in the same L2 network e.g. between VMs will not go through that node but directly between compute nodes.
Maybe Tap-as-a-service [1] is something what you should look at.

[1] https://github.com/openstack/tap-as-a-service

--
Slawek Kaplonski
Principal Software Engineer
Red Hat