[ovirt-users] New oVirt setup with OVN : Hypervisor with LACP bond : queries

Hello team, Thank you for all the wonderful work you've been doing. I'm starting out new with oVirt and OVN. So please excuse me if the questions are too naive. We intend to do a POC to check if we can migrate VMs off our current VMware to oVirt. The intention is to migrate the VMs with the same IP into oVirt. We've setup oVirt with three hypervisors. All of them have four ethernet adapters. We have SDN implemented in our network and LACP bonds are created at the switch level. So we've created two bonds, bond0 and bond1 in each hypervisor. bond0 has the logical networks with vlan tagging created like bond0.101, bond0.102 etc. As a part of the POC we also want to explore OVN as well to check if we can implement a zero trust security policy. Here are the questions now :) 1. We would like to migrate VMs with the current IP into oVirt. Is it possible to achieve this? I've been reading notes and pages that mention about extending the physical network into OVN. But it's a bit confusing on how to implement it. How do we connect OVN to the physical network? Does the fact that we have a SDN make it easier to get this done? I am still reading the ovn-architecture page. It is mentioned that the gateway is the component that extends a tunnel-based logical network into a physical network. 2. We have the IP for the hypervisor assigned on a logical network(ovirtmgmt) in bond0. I read in https://lists.ovirt.org/archives/list/users@ovirt.org/thread/CIE6MZ47GRCE... that oVirt does not care about how the IP is configured when creating the tunnels. 3. Once we have OVN setup, ovn logical networks created and VMs created/migrated, how do we establish the zero trust policy? From what I've read there are ACLs and security groups. Any pointers on where to explore more about implementing it. If you've read till here, thank you for your patience. Regards, ravi