@@ -4308,6 +4308,8 @@ _oadm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4316,6 +4318,8 @@ _oadm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -4358,6 +4358,8 @@ _oc_adm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4366,6 +4368,8 @@ _oc_adm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -4308,6 +4308,8 @@ _openshift_admin_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4316,6 +4318,8 @@ _openshift_admin_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -8905,6 +8909,8 @@ _openshift_cli_adm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -8913,6 +8919,8 @@ _openshift_cli_adm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -4469,6 +4469,8 @@ _oadm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4477,6 +4479,8 @@ _oadm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -4519,6 +4519,8 @@ _oc_adm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4527,6 +4529,8 @@ _oc_adm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -4469,6 +4469,8 @@ _openshift_admin_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -4477,6 +4479,8 @@ _openshift_admin_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -9066,6 +9070,8 @@ _openshift_cli_adm_router()

     local_nonpersistent_flags+=("--external-host-https-vserver=")

     flags+=("--external-host-insecure")

     local_nonpersistent_flags+=("--external-host-insecure")

+    flags+=("--external-host-internal-ip=")

+    local_nonpersistent_flags+=("--external-host-internal-ip=")

     flags+=("--external-host-partition-path=")

     local_nonpersistent_flags+=("--external-host-partition-path=")

     flags+=("--external-host-password=")

@@ -9074,6 +9080,8 @@ _openshift_cli_adm_router()

     local_nonpersistent_flags+=("--external-host-private-key=")

     flags+=("--external-host-username=")

     local_nonpersistent_flags+=("--external-host-username=")

+    flags+=("--external-host-vxlan-gw=")

+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")

     flags+=("--force-subdomain=")

     local_nonpersistent_flags+=("--force-subdomain=")

     flags+=("--host-network")

@@ -60,6 +60,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

 .PP

+\fB\-\-external\-host\-internal\-ip\fP=""

+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

+

+.PP

 \fB\-\-external\-host\-partition\-path\fP=""

     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

@@ -76,6 +80,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

 .PP

+\fB\-\-external\-host\-vxlan\-gw\fP=""

+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

+

+.PP

 \fB\-\-force\-subdomain\fP=""

     A router path format to force on all routes used by this router (will ignore the route host value)

@@ -60,6 +60,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

 .PP

+\fB\-\-external\-host\-internal\-ip\fP=""

+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

+

+.PP

 \fB\-\-external\-host\-partition\-path\fP=""

     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

@@ -76,6 +80,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

 .PP

+\fB\-\-external\-host\-vxlan\-gw\fP=""

+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

+

+.PP

 \fB\-\-force\-subdomain\fP=""

     A router path format to force on all routes used by this router (will ignore the route host value)

@@ -60,6 +60,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

 .PP

+\fB\-\-external\-host\-internal\-ip\fP=""

+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

+

+.PP

 \fB\-\-external\-host\-partition\-path\fP=""

     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

@@ -76,6 +80,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

 .PP

+\fB\-\-external\-host\-vxlan\-gw\fP=""

+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

+

+.PP

 \fB\-\-force\-subdomain\fP=""

     A router path format to force on all routes used by this router (will ignore the route host value)

@@ -60,6 +60,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

 .PP

+\fB\-\-external\-host\-internal\-ip\fP=""

+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

+

+.PP

 \fB\-\-external\-host\-partition\-path\fP=""

     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

@@ -76,6 +80,10 @@ If a router does not exist with the given name, this command will create a deplo

     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

 .PP

+\fB\-\-external\-host\-vxlan\-gw\fP=""

+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

+

+.PP

 \fB\-\-force\-subdomain\fP=""

     A router path format to force on all routes used by this router (will ignore the route host value)

@@ -183,6 +183,14 @@ type RouterConfig struct {

 	// the external host.

 	ExternalHostPrivateKey string

+	// ExternalHostInternalIP specifies the IP address of the internal interface that is

+	// used by the external host to connect to the pod network

+	ExternalHostInternalIP string

+

+	// ExternalHostVxLANGateway specifies the gateway IP and mask (cidr) of the IP

+	// address to be used to connect to the pod network from the external host

+	ExternalHostVxLANGateway string

+

 	// ExternalHostInsecure specifies that the router should skip strict

 	// certificate verification when connecting to the external host.

 	ExternalHostInsecure bool

@@ -271,6 +279,8 @@ func NewCmdRouter(f *clientcmd.Factory, parentName, name string, out, errout io.

 	cmd.Flags().StringVar(&cfg.ExternalHostHttpVserver, "external-host-http-vserver", cfg.ExternalHostHttpVserver, "If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTP connections.")

 	cmd.Flags().StringVar(&cfg.ExternalHostHttpsVserver, "external-host-https-vserver", cfg.ExternalHostHttpsVserver, "If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTPS connections.")

 	cmd.Flags().StringVar(&cfg.ExternalHostPrivateKey, "external-host-private-key", cfg.ExternalHostPrivateKey, "If the underlying router implementation requires an SSH private key, this is the path to the private key file.")

+	cmd.Flags().StringVar(&cfg.ExternalHostInternalIP, "external-host-internal-ip", cfg.ExternalHostInternalIP, "If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.")

+	cmd.Flags().StringVar(&cfg.ExternalHostVxLANGateway, "external-host-vxlan-gw", cfg.ExternalHostVxLANGateway, "If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.")

 	cmd.Flags().BoolVar(&cfg.ExternalHostInsecure, "external-host-insecure", cfg.ExternalHostInsecure, "If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.")

 	cmd.Flags().StringVar(&cfg.ExternalHostPartitionPath, "external-host-partition-path", cfg.ExternalHostPartitionPath, "If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.")

@@ -631,22 +641,24 @@ func RunCmdRouter(f *clientcmd.Factory, cmd *cobra.Command, out, errout io.Write

 	}

 	env := app.Environment{

-		"ROUTER_SUBDOMAIN":                    cfg.Subdomain,

-		"ROUTER_SERVICE_NAME":                 name,

-		"ROUTER_SERVICE_NAMESPACE":            namespace,

-		"ROUTER_SERVICE_HTTP_PORT":            "80",

-		"ROUTER_SERVICE_HTTPS_PORT":           "443",

-		"ROUTER_EXTERNAL_HOST_HOSTNAME":       cfg.ExternalHost,

-		"ROUTER_EXTERNAL_HOST_USERNAME":       cfg.ExternalHostUsername,

-		"ROUTER_EXTERNAL_HOST_PASSWORD":       cfg.ExternalHostPassword,

-		"ROUTER_EXTERNAL_HOST_HTTP_VSERVER":   cfg.ExternalHostHttpVserver,

-		"ROUTER_EXTERNAL_HOST_HTTPS_VSERVER":  cfg.ExternalHostHttpsVserver,

-		"ROUTER_EXTERNAL_HOST_INSECURE":       strconv.FormatBool(cfg.ExternalHostInsecure),

-		"ROUTER_EXTERNAL_HOST_PARTITION_PATH": cfg.ExternalHostPartitionPath,

-		"ROUTER_EXTERNAL_HOST_PRIVKEY":        privkeyPath,

-		"STATS_PORT":                          strconv.Itoa(cfg.StatsPort),

-		"STATS_USERNAME":                      cfg.StatsUsername,

-		"STATS_PASSWORD":                      cfg.StatsPassword,

+		"ROUTER_SUBDOMAIN":                      cfg.Subdomain,

+		"ROUTER_SERVICE_NAME":                   name,

+		"ROUTER_SERVICE_NAMESPACE":              namespace,

+		"ROUTER_SERVICE_HTTP_PORT":              "80",

+		"ROUTER_SERVICE_HTTPS_PORT":             "443",

+		"ROUTER_EXTERNAL_HOST_HOSTNAME":         cfg.ExternalHost,

+		"ROUTER_EXTERNAL_HOST_USERNAME":         cfg.ExternalHostUsername,

+		"ROUTER_EXTERNAL_HOST_PASSWORD":         cfg.ExternalHostPassword,

+		"ROUTER_EXTERNAL_HOST_HTTP_VSERVER":     cfg.ExternalHostHttpVserver,

+		"ROUTER_EXTERNAL_HOST_HTTPS_VSERVER":    cfg.ExternalHostHttpsVserver,

+		"ROUTER_EXTERNAL_HOST_INSECURE":         strconv.FormatBool(cfg.ExternalHostInsecure),

+		"ROUTER_EXTERNAL_HOST_PARTITION_PATH":   cfg.ExternalHostPartitionPath,

+		"ROUTER_EXTERNAL_HOST_PRIVKEY":          privkeyPath,

+		"ROUTER_EXTERNAL_HOST_INTERNAL_ADDRESS": cfg.ExternalHostInternalIP,

+		"ROUTER_EXTERNAL_HOST_VXLAN_GW_CIDR":    cfg.ExternalHostVxLANGateway,

+		"STATS_PORT":                            strconv.Itoa(cfg.StatsPort),

+		"STATS_USERNAME":                        cfg.StatsUsername,

+		"STATS_PASSWORD":                        cfg.StatsPassword,

 	}

 	if len(cfg.ForceSubdomain) > 0 {

 		env["ROUTER_SUBDOMAIN"] = cfg.ForceSubdomain