Rancher: [Request?] - network overlay plugin framework, support alternate overlays

IPsec is hard ;) and beyond many (most?) administrators to diagnose errors. Rancher's managed networking mostly "just works" but renders hosts unusable on failure.

From the number of related issues I see, is very difficult for many people to diagnose, let alone fix. I have been able to resolve issues on some hosts, and had to simply remove others. In some cases, removing a host, or changing IP addresses is not feasible as a workaround or fix.

IPSec is also incompatible with some network topologies. Some ISP networks will provide NAT that assigns IP:port pairs on a per port basis, causing packets to arrive from different IP addresses on ports 4500 and 500

Many users will interconnect datacenters over an encrypted vpn or other overlay - using IPSec on top of this encrypted overlay is top heavy and redundant.

Simpler overlay networking maybe desired by some. I have seen request for vlan or vxlan configurations.
My own preference would be for cjdns to provide the overlay (via ipv6) as this is encrypted, and handles full mesh routing, and ipv4 tunnels. I'm sure that others might prefer openvpn, or other techniques.

Because there are so many various desired topologies, user-configurable/user-written network overlay drivers maybe quite desirable, a plugin type framework could allow users to create their own as desired.

Plugin framework is a little above my go-fu, but plugins could be fairly simple to write. (simpler than diagnosing IPSec issues! :)