Take advantage of the path control aspect of Gatekeeper

[AltraMayor]

Once issue #297 is implemented, policies will be able to define the destination of encapsulated packets. This new flexibility also enables policies to redirect flows. Flow redirection opens Gatekeeper to new possibilities such as path control and integrating with intrusion detection systems such as Suricata, Snort, and Zeek (formerly Bro). Path control can become the key to mitigate Coremetl/Crossfire attacks.

Combined with the fact that policies control when flow redirection is applied, to which flows, and to where redirecting them, flow redirection can also be seen as on-demand tunnels.