Heh, let me take a moment to answer my own question. ;^) dceara pointed me to a change in ovn [a] that explains this change in behavior. It was done to address issue 1076 [b].
Mystery solved. Thanks Dumitru! -- flaviof [a]: https://github.com/ovn-org/ovn/commit/63640c0d119951816663d08fd75eebf2d8963372 [b]: https://github.com/ovn-org/ovn-kubernetes/issues/1076 > On May 7, 2020, at 2:39 PM, Flavio Fernandes <[email protected]> wrote: > > Hi OVN gurus, > > A few months back, I wrote a little blog covering ovsdbapp [2] as an > alternative > to do what Russell wrote in an old gist with shell commands [1]. > > Going back to that last week, I noticed a change in behavior. The rule for > allow-related action does not seem to conntrack packets to the logical router. > In order to make it work, I needed to add explicit rules [3]. > > Is this a known/expected behavior? I can try a bisect to see when the behavior > changed, but thought of asking first. > > Thanks, > > -- flaviof > > [1] https://gist.github.com/russellb/4ab0a9641f12f8ac66fdd6822ee7789e > russellb/ovn-test-icmp-reproducer.sh > [2] > https://github.com/flavio-fernandes/ovsdbapp_playground/blob/a9e780ce7ad57215b2200eba14c515482be84d63/scripts/step2_create_logical_ports.py > russellb's equivalent in ovsdbapp > [3] > https://github.com/flavio-fernandes/ovsdbapp_playground/commit/a9e780ce7ad57215b2200eba14c515482be84d63 > acl rules changes to make > > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
