The patch of https://review.opendev.org/c/openstack/neutron/+/759367/ which introduced the config option ``explicitly_egress_direct=True/False`` had fixed the following problems: 1. the egress flooding issue on br-int when enable openvswitch(openflow) security group driver https://bugs.launchpad.net/neutron/+bug/1732067
2. fix the east-west traffic broken of dvr https://bugs.launchpad.net/neutron/+bug/1831534 (this bug is for VLAN network, but the issue is not vlan only). 3. fix some potential ingress flood issue on br-int And I had put some issues here as well: https://bugs.launchpad.net/neutron/+bug/1934666/comments/5 So, not use explicitly_egress_direct=True, you have to face these issues. Another thing is that as I said in the release note before, do not use ``explicitly_egress_direct=True`` in host which enable dvr_snat and compute service. There are too many cases need to cover, please try to combine the following cases for DVR: 1. vlan/vxlan 2. dvr/dvr+ha 3. agent mode(dvr, dvr_snat, dvr_no_external) 4. east-west traffic and north-south traffic with the Scenario of src and dest in or not in same host 5. IPv6 6. allowed_address_pair 7. enable/disabl openflow firewall 8. HA router failover The final cases is too many to cover. And FYI, we had mark that dvr_snat + compute services is not supported. https://review.opendev.org/c/openstack/neutron/+/801503 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1931696 Title: ovs offload broken from neutron 16.3.0 onwards To manage notifications about this bug go to: https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1931696/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
