Description of problem:
It seems we have a case where the openvswitch firewall driver and a use of trunks interferes with each other. I tried using the parent's MAC address for a subport. Like this:

 openstack network create net0
 openstack network create net1
 openstack subnet create --network net0 --subnet-range 10.0.4.0/24 subnet0
 openstack subnet create --network net1 --subnet-range 10.0.5.0/24 subnet1
 openstack port create --network net0 port0
 parent_mac="$( openstack port show port0 | awk '/ mac_address / { print $4 }' )"
 openstack port create --network net1 --mac-address "$parent_mac" port1
 openstack network trunk create --parent-port port0 --subport port=port1,segmentation-type=vlan,segmentation-id=101 trunk0
 openstack server create --flavor cirros256 --image cirros-0.3.4-x86_64-uec --nic port-id=port0 --key-name key0 --wait vm0

Then all packets are lost on the trunk's parent port:

 $ openstack server show vm0 | egrep addresses.*net0
 | addresses | net0=10.0.4.6 |
 $ sudo ip netns exec "qdhcp-$( openstack network show net0 | awk '/ id / { print $4 }' )" ping -c3 10.0.4.6
 WARNING: openstackclient.common.utils is deprecated and will be removed after Jun 2017. Please use osc_lib.utils
 PING 10.0.4.6 (10.0.4.6) 56(84) bytes of data.

 --- 10.0.4.6 ping statistics ---
 3 packets transmitted, 0 received, 100% packet loss, time 2016ms

If I change the firewall_driver to noop and redo the same I have connectivity.

If I still have the openvswitch firewall_driver but I don't explicitly set the subport MAC, but let neutron automatically assign one, then again I have connectivity.

Version-Release number of selected component (if applicable):
Pike

How reproducible:
100%

Steps to Reproduce:
1. Described in description
2.
3.

Actual results:


Expected results:


Additional info: