Description of problem: In osp13 ovs we would use default sec group and we would add another all-open sec-group, in osp16 with ovn we do this and sometimes we drop 50% pings. Same exact setup in 13 doesn't do this. Also in osp16 if we remove the default group and just use all-open we dont have the issue. It's intermittent .. This is an issue as default is auto added, and second group is added for specific vms. Manage Security Group Rules: default (dd7ded0d-2681-4569-bbac-18634df06f30) Displaying 4 items Direction Ether Type IP Protocol Port Range Remote IP Prefix Remote Security Group Actions Egress IPv4 Any Any 0.0.0.0/0 - Egress IPv6 Any Any ::/0 - Ingress IPv4 Any Any - default Ingress IPv6 Any Any - default Displaying 4 items Manage Security Group Rules: all-open (2fca26aa-63c5-4e62-9971-4d9fd0df431e) (We created this...) Displaying 3 items Direction Ether Type IP Protocol Port Range Remote IP Prefix Remote Security Group Actions Egress IPv4 Any Any 0.0.0.0/0 - Egress IPv6 Any Any ::/0 - Ingress IPv4 Any Any 0.0.0.0/0 Version-Release number of selected component (if applicable): ctl.ctlplane.localdomain:8787/rhosp-rhel8/openstack-ovn-controller 16.1 af92f2db4925 6 weeks ago 646 MB How reproducible: intermittent Steps to Reproduce: 1.ping with vm that has all-open and default sec-group 2. 3. Actual results: intermittent ping loss, or 50% ping loss Expected results: 0% ping loss Additional info:
After looking at the rules and consulting with OVN core folks, I believe this is a duplicate bug of https://bugzilla.redhat.com/show_bug.cgi?id=1871931 Please make sure you use ovn2.13-20.09.0-4.el8fdp or newer in order to avoid this issue. *** This bug has been marked as a duplicate of bug 1871931 ***