Description of problem: This bug has discovered with misconfig. NovaPCIPassthrough: - devname: "ens1f0" physical_network: "sriov1" <<<<<< - devname: "ens1f1" physical_network: null - type: ovs_bridge name: br-offload <<<<<<<<<<<<<<<<<<<Bridge name mtu: 9000 use_dhcp: false members: - type: linux_bond name: bond-pf bonding_options: "mode=active-backup miimon=100" members: - type: sriov_pf name: ens1f0 <<<<<<<<<<<<<<<<<<<<<<<<< numvfs: 3 primary: true promisc: true use_dhcp: false defroute: false link_mode: switchdev - type: sriov_pf name: ens1f1 numvfs: 3 promisc: true use_dhcp: false defroute: false link_mode: switchdev NeutronBridgeMappings: 'datacentre:br-ex,sriov1:br-tenant,dpdk2:br-link2' <<<<<< NeutronNetworkVLANRanges: dpdk1:505:510,dpdk2:505:510,sriov1:505:510,sriov2:505:510 NeutronFlatNetworks: 'datacentre,dpdk1,dpdk2,sriov1,sriov2' In NeutronBridgeMappings, sriov1 is mapped to br-tenant. And this bridge is not at all created on compute node. Rather sriov1(ens1f0) added to br-offload. However, packets finds out way to go out from VF(created on ens1f0) via geneve tunnel interface (ens1f1). This is ovs-hw-offload feature tested on ml2/ovn. Version-Release number of selected component (if applicable): RHOSP: 16.1.4 RHEL: 8.2 Kernel: 4.18.0-193.41.1.el8_2.x86_64 OVS: openvswitch2.13-2.13.0-71.el8fdp.x86_64 OVN: ovn2.13-20.09.0-17.el8fdp.x86_64 How reproducible: Always Steps to Reproduce: 1. Deploy ml2/ovn with ovs-hw-offload as shown above (Misconfig) 2. Create VM from sriov1 provider network 3. Send packets to outside and observe the dump-flow table Actual results: Packets are getting out via geneve tunnel where they are expected to drop. Expected results: Drop the packets. Additional info: Such misconfig handled via geneve tunnel fall back mechanism may create issue in network. Packets are floating around unnecessary.
Closing this as a NOTABUG as per discussion upstream: https://mail.openvswitch.org/pipermail/ovs-discuss/2021-February/050953.html