Description of problem:

Floating ip assignment persisted But connectivity to the geneve tunnel interface (direct) was unsuccessful.We needed to assign security group with icmp allow rule to the geneve port and connectivity was restored. However, offloading the traffic failed as we see packets on representor port via tcpdump. 
For Data traffic also same behavior and we needed to assign a security group with icmp allow rule to the vlan port and connectivity was restored. However, offloading the traffic failed as we see packets on representor port via tcpdump. 

Before migration, there were no security groups assigned to both vlan and vxlan direct ports. We validated the connectivity, traffic were offloaded for both the ports, so expecting the same behavior after migration as well.

we have two issues here,
1. why do we need to attach security group to make it work?
2. Why flows were not offloaded?

We removed security group again from vlan port , connectivity was successful and offloading was successful.

We removed security group again from vxlan port, connectivity was successful and offloading was unsuccessful.



Version-Release number of selected component (if applicable):
Linux kernel: 4.18.0-305.28.1.el8_4.x86_64
RHEL 8.4
openvswitch2.15-2.15.0-38.el8fdp.x86_64
ovn-2021-21.09.0-20.el8fdp.x86_64

How reproducible:

Always


Steps to Reproduce:
1.deploy ml2-ovs hw-offload
2. verify vlan and vxlan connectivity and offloading the traffic.
3.Start the OVN migration
4.Verify step2 again and it fails.

Actual results:
vlan and vxlan connectivity and offloading the traffic were unsuccessful.

Expected results:
vlan and vxlan connectivity and offloading the traffic should be successful after OVN migration successful.

Additional info: