Description of problem: Conntrack is disabled for router ports by default which results in dropped reply packets. Would be nice to add an option for LSP to enable conntrack on that port (not connected to distributed router).
Just a bit more context: Since https://github.com/ovn-org/ovn/commit/9653a4ec597779bf0fb8352437e7faa04f9f4111, for switches that have load balancers or stateful ACLs applied, traffic that is sent/received to/from a router port bypasses conntrack (it was already the case for switches with stateful ACLs since https://github.com/ovn-org/ovn/commit/fcdbb261a651d5a0882f25f463aa7fd3f7bb714a). In specific cases, e.g., on the LSP connecting the join switch to the GW router in ovn-k8s, the CMS might wish to disable this functionality and use conntrack. This BZ requests a new LSP config option to selectively do that.
As discussed on Slack, this is not really required for ovn-kubernetes anymore, lowering priority and severity.
This issue is being closed as an automatic process due to the issue's age. If you wish to re-open this issue, please do so in Jira (https://issues.redhat.com) in the 'FDP' project. Please be sure to set the component to the latest OVN version where this issue is known to occur. If this is a feature request or improvement, please set the component to 'OVN'.
This is will actually be supported in OVN 24.03.0 since: https://github.com/ovn-org/ovn/commit/9a0f30756dab79ae34249ce8ee9334c63f6b6c16 A new option has been added to enable/disable the behavior (default disabled). LSP.options:enable_router_port_acl=true/false