Sometimes it's difficult to know what packets are being dropped by OVN and why. Two main reasons arise: - Some drops are implicit. Some tables do not have an explicit drop action so packets that do not match any lflow are silently dropped by OVS. - We lack packet information from explicit drops that would help debug why the packet was actually dropped. In order to help debugging OVN issues, the proposal is to: * Add a config flag that makes ovn-northd add an explicit drop action to all tables if needed * Allow OVN to add a "sample" action to those explicit drop actions so dropped packets can be collected by an IPFIX collector. That way, they can be visualized and the header information can be used to further troubleshoot the problem. This was a suggestion by Tim Rozet in a demo about per-flow OVN sampling. Related to BZ2038867.
RFC sent: https://patchwork.ozlabs.org/project/ovn/cover/20220425111724.2981776-1-amorenoz@redhat.com/
I'm closing this since the feature has been implemented and merged into OVN. This bug slipped through the cracks and we did not close it earlier.