Description of problem: Creating octavia loadbalancer fails due to openflow rules not being matched when port security enabled on healthmanager port in octavia-worker. egress traffic from octavia-worker does not reach amphora on tcp/9443. Version-Release number of selected component (if applicable): OSP 16.2, openstack-octavia-worker-5.1.3-2.20220328185156.el8ost How reproducible: With openvswitch native firewall and port-security enabled on octavia-worker (o-hm) port, the creation of load balancer does not complete and errors out (see below). Removing port-security on that port enables loadbalancer to be created. Steps to Reproduce: 1. create loadbalancer with port security enabled (ovs-fw) on o-hm port 2. traffic unable to egress/reach amphora instance on tcp/9443 3. only entirely removing port-security resolves the issue. If security group rules are adjusted to allow all egress tcp/udp traffic from that port, it still does not resolve the issue. Actual results: Failure in ovs-fw / openflow rules matching cause dropped packets and octavia loadbalancer creation fails. Expected results: Openflow rules should be matched and egress should be allowed. Additional info:
Thank you! This can be closed based on comment #6.