Description of problem: When pinging a VM FIP from external network traffic is passing not only via compute node external interface but also on controller. All downstream CI ovn dvr/l3ha tests are reporting that traffic found on compute+controller nodes while only compute node is expected. This is a regression of the latest puddle RHOS-16.2-RHEL-8-20230324.n.1 On RHOS-16.2-RHEL-8-20230301.n.1 the issue does not happen with the same tests. Version-Release number of selected component (if applicable): RHOS-16.2-RHEL-8-20230324.n.1 How reproducible: 100% on all OVN environments with DVR enabled Steps to Reproduce: 1.Deploy an HA environment (3 controllers+2 compute nodes) with DVR enabled 2. Create external and internal networks, router, connect networks to the router, create a VM connected to the internal network and a FIP of the VM on external network. 3.Run captures on all nodes external interfaces and try to access the VM FIP address from external network, e.g. send ping requests Actual results: FIP-related traffic found not only on compute nodes but also on controller nodes Expected results: FIP traffic found only on compute nodes Additional info:
This is a regression, not reproducible in earlier compose. Raising blocker.
I can confirm this is caused by the redirect-type=bridged flag on the gateway router ports
*** This bug has been marked as a duplicate of bug 2177155 ***