Description of problem: OpenStack Neutron could have enormous amount of entities and connections to track. There is a long-standing RFE bug #1399987 requesting separate connection tracking for each tenant (group of VMs/router/networks/ports/etc). Originally bug #1399987 was reported for ML2/OVS plugin and it depended on iptables feature. It was implemented recently, but ML2/OVS plugin itself is going to be deprecated quite soon. So now same RFE should be implemented for ML2/OVN plugin. Ihar helped me to understand current status. It looks like in OVS, there's ct-set-limits and ct-del-limits CLI commands for dpctl tool, but there is nothing similar hooked into OVN code base (nor anything relevant pops up in its documentation). https://bugzilla.redhat.com/show_bug.cgi?id=1399987#c39
There is already an effort for the OvS side of things: https://patchwork.ozlabs.org/project/openvswitch/patch/20230330081718.196496-1-naveen.yerramneni@nutanix.com/ The commit message mentions that this extension would be later on used in OVN so it seems there is a community work towards this.