On Sat, Mar 23, 2019 at 7:44 PM Dominik Holler <dholler@redhat.com> wrote: Sorry for late reply Dominik.... busy on other (interesting at least ;-) things
I have to dig a bit more, because from first tests if I start another VM on the same ovn192 network also on the same host they are not able to communicate Possibly an iptables misconfiguration on host?
Just to understand the error, would you please check if /var/log/openvswitch/ovn-controller.log or any other logfile in the same directory contains any hints?
It seems not
Would communication using a new created ovn network without port security enabled work?
I confirm that if I create a new ovn with security port "Disabled" the VMs can communicate both when running on the same host and on hosts even in different datacenters ;-) I unplug vnic / change ovn network of vms to match the new one / plug vnics again and they communicate. I unplug vnic / change ovn network of vms to the old one with port securty enabled / plug vnics again and they don't communicate. Questions: - what is the role of the "Network port security" option for an OVN network? - what is the meaning of "Undefined" option for it other than "Enabled" and "Disabled"? - it seems I cannot edit the value for "Network port security" option of an existing OVN network, is it correct? Thanks again, Gianluca