On Sat, Mar 23, 2019 at 7:44 PM Dominik Holler <dholler@redhat.com> wrote:

Sorry for late reply Dominik.... busy on other (interesting at least ;-) things

> I have to dig a bit more, because from first tests if I start another VM on
> the same ovn192 network also on the same host they are not able to
> communicate
> Possibly an iptables misconfiguration on host?
>

Just to understand the error, would you please check if
/var/log/openvswitch/ovn-controller.log
or any other logfile in the same directory contains any hints?

It seems not

Would communication using a new created ovn network without port
security enabled work?

I confirm that if I create a new ovn with security port "Disabled" the VMs can communicate both when running on the same host and on hosts even in different datacenters ;-)

I unplug vnic / change ovn network of vms to match the new one / plug vnics again and they communicate.

I unplug vnic / change ovn network of vms to the old one with port securty enabled / plug vnics again and they don't communicate.

Questions:

- what is the role of the "Network port security" option for an OVN network?

- what is the meaning of "Undefined" option for it other than "Enabled" and "Disabled"?

- it seems I cannot edit the value for "Network port security" option of an existing OVN network, is it correct?

Thanks again,

Gianluca