[ovn] Don't add conntrack entries for Geneve

As Geneve UDP traffic is allowed, there's no reason to create conntrack entries as it may result in a performance hit. This patch is preventing Geneve traffic to be sent to conntrack. Closes-Bug: #1885551 Change-Id: I1eb6c77ea3cbdfaaa2b2a3fec0e6b8d2a71aae95 Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
2020-06-29 13:23:20 +02:00 · 2020-06-29 13:23:20 +02:00 · a9e95b26bc
parent d13d010693
commit a9e95b26bc
1 changed files with 16 additions and 0 deletions
--- a/deployment/ovn/ovn-controller-container-puppet.yaml
+++ b/deployment/ovn/ovn-controller-container-puppet.yaml
@ -138,6 +138,22 @@ outputs:
        '119 neutron geneve networks':
              proto: 'udp'
              dport: 6081
+        '120 neutron geneve networks no conntrack':
+              proto:  'udp'
+              dport:  6081
+              table:  'raw'
+              chain:  'OUTPUT'
+              jump:   'NOTRACK'
+              action: 'append'
+              state: []
+        '121 neutron geneve networks no conntrack':
+              proto:  'udp'
+              dport:  6081
+              table:  'raw'
+              chain:  'PREROUTING'
+              jump:   'NOTRACK'
+              action: 'append'
+              state: []
      config_settings:
        map_merge:
          - get_attr: [RoleParametersValue, value]