From a9e95b26bc87c35f8efe54243fee8dcb4089f9b2 Mon Sep 17 00:00:00 2001
From: Daniel Alvarez <dalvarez@redhat.com>
Date: Mon, 29 Jun 2020 13:23:20 +0200
Subject: [PATCH] [ovn] Don't add conntrack entries for Geneve

As Geneve UDP traffic is allowed, there's no reason to create
conntrack entries as it may result in a performance hit.

This patch is preventing Geneve traffic to be sent to conntrack.

Closes-Bug: #1885551
Change-Id: I1eb6c77ea3cbdfaaa2b2a3fec0e6b8d2a71aae95
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
---
 .../ovn/ovn-controller-container-puppet.yaml     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml
index 918a2d9ea5..f211a0768d 100644
--- a/deployment/ovn/ovn-controller-container-puppet.yaml
+++ b/deployment/ovn/ovn-controller-container-puppet.yaml
@@ -138,6 +138,22 @@ outputs:
         '119 neutron geneve networks':
               proto: 'udp'
               dport: 6081
+        '120 neutron geneve networks no conntrack':
+              proto:  'udp'
+              dport:  6081
+              table:  'raw'
+              chain:  'OUTPUT'
+              jump:   'NOTRACK'
+              action: 'append'
+              state: []
+        '121 neutron geneve networks no conntrack':
+              proto:  'udp'
+              dport:  6081
+              table:  'raw'
+              chain:  'PREROUTING'
+              jump:   'NOTRACK'
+              action: 'append'
+              state: []
       config_settings:
         map_merge:
           - get_attr: [RoleParametersValue, value]