I run some scenarios on OpenStack with OVN backend for neutron (in all tests security-group has no rule)
when port security is enabled I can not watch the unicast traffic of other VMs with tcpdump but when port security is disabled I can watch other unicast traffic for other instances.
so I am pretty sure that It is the cause of the OVN that add some rule to drop other unicast traffic.
I also run the same tests when the backend is Openvswitch only (not OVN) I can watch other unicast traffic in all modes (enable or disable port security has no impact).
Is there any link or reference that explicitly said about this issue and the impact of OVN in OpenStack for dropping other traffics?
Can I drop unicast traffic of other instances in Openvswitch when I do not use OVN as backend?
