Comment 9 for bug 1732067

After tested, It seems that this issue is caused by ovs-fw ingress flows with strip_vlan,output=<port_id> in table=81 and table=82.
When I ping VM's floatingip from outside. for example, floatingip for VM is 172.24.0.157, internal ip is 192.168.111.18/fa:16:3e:b2:c2:84, outside host IP is 172.24.0.3/e6:73:51:97:74:4e.
If outside host has no arp entry for 172.24.0.157, it will send arp broadcast, and br-int on host which VM on will update it's fdb entry.

[root@node-2 ~]# ovs-appctl fdb/show br-int | grep e6:73:51:97:74:4e
    2 3 e6:73:51:97:74:4e 3

This fdb entry timeout is 300s, even though VM ping continues, this entry will not be updated because strip_vlan,output=<port_id> flow. This flow will forward ping package to VM and do not update fdb entry in br-int.
After 300s, this entry disappear, The reply icmp package will flood in br-int bridge (This do not affect the original ping, but flood will affect other VMs on this host. If other VMs has ingress QoS, this flood will affect other VM's network connection).
If you delete 172.24.0.157 fdb entry on outside host by `arp -d 172.24.0.157`, the fdb entry in br-int will come back, and flood is stopped.

To solve this problem, comment #8 is a solution, for ingress package, we just do actions=NORMAL at last to let br-int update fdb entry.