Comment 14 for bug 1798904

https://review.opendev.org/c/openstack/nova/+/602432 has now merged yes but i have not tested if it also fixes this.

in principal it should when combinid with the os-vif config option for port isolation.
https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py#L90-L94

i guess we just need to test it an verify.
in principal i belive seting

[os_vif_ovs]
isolate_vif=true

with master should close this issue as the ovs port will be created on vlan 4095 which will result in all packet being droped.
admin-state-up=false will not alter the behaivor of nova/os-vif so at that point connectivy to the port is entirely up to the l2 agent to establish when admin-state-up=true is set.

for ovn you cannot use [os_vif_ovs]/isolate_vif=true
but we do not expect this issue to be present with ovn.

i can try and retest this later in the week but if anyone else can test it in the interim that would be awesome.

i have propsosed an inital backport of https://review.opendev.org/c/openstack/nova/+/602432
to stable wallaby https://review.opendev.org/c/openstack/nova/+/790447

if im being totally honest this bug and all it forms has somewhat burnt me out so im not
sure i have the mental enery to back port this to all affected brnahces.

sepcially when it comes to checkign all the depencies across nova,os-vif and neutron but i think we shoudl be able to move nova to fix released if we can confirm https://review.opendev.org/c/openstack/nova/+/602432 + [os_vif_ovs]/isolate_vif=true works.