Is this truly fixed? The patch doesn't seem to fix the underlying issue at hand - ingress MACs (coming from br-vlan or br-tun) are NOT learned by br-int.
Also what are the implications of turning on this setting? The commit states:
"A new config option ``explicitly_egress_direct``, with default value False,
was added for the aim of distinguishing clouds which are running the
network node mixed with compute services, upstream neutron CI should be
an example. In such situation, this ``explicitly_egress_direct`` should be
set to False, because there are numerous cases from HA routers which can
not be covered, particularly when you have centralized floating IPs running
in such mixed hosts.
Otherwise, set ``explicitly_egress_direct`` to True to avoid the flooding.
One more note is if your network nodes are for networing services only, we
recommand you disable all the security_group to get a higher performance."
I take that to say on a network node mixed with compute services it should be set to False. But isn't that the case for every node in DVR? The compute node hosts qrouter, fip router, and can also host dhcp services.
Or does it mean we not supposed to enable this setting on hosts with dvr_snat mode for l3-agent? The message states something about centralized fips - which are hosting on the snat router/node.
Is this truly fixed? The patch doesn't seem to fix the underlying issue at hand - ingress MACs (coming from br-vlan or br-tun) are NOT learned by br-int.
Also what are the implications of turning on this setting? The commit states:
"A new config option ``explicitly_ egress_ direct` `, with default value False, egress_ direct` ` should be egress_ direct` ` to True to avoid the flooding.
was added for the aim of distinguishing clouds which are running the
network node mixed with compute services, upstream neutron CI should be
an example. In such situation, this ``explicitly_
set to False, because there are numerous cases from HA routers which can
not be covered, particularly when you have centralized floating IPs running
in such mixed hosts.
Otherwise, set ``explicitly_
One more note is if your network nodes are for networing services only, we
recommand you disable all the security_group to get a higher performance."
I take that to say on a network node mixed with compute services it should be set to False. But isn't that the case for every node in DVR? The compute node hosts qrouter, fip router, and can also host dhcp services.
Or does it mean we not supposed to enable this setting on hosts with dvr_snat mode for l3-agent? The message states something about centralized fips - which are hosting on the snat router/node.