I had some time to look into what are the minimal necessary conditions for the bugs reproduced in comment #2.
The forwarding problem is present in all ml2/ovs environments where a trunk port is set up by the ovs-agent and when the trunk bridge is flooding traffic. The values of firewall_driver and explicitly_egress_direct are irrelevant.
The flooding problem requires more. It is only present if explicitly_egress_direct is set to True (that's when the forwarding is asymmetric - direct output action in egress direction, but normal action in ingress direction). I did not open a new bug report yet, because I believe this problem was already reported here: https://bugs.launchpad.net/neutron/+bug/1884708 This bug report seems to be fixed by https://review.opendev.org/c/openstack/neutron/+/738551. However I believe that change did not fix all cases of the bug. It fixed the flooding problem with firewall_driver=noop. However it did not fix it with firewall_driver=openvswitch. I did not test with other firewall_drivers yet. I think we should reopen #1884708.
I had some time to look into what are the minimal necessary conditions for the bugs reproduced in comment #2.
The forwarding problem is present in all ml2/ovs environments where a trunk port is set up by the ovs-agent and when the trunk bridge is flooding traffic. The values of firewall_driver and explicitly_ egress_ direct are irrelevant.
The flooding problem requires more. It is only present if explicitly_ egress_ direct is set to True (that's when the forwarding is asymmetric - direct output action in egress direction, but normal action in ingress direction). I did not open a new bug report yet, because I believe this problem was already reported here: https:/ /bugs.launchpad .net/neutron/ +bug/1884708 This bug report seems to be fixed by https:/ /review. opendev. org/c/openstack /neutron/ +/738551. However I believe that change did not fix all cases of the bug. It fixed the flooding problem with firewall_ driver= noop. However it did not fix it with firewall_ driver= openvswitch. I did not test with other firewall_drivers yet. I think we should reopen #1884708.