Comment 10 for bug 2017886

Regarding SNAT, yep, it makes sense to have it disabled for tenant networks, as otherwise the outgoing traffic from the VMs is not going to work as intended. This new flag was added for that: require_snat_disabled_for_tenant_networks

When you say IPs shared by 2 VMs, you mean allowed_address_pairs and then relying on OVN to associate that IP to one or another VM (over time), right? That is the same use case as amphora loadbalancer and that used to work just fine (with exposing individual IPs, not subnets). Maybe you are hitting something similar to Michel on live migration with evpn, where he needed to add the option "anycast_evpn_gateway_mode" on https://review.opendev.org/c/openstack/ovn-bgp-agent/+/906505 to ensure the same mac everywhere