Regarding SNAT, yep, it makes sense to have it disabled for tenant networks, as otherwise the outgoing traffic from the VMs is not going to work as intended. This new flag was added for that: require_snat_disabled_for_tenant_networks
When you say IPs shared by 2 VMs, you mean allowed_address_pairs and then relying on OVN to associate that IP to one or another VM (over time), right? That is the same use case as amphora loadbalancer and that used to work just fine (with exposing individual IPs, not subnets). Maybe you are hitting something similar to Michel on live migration with evpn, where he needed to add the option "anycast_evpn_gateway_mode" on https://review.opendev.org/c/openstack/ovn-bgp-agent/+/906505 to ensure the same mac everywhere
Regarding SNAT, yep, it makes sense to have it disabled for tenant networks, as otherwise the outgoing traffic from the VMs is not going to work as intended. This new flag was added for that: require_ snat_disabled_ for_tenant_ networks
When you say IPs shared by 2 VMs, you mean allowed_ address_ pairs and then relying on OVN to associate that IP to one or another VM (over time), right? That is the same use case as amphora loadbalancer and that used to work just fine (with exposing individual IPs, not subnets). Maybe you are hitting something similar to Michel on live migration with evpn, where he needed to add the option "anycast_ evpn_gateway_ mode" on https:/ /review. opendev. org/c/openstack /ovn-bgp- agent/+ /906505 to ensure the same mac everywhere