Comment 7 for bug 2020410

Hello Maximilian,

Please, do share the lab drawing!

Your understanding is correct. With an L2VNI in place, there is no longer any need for hacks such proxy_arp/ndp.

Note that the anycast gateway IRB should be optional, perhaps enabled only if an "l3vni" annotation or some such exists in the OVN DB. It could very well be that some physical firewall appliance or whatever connected to a physical switch external to OpenStack (reached via the L2VNI) is owning the gateway IP, if so the IRB should not be created on they hypervisor with the anycast IP/MAC.

Ideally this feature should not be limited to networks with DHCP enabled.

I note that the subnet objects in the OpenStack database contains all the necessary information for configuring the IRB, in particular the fields "cidr" and "gateway_ip" fields, as well as the "provider:segmentation_id" and "mtu" fields on the parent network object.

Also, all the necessary information for emitting correct ICMPv6 RAs (IFF the anycast gateway IRB is active) is present, in particular the "dns_nameservers", "ipv6_address_mode" and "ipv6_ra_mode" fields.

I do not know enough about the OVN databases to determine if all this information is also available to ovn-bgp-agent. I guess that's what your updated patch to networking-bgpvpn does, maybe?