Currently NMState Kubernetes does not support the ability to put an an interface in promiscuous mode on an OVN Secondary Network.

In the base NMState project an interface can be configured for promiscuous mode by setting the accept-all-mac-addresses option to true under the interface config.
https://nmstate.io/devel/yaml_api.html#accept-all-mac-addresses

This does look to be configurable on the NetworkAttachmentDefinition, however this looks like it is only applicable via a CNV bridge.  Currently there is no way to achieve this for OVN secondary networks.

When trying to configure this against and OVS bridge interface as you would for a normal nmstate interface:

spec:   
  desiredState: 
     interfaces: 
       - bridge: 
           accept-all-mac-address: true  #<---This option
           allow-extra-patch-ports: true
           options: 
              stp: true
           port: 
             - name: eno4
         name: ovs-br0
         state: up
         type: ovs-bridge
    ovn: 
      bridge-mappings: 
        - bridge: ovs-br0
          localnet: default-vlan
          state: present

The NNCP config will error out and not apply, giving the following error:

Provide file is not valid NetworkState or NetworkPolicy: interfaces: unknown field `accept-all-mac-address`, expected one of `allow-extra-patch-ports`, `options`, `port`, `ports`, `port`, `slaves` at line 2 column 1


 

Applying this as a configuration at the ovn bridge-mapping level applies, but does not functionally change anything.

As OpenShift Virtualization continues to look to add support for more workloads this will be required.  Many virtualized network appliances require the ability to receive traffic from mac-addresses not destined for it for inspection purposes.

Also, in instances where somebody might be looking to run some sort of nested virtualization for testing purposes this would also be applicable.