OVS allows enabling prefix match optimizations per flow table.  This enables masked matches whenever possible on fields that otherwise would be exact matched in the datapath flow.

By default, however, only nw_src and nw_dst are enabled (L4 ports are also always enabled, but this is not configurable).  OVN is using mixed flow tables that match on both IPv4 and IPv6 addresses, meaning that IPv6 traffic generates exact match datapath flows where IPv4 generates masked matches, causing datapath flow explosion under heavy IPv6 load.  See FDP-728 and FDP-958 as an example.

OVN owns the bridge and the flow tables, so it should enable appropriate fields per flow table to avoid flow explosion and achieve better performance overall.

 Example, on how the prefixes can be configured manually:

for i in $(seq 0 254); do
  ovs-vsctl set Bridge br-ex flow_tables:${i}=@N -- \
    --id=@N create Flow_Table name=t${i} prefixes=nw_src,nw_dst,ipv6_dst,ipv6_src;
  ovs-vsctl set Bridge br-int flow_tables:${i}=@N -- \
    --id=@N create Flow_Table name=t${i} prefixes=nw_src,nw_dst,ipv6_dst,ipv6_src;
done

Note that until recently OVS only supported up to 3 prefixes per flow table, but now the limit is increased to 4. So, ovn-controller may need to check and choose appropriate number. For the 3 we may just add ipv6_src and leave ipv6_dst unoptimized.

OVS 3.5 will have all 4 prefixes enabled by default, but OVN will be paired with older versions of OVS for a long time, so it's better to set these config options.