This is tracking the upstream effort needed to deliver the solution to the bug described below.

We are not able to establish communication to a VM on the external network from a VM on a VLAN tenant network. The tenant and external network are routed via a OVN router with reside-on-redirect-chassis = "false"

I this point I am not sure if we are missing some OVN configuration or if there is a bug in OVN. I read an old email from Numan about the reside-on-redirect-chassis config and I think we are configuring this setup correctly. I.e. we set it to false such that traffic to the external network is not centralized through a GW chassis.

Here is a diagram showing the topology in question. In this diagram the VM2 (VLAN tenant network IP 192.0.2.7) should be able to communicate with the VM-Public(Public network IP 10.0.0.248).

I am attaching OVN DBs, ovn-trace of a ICMP ping from a tenant VM(vm2) to the external VM (vm-public) and `ovn-sbctl list lflow <router>` output from this setup

Tested on OVN 24.03