Description of problem:

Migrating from O-SDN to OVN-K, the F5 CIS integration is no longer works.

Previously, O-SDN used VXLAN tunnel for achieve the routing to pods for the F5.

Now the F5 has the static routes configured so that it knows which node to route to for the pod in question.

The F5 CIS pods communicate with the F5 fine and program the F5 pools for the correct pods.

The F5 HA Pair is on the same network as the OCP nodes so it falls to the default route.

Testing:
1)
Using tcpdump, we can see the request from the F5 makes it to the pod and the pod responds.
We do not see the response making it back to the physical device on the node.

2)
Using retis, it appears like the request is being dropped on the way back out.

535319125194057 (21) [swapper/21] 0 [tp] skb:kfree_skb #1e6deb24afb66ff427ada85b6ec00 (skb ff427ad97b77cf00) n 8 drop (reason openvswitch/OVS_DROP_LAST_ACTION)

Version-Release number of selected component (if applicable):

4.16.36

How reproducible:

100%

Steps to Reproduce:

1. Deploy F5 CIS

2. Programs pods into F5

3. F5 can not communicate with pods

Actual results:

F5 can not establish 2 way communication with the pods

Expected results:

Additional info:

Please fill in the following template while reporting a bug and provide as much relevant information as possible. Doing so will give us the best chance to find a prompt resolution.

Affected Platforms:

UPI on Baremetal