1. Proposed title of this feature request
Enable Global ICMP traffic in OVN with DENY ALL Policies

2. What is the nature and description of the request?
Right now there is no explicit ICMP protocol support in NetPol or MultiNetPol. This means we block all ICMP traffic between pods or VMs when there is a base level DENY ALL policy.

https://issues.redhat.com/browse/RFE-6896 aims to fully address this by by adding ICMP (and other) protocol support for fine grained control.

In cases where a customer wants ICMP across across the cluster and fine grained control of ICMP is not required, we offer a flag or an annotation to inject an OVN ACL to enable ICMP traffic across the SDN, irrespective of DENY ALL rules for TCP or UDP.

3. Why does the customer need this? (List the business requirements here)

Customers want to leverage ICMP across the cluster for the purpose of network diagnostics, troubleshooting and health checking. In these use cases, they do not require fine grained access control of the ICMP protocol between pods or VMs as you would get with full ICMP protocol support in NetPol and MultiNetPol. They want to maintain ICMP access, irrespective of DENY ALL rules for TCP or UDP.

4. List any affected packages or components.
ovn-kubernetes