So, running an `ovn-trace` for both the sub-port and the trunk, when port security is disabled, shows that it kills it early when it sees VLAN traffic. I suspect this is another bug:
``` ❯ kubectl -n openstack exec pods/ovn-ovsdb-sb-2 -- ovn-trace --friendly-names --ovs neutron-ea05f3c2-b370-49e6-ab71-635376211fd5 ' inport=="bffe6ba0-6bdc-4f99-b43e-a5dc9e5b6aea" && vlan.vid==20 && eth.src==52:54:00:3f:1d:a9 && ip4.src==172.17.0.11 && ip4.dst==172.17.0.100 && ip.ttl == 64 && icmp4.type == 8' Defaulted container "ovsdb" out of: ovsdb, init (init) # icmp,reg14=0xf,dl_vlan=20,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:1d:a9,dl_dst=00:00:00:00:00:00,nw_src=172.17.0.11,nw_dst=172.17.0.100,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
ingress(dp="zuul-ci-net-17dc44ba", inport="controller-ffd424a4-3b96-489a-84dd-e6d742e9cf8e-20") ----------------------------------------------------------------------------------------------- 0. ls_in_check_port_sec (northd.c:8377): vlan.present, priority 100, uuid d24b30bb drop; ```
So, running an `ovn-trace` for both the sub-port and the trunk, when port security is disabled, shows that it kills it early when it sees VLAN traffic. I suspect this is another bug:
``` ea05f3c2- b370-49e6- ab71-635376211f d5 ' ="bffe6ba0- 6bdc-4f99- b43e-a5dc9e5b6a ea" && =52:54: 00:3f:1d: a9 && =172.17. 0.11 && =172.17. 0.100 && 0xf,dl_ vlan=20, dl_vlan_ pcp=0,vlan_ tci1=0x0000, dl_src= 52:54:00: 3f:1d:a9, dl_dst= 00:00:00: 00:00:00, nw_src= 172.17. 0.11,nw_ dst=172. 17.0.100, nw_tos= 0,nw_ecn= 0,nw_ttl= 64,nw_frag= no,icmp_ type=8, icmp_code= 0
❯ kubectl -n openstack exec pods/ovn-ovsdb-sb-2 -- ovn-trace --friendly-names --ovs neutron-
inport=
vlan.vid==20 &&
eth.src=
ip4.src=
ip4.dst=
ip.ttl == 64 &&
icmp4.type == 8'
Defaulted container "ovsdb" out of: ovsdb, init (init)
# icmp,reg14=
ingress( dp="zuul- ci-net- 17dc44ba" , inport= "controller- ffd424a4- 3b96-489a- 84dd-e6d742e9cf 8e-20") ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---- port_sec (northd.c:8377): vlan.present, priority 100, uuid d24b30bb
-------
0. ls_in_check_
drop;
```