This thread was about network forwarding in a setup described in OVN high availability cluster tutorial.
After the description of the tutorial above you have a clustered environment with working traffic to the outside world based on ovn.
My challenge was to make working ingress traffic with forwarding to containers as well. Precondition for this to work is a single ip address for all cluster members to the outside. In my case its a failover ip that I can switch between my single hosts.
Let’s say this external ip is 44.28.196.49. Be sure that you haven’t configured this ip to any of your hosts interfaces.
Then you have to configure a route for your bridge via lxc network set lxdbr0 ipv4.routes=44.28.196.49/32. This way every traffic to the failover ip on your host will be routed to your bridge interface.
Now you can create a network forward according to https://linuxcontainers.org/lxd/docs/master/network-forwards/: lxc network forward create ovn0 44.28.196.49 target_address=<container/vm ip>.
If you are going with a failover ip like me, be sure that the failover ip is routed to the host with the active chassis of ovn. In the upcoming release you might see the active chassis via lxc network info ovn0 . Otherwise check the result of running curl ifconfig.me in one of your containers to check which host is active. Configure at your hoster that the failover ip is routed to that host.
Important note: It seems that there is a bug in ovn 21.06.0 upwards (see Load balancer ARP responder broken since 21.06 · Issue #124 · ovn-org/ovn · GitHub). Therefore you have to use version 21.03.0 or earlier. You may check the version via ovn-nbctl --version.