Hello,
I am experiencing an issue when applying ACLs to OVN networks. After assigning an ACL to an OVN network, the hosts (virtual machines) within that network are blocked from accessing any other network resource. The rules assigned to the ACL only come into affect once the host has been rebooted - once this is done network access works as is expected. Is this expected behaviour or something wrong with my setup? I am running Incus 6.13 in a clustered setup on Ubuntu 24.04.
Definitely not expected as OVN ACLs should apply instantly.
You may want to test a bit to see exactly what causes the ACL to finally work. Starting from restarting just the affected instance (incus restart foo) to restarting Incus itself (systemctl restart incus) to restarting various pieces of OVN itself.
Sorry, I meant that rebooting each individual virtual machine (not the incus host itself) resolves the networking issue for each respective virtual machine.
Ok, so no, that’s definitely not expected and not something I’m seeing on my own OVN based deployments. Incus pushes the ACL changes into the OVN database immediately and so they should immediately be picked up by the individual servers.