I am using l2gateway port to attach a physical L2 segment to a logical network. But both the logical network and the physical segment has one common IP, say 10.0.0.1. I want to prevent the traffic from physical segment to logical network for this IP so that the traffic will always reach the 10.0.0.1 in the physical segment. What is the best way to do this?
I tried creating a port group with just the l2gateway port and added an ACL (access control list) to drop the arp packets with target IP address 10.0.0.1 (as shown in below commands). But it is not working and upon scouring the internet, I found out that ACLs do not support filtering based on fields within ARP packets, including the target protocol address.
ovn-nbctl pg-add <pg_name> <l2gateway_port_name>
ovn-nbctl acl-add <pg_name> to-lport 1 'arp && arp.tpa == 10.0.0.1' drop
