I have a clean install of Openstack Pike on Ubuntu 16.04 server with OvS bridge. When using iptables_hybrid as the firewall driver, I have no problem sending SCTP packets to VMs from the external network. However, when using the native openvswitch firewall driver, SCTP packets never arrive at the VM but TCP/UDP works fine. I have tried adding SCTP in the policy groups and I have also created ports with security disabled but nothing helped.
Neutron is configured with DVR and redundant DHCP, otherwise it's pretty standard configuration based on the install guide for OvS with self-service networks. I can provide log and config files if needed.
Any ideas what might be causing this? Iptables has a huge performance impact on the network and I would like to go back to openvswitch firewall.
