canonical
Allow automated allocation of external addresses (forward, load-balancers)
In a multitenant environment running with OVN, if one user in a project associates the external IP with the instance via forward - other users in other projects won't be able to track it. In this case one can never predict which IP they can pick for creating new forward.
Allowing seeing IP addresses consumed by other users on the system doesn't seem like a good approach as that causes unnecessary information leakage. However having the ability to just have LXD allocate an address from what's available would be quite valuable and would actually allow restricting things further so less trusted projects wouldn't even be allowed to request a particular address at all but instead only have access to automated allocation.
I believe what's even more important is that there is no concept of "port" related to forward. Due to this reason the assets are not deleted upon deletion of the VM, hence the IP addresses are not being released when the respective VM and port are being deleted.
Well, I agree that the floating IPs can be owned by the users irrespective to whether they are assigned to the VM. But in this case they should be in the pool of "available" address and not just statically associated with the internal IP.