diff --git a/.trivyignore b/.trivyignore
index 5e7a3186d33..e94e5495257 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,3 +1 @@
 # No CentOS Upstream fix
-CVE-2020-12662
-CVE-2020-12663
diff --git a/dist/images/Dockerfile b/dist/images/Dockerfile
index cb3d7bc3baa..f5af08e4c74 100644
--- a/dist/images/Dockerfile
+++ b/dist/images/Dockerfile
@@ -19,10 +19,9 @@ RUN mkdir /rpms/ && \
 
 
 FROM centos:8
-RUN sed -i 's/$releasever/8-stream/g' /etc/yum.repos.d/CentOS-AppStream.repo && \
-    sed -i 's/$releasever/8-stream/g' /etc/yum.repos.d/CentOS-Base.repo
 RUN yum remove -y bind-export-libs && yum update -y && \
     yum install -y \
+        gnutls \
         firewalld-filesystem \
         libpcap \
         hostname ethtool \
diff --git a/dist/images/install.sh b/dist/images/install.sh
index 8a349f4e2b2..dba33bed1d8 100644
--- a/dist/images/install.sh
+++ b/dist/images/install.sh
@@ -1350,6 +1350,7 @@ trace(){
   mac=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.metadata.annotations.ovn\\.kubernetes\\.io/mac_address})
   ls=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.metadata.annotations.ovn\\.kubernetes\\.io/logical_switch})
   hostNetwork=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.spec.hostNetwork})
+  nodeName=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.spec.nodeName})
 
   if [ "$hostNetwork" = "true" ]; then
     echo "Can not trace host network pod"
@@ -1388,6 +1389,36 @@ trace(){
     *)
       echo "type $type not supported"
       echo "kubectl ko trace {namespace/podname} {target ip address} {icmp|tcp|udp} [target tcp or udp port]"
+      exit 1
+      ;;
+  esac
+
+  set +x
+  echo "--------"
+  echo "Start OVS Tracing"
+  echo ""
+  echo ""
+
+  ovsPod=$(kubectl get pod -n $KUBE_OVN_NS -o wide | grep " $nodeName " | grep ovs-ovn | awk '{print $1}')
+  if [ -z "$ovsPod" ]; then
+      echo "ovs pod  doesn't exist on node $nodeName"
+      exit 1
+  fi
+
+  inPort=$(kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-vsctl --format=csv --data=bare --no-heading --columns=ofport find interface external_id:iface-id="$podName"."$namespace")
+    case $type in
+    icmp)
+      set -x
+      kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-appctl ofproto/trace br-int in_port="$inPort",icmp,nw_src="$podIP",nw_dst="$dst",dl_src="$mac",dl_dst="$gwMac"
+      ;;
+    tcp|udp)
+      set -x
+      kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-appctl ofproto/trace br-int in_port="$inPort",$type,nw_src="$podIP",nw_dst="$dst",dl_src="$mac",dl_dst="$gwMac",tp_src=1000,tp_dst="$4"
+      ;;
+    *)
+      echo "type $type not supported"
+      echo "kubectl ko trace {namespace/podname} {target ip address} {icmp|tcp|udp} [target tcp or udp port]"
+      exit 1
       ;;
   esac
 }
diff --git a/dist/images/kubectl-ko b/dist/images/kubectl-ko
index ba4fe2f14cd..152252cfda7 100644
--- a/dist/images/kubectl-ko
+++ b/dist/images/kubectl-ko
@@ -74,6 +74,7 @@ trace(){
   mac=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.metadata.annotations.ovn\\.kubernetes\\.io/mac_address})
   ls=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.metadata.annotations.ovn\\.kubernetes\\.io/logical_switch})
   hostNetwork=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.spec.hostNetwork})
+  nodeName=$(kubectl get pod "$podName" -n "$namespace" -o jsonpath={.spec.nodeName})
 
   if [ "$hostNetwork" = "true" ]; then
     echo "Can not trace host network pod"
@@ -112,6 +113,36 @@ trace(){
     *)
       echo "type $type not supported"
       echo "kubectl ko trace {namespace/podname} {target ip address} {icmp|tcp|udp} [target tcp or udp port]"
+      exit 1
+      ;;
+  esac
+
+  set +x
+  echo "--------"
+  echo "Start OVS Tracing"
+  echo ""
+  echo ""
+
+  ovsPod=$(kubectl get pod -n $KUBE_OVN_NS -o wide | grep " $nodeName " | grep ovs-ovn | awk '{print $1}')
+  if [ -z "$ovsPod" ]; then
+      echo "ovs pod  doesn't exist on node $nodeName"
+      exit 1
+  fi
+
+  inPort=$(kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-vsctl --format=csv --data=bare --no-heading --columns=ofport find interface external_id:iface-id="$podName"."$namespace")
+    case $type in
+    icmp)
+      set -x
+      kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-appctl ofproto/trace br-int in_port="$inPort",icmp,nw_src="$podIP",nw_dst="$dst",dl_src="$mac",dl_dst="$gwMac"
+      ;;
+    tcp|udp)
+      set -x
+      kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-appctl ofproto/trace br-int in_port="$inPort",$type,nw_src="$podIP",nw_dst="$dst",dl_src="$mac",dl_dst="$gwMac",tp_src=1000,tp_dst="$4"
+      ;;
+    *)
+      echo "type $type not supported"
+      echo "kubectl ko trace {namespace/podname} {target ip address} {icmp|tcp|udp} [target tcp or udp port]"
+      exit 1
       ;;
   esac
 }
@@ -123,7 +154,7 @@ vsctl(){
   if [ -z "$ovsPod" ]; then
       echo "ovs pod  doesn't exist on node $nodeName"
       exit 1
-    fi
+  fi
   kubectl exec "$ovsPod" -n $KUBE_OVN_NS -- ovs-vsctl "$@"
 }