enabling explicitly_egress_direct to prevent flooding of packets

Bug #1861773 reported by Nobuto Murata
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Neutron Open vSwitch Charm
Triaged
Wishlist
Unassigned

Bug Description

In the upstream bug report, a bridge flooding issue with openvswitch firewall driver was discussed, and in the end a new config option in Neutron as explicitly_egress_direct was introduced.
https://bugs.launchpad.net/neutron/+bug/1732067
https://opendev.org/openstack/neutron/src/branch/master/releasenotes/notes/accepted_egress_direct-cc23873e213c6919.yaml

There are some conditions when to enable it so we might want to introduce some logic in the charm to handle it automatically or expose it as a charm config so it can be enabled explicitly.

> A new config option ``explicitly_egress_direct``, with default value False,
> was added for the aim of distinguishing clouds which are running the
> network node mixed with compute services, upstream neutron CI should be
> an example. In such situation, this ``explicitly_egress_direct`` should be
> set to False, because there are numerous cases from HA routers which can
> not be covered, particularly when you have centralized floating IPs running
> in such mixed hosts.
> Otherwise, set ``explicitly_egress_direct`` to True to avoid the flooding.
> One more note is if your network nodes are for networing services only, we
> recommand you disable all the security_group to get a higher performance.

Changed in charm-neutron-openvswitch:
importance: Undecided → Wishlist
Andrew McLeod (admcleod)
Changed in charm-neutron-openvswitch:
status: New → Triaged
Revision history for this message
Billy Olsen (billy-olsen) wrote :

A simple charm option to enable this would be sufficient.

tags: added: good-first-bug
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.