Also I've performed the following check using WARNING logs in python at the beginning and ending of function which modifies security group rules using "START MODIFY RULES" and "END MODIFY RULES" labels:
After patch:
There was booted 96 VMs and 460 rules per VM
Adding +1 VM 2014-12-05 22:51:46.616 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] START MODIFY RULES 2014-12-05 22:51:57.647 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] END MODIFY RULES
Result: 11 sec
Adding +1 VM 2014-12-05 22:55:35.525 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] START MODIFY RULES 2014-12-05 22:55:46.934 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] END MODIFY RULES Result: 11 sec
After deleting 4VMs 2014-12-05 23:01:21.946 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] START MODIFY RULES 2014-12-05 23:01:33.097 22962 WARNING neutron.agent.linux.iptables_manager [req-3029b20d-abef-4528-92ec-ba00d40afdb3 None] END MODIFY RULES Result: 11 sec
Before patch
2014-12-05 23:28:30.195 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] START MODIFY RULES 2014-12-05 23:38:38.574 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] END MODIFY RULES Result: 10 mins
Booted 1 VM and 2014-12-05 23:47:12.682 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] START MODIFY RULES 2014-12-05 23:57:13.310 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] END MODIFY RULES
Result: operation of modifying iptables took 10 min and VM moved into Error state
Deleting of 20 VMs 2014-12-06 00:00:18.216 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] START MODIFY RULES 2014-12-06 00:10:04.423 30024 WARNING neutron.agent.linux.iptables_manager [req-b6968b33-ada2-4b51-a6ef-03527bc25415 None] END MODIFY RULES
Result: operation of modifying iptables took 10 min
Also I've performed the following check using WARNING logs in python at the beginning and ending of function which modifies security group rules using "START MODIFY RULES" and "END MODIFY RULES" labels:
After patch:
There was booted 96 VMs and 460 rules per VM
Adding +1 VM agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] START MODIFY RULES agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] END MODIFY RULES
2014-12-05 22:51:46.616 22962 WARNING neutron.
2014-12-05 22:51:57.647 22962 WARNING neutron.
Result: 11 sec
Adding +1 VM agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] START MODIFY RULES agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] END MODIFY RULES
2014-12-05 22:55:35.525 22962 WARNING neutron.
2014-12-05 22:55:46.934 22962 WARNING neutron.
Result: 11 sec
After deleting 4VMs agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] START MODIFY RULES agent.linux. iptables_ manager [req-3029b20d- abef-4528- 92ec-ba00d40afd b3 None] END MODIFY RULES
2014-12-05 23:01:21.946 22962 WARNING neutron.
2014-12-05 23:01:33.097 22962 WARNING neutron.
Result: 11 sec
Before patch
There was booted 96 VMs and 460 rules per VM
2014-12-05 23:28:30.195 30024 WARNING neutron. agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] START MODIFY RULES agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] END MODIFY RULES
2014-12-05 23:38:38.574 30024 WARNING neutron.
Result: 10 mins
Booted 1 VM and agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] START MODIFY RULES agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] END MODIFY RULES
2014-12-05 23:47:12.682 30024 WARNING neutron.
2014-12-05 23:57:13.310 30024 WARNING neutron.
Result: operation of modifying iptables took 10 min and VM moved into Error state
Deleting of 20 VMs agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] START MODIFY RULES agent.linux. iptables_ manager [req-b6968b33- ada2-4b51- a6ef-03527bc254 15 None] END MODIFY RULES
2014-12-06 00:00:18.216 30024 WARNING neutron.
2014-12-06 00:10:04.423 30024 WARNING neutron.
Result: operation of modifying iptables took 10 min