Slow ovs flows processing in 9.2 with ovs firewall
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mirantis OpenStack |
Confirmed
|
High
|
Inessa Vasilevskaya | ||
| 9.x |
Confirmed
|
High
|
Inessa Vasilevskaya | ||
Bug Description
After some performance evaluations of ovs firewall in terms of existing limitations with large number of security group rules.
We found one potential performance problem. The scenario is:
1. Have a setup with ovs firewall enabled (In our case it is MOS 9.2, but I’m sure it’s reproducible with the devstack)
2. Create 1 security group with large number of sec group rules (in our case it was 4000) and use remote_
3. Then start booting VMs with this sec-group applied.
4. On each boot iteration measure the time when VMs gets pingable.
The issue: You will see that boot time increases almost non-linear. In our case when we spawned 10+ instances each next instance may go into error state because of timeouts.
This feature affects only 9.2+OVSFW enabled in case with only remote security groups.
Related bug in upstream: https:/
| Alexander Ignatov (aignatov) wrote | #1 |
| Changed in mos: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | nobody → Inessa Vasilevskaya (ivasilevskaya) |
| milestone: | none → 9.2 |
| tags: | added: area-neutron |
| Alexander Ignatov (aignatov) wrote | #2 |
| Changed in mos: | |
| milestone: | 9.2 → 9.3 |
| tags: | added: release-notes |
| Inessa Vasilevskaya (ivasilevskaya) wrote | #3 |
| Changed in mos: | |
| milestone: | 9.x-updates → 9.2 |
| Maria Zlatkova (mzlatkova) wrote | #4 |
| tags: |
added: release-notes-done removed: release-notes |
Fix for this bug in fuel-infra https:/