yahoo-eng-team team mailing list archive

[Sudheendra Murthy <sudhi.vm@xxxxxxxxx>]

Public bug reported:

In Havana neutron, there is a _get_security_groups_on_port(...) which
checks that all security groups on port belong to tenant. This method is
called every time a port is created. This method calls
get_security_groups(...) and with 'service' tenant, this results in
getting security groups of all tenants from the database, which is time
consuming if there are hundreds of tenants. get_security_groups(...)
then applies filter on the security groups returned from db query to
select security groups associated with the port. In our environment with
around 700 tenants, we saw this method take > 30 seconds and also cause
slowdown of other API request processing on this worker instance. This
can be made more efficient by supplying 'id' filter so that the database
query itself filters on the tenant-id. In our environment, this patch
resulted in the method taking 0.1 seconds, down from 30 seconds.

** Affects: neutron
     Importance: Undecided
     Assignee: Sudheendra Murthy (sudhi-vm)
         Status: New


** Tags: neutron-core

** Changed in: neutron
     Assignee: (unassigned) => Sudheendra Murthy (sudhi-vm)

** Tags added: neutron-core

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1315097

Title:
  get_security_groups_on_port takes a long time slowing down neutron

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  In Havana neutron, there is a _get_security_groups_on_port(...) which
  checks that all security groups on port belong to tenant. This method
  is called every time a port is created. This method calls
  get_security_groups(...) and with 'service' tenant, this results in
  getting security groups of all tenants from the database, which is
  time consuming if there are hundreds of tenants.
  get_security_groups(...) then applies filter on the security groups
  returned from db query to select security groups associated with the
  port. In our environment with around 700 tenants, we saw this method
  take > 30 seconds and also cause slowdown of other API request
  processing on this worker instance. This can be made more efficient by
  supplying 'id' filter so that the database query itself filters on the
  tenant-id. In our environment, this patch resulted in the method
  taking 0.1 seconds, down from 30 seconds.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1315097/+subscriptions