yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #20343
[Bug 1365806] [NEW] Noopfirewall driver or security group disabled should avoid impose security group related calls to Neutron server
Public bug reported:
With openvswitch neutron agent, during the daemon loop, the phase for
setup_port_filters will try to grab the cast method
'security_group_rules_for_devices' to Neutron Server.
And this operation will be very time consuming and performance
bottleneck as it include ports query, rules query, network query as
well as reconstruct the huge Security groups Dict Message. This message
process will occupy a lot of CPU of Neutron Server.
For the Noopfirewall or security group disabled situation, this
operation should be avoided. As eventually these reply message would not
be used by Noopfirewall driver. (There methods are pass).
with self.firewall.defer_apply():
for device in devices.values():
LOG.debug(_("Update port filter for %s"), device['device'])
self.firewall.update_port_filter(device)
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1365806
Title:
Noopfirewall driver or security group disabled should avoid impose
security group related calls to Neutron server
Status in OpenStack Neutron (virtual network service):
New
Bug description:
With openvswitch neutron agent, during the daemon loop, the phase for
setup_port_filters will try to grab the cast method
'security_group_rules_for_devices' to Neutron Server.
And this operation will be very time consuming and performance
bottleneck as it include ports query, rules query, network query as
well as reconstruct the huge Security groups Dict Message. This
message process will occupy a lot of CPU of Neutron Server.
For the Noopfirewall or security group disabled situation, this
operation should be avoided. As eventually these reply message would
not be used by Noopfirewall driver. (There methods are pass).
with self.firewall.defer_apply():
for device in devices.values():
LOG.debug(_("Update port filter for %s"), device['device'])
self.firewall.update_port_filter(device)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1365806/+subscriptions
Follow ups
References