yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1489200] Re: Upon VM deletes, SG iptables not cleaned up, garbage piles up

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Ramu Ramamurthy <ramu.ramamurthy@xxxxxxxxxx>
Date: Tue, 01 Sep 2015 00:07:58 -0000
Reply-to: Bug 1489200 <1489200@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I applied the following patch released in the later kilo release (neutron/2015.1.1)

- [81e043f] Don't delete port from bridge on delete_port event
https://bugs.launchpad.net/neutron/+bug/1333365

and the problem is not seen anymore.


** Changed in: neutron
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489200

Title:
  Upon VM deletes, SG iptables not cleaned up, garbage piles up

Status in neutron:
  Fix Released

Bug description:
  Summary:  40 VMs are created and then deleted on the same host. At the
  end of this, I find that iptables rules for some ports are not cleaned
  up, and remain as garbage. This garbage keeps piling up, as more VMs
  are created and deleted.

  Topology:
                       Openstack Kilo, with Neutron Network using OVS & neutron security groups.
                       Kilo Component versions are as follows:
                        openstack-neutron-2015.1.0.2
                        openstack-neutron-ml2-2015.1.0.2   
                        openstack-neutron-openvswitch-2015.1.0.2

  Test Case:

                       1) create 1 network, 1 subnetwork
                       2) boot 40 VMs on one hypervisor  and 40 VMs on another hypervisor using the default Security Group
                       3) Run some traffic tests between VMs
                       4) delete all VMs

  Result:
                     Find that iptables rules are not cleaned up for the ports of the VMs

  Root Cause:
                   In the neutron-ovs-agent polling loop, there is an exception during the processing of port events.
                  As a result of this exception, the neutron-ovs-agent resyncs with plugin. This takes a while, At the same
                 time, VM ports are getting deleted. In this scenario, the neutron-ovs-agent "misses" some deleted ports, and
                does not cleanup SG filters for those "missed" ports

  Reproducability:

                    Happens almost every time. With more number of VMs,
  it is more likely

  Logs:

                   Attached are a set of neutron-ovs-agent logs, and the
  garbage iptables rules that remain.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1489200/+subscriptions

References

[Bug 1489200] [NEW] Upon VM deletes, SG iptables not cleaned up, garbage piles up
From: Ramu Ramamurthy, 2015-08-27