yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #45347
[Bug 1499177] Re: Performance: L2 agent takes too much time to refresh sg rules
[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1499177
Title:
Performance: L2 agent takes too much time to refresh sg rules
Status in neutron:
Expired
Bug description:
This issue is introducing a performance problem for the L2 agent
including LinuxBridge and OVS agent in Compute node when there are
lots of networks and instances in this Compute node (eg. 500
instances)
The performance problem reflect in two aspects:
1. When LinuxBridge agent service starts up(this seems only happened
in LinuxBridge agent not for the OVS agent), I found there were two
methods take too much time:
1.1 get_interface_by_ip(), we should find the interface which was
assigned with the "local ip" defined in configuration file, and to
check whether this interface support "vxlan" or not. This method will
iterate all the interface in this compute node and execute "ip link
show [interface] to [local ip]" to judge the result. I think there
should be a faster way.
1.2 prepare_port_filter() , in this method , we should make sure
the ipset are create correctly. But this method will execute too much
"ipset" commands and take too much time.
2. When devices' sg rules are changed, L2 agent should refresh the
firewalls.
2.1 refresh_firewall() this method will call "modify_rules" to
make the rules predicable, but this method also takes too much time.
It will be very benefit for the large scales of networks if this
performance problem can be fix or optimize.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1499177/+subscriptions
References