yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1598734] Re: Avoid duplicate ipset processing for security groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1598734@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Jul 2016 15:55:13 -0000
Reply-to: Bug 1598734 <1598734@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/337064
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ca792b0d569ca9d55617d6fddfdb53a743c05661
Submitter: Jenkins
Branch:    master

commit ca792b0d569ca9d55617d6fddfdb53a743c05661
Author: venkata anil <anilvenkata@xxxxxxxxxx>
Date:   Fri Jul 8 18:49:45 2016 +0000

    Avoid duplicate ipset processing for security groups
    
    While applying firewall rules for ports, existing implementation
    iterates through each port and applies ipset for its security groups.
    With this, when ports share the security group, ipset for same security
    group is called again and again while iterating through ports.
    
    From the DB, we already get the list of security groups for which ipset
    members have to be updated. In the new approach, we apply ipset on these
    security groups(before firewall rules setup), instead of iterating
    through all ports(during settig up firewall rules)and parsing them for
    security groups and then applying ipset. With this we can avoid
    duplicate ipset processing for same security groups.
    
    Closes-bug: #1598734
    Partial-Bug: #1499177
    Change-Id: I3f16d1a3a847e706ff743a8e1a5e7598f9f4c6dd


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1598734

Title:
  Avoid duplicate ipset processing for security groups

Status in neutron:
  Fix Released

Bug description:
  While applying firewall rules for ports, existing implementation
  iterates through each port and applies ipset for its security groups.
  With this, when ports share the security group, ipset for same security 
  group is called again and again while iterating through ports.
  Instead, if we prepare list of security groups for all ports and apply 
  ipset on them before applying firewall, we can avoid duplicate ipset
  processing for security groups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1598734/+subscriptions

References

[Bug 1598734] [NEW] Avoid duplicate ipset processing for security groups
From: venkata anil, 2016-07-04