yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #54042
[Bug 1598734] Re: Avoid duplicate ipset processing for security groups
Reviewed: https://review.openstack.org/337064
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ca792b0d569ca9d55617d6fddfdb53a743c05661
Submitter: Jenkins
Branch: master
commit ca792b0d569ca9d55617d6fddfdb53a743c05661
Author: venkata anil <anilvenkata@xxxxxxxxxx>
Date: Fri Jul 8 18:49:45 2016 +0000
Avoid duplicate ipset processing for security groups
While applying firewall rules for ports, existing implementation
iterates through each port and applies ipset for its security groups.
With this, when ports share the security group, ipset for same security
group is called again and again while iterating through ports.
From the DB, we already get the list of security groups for which ipset
members have to be updated. In the new approach, we apply ipset on these
security groups(before firewall rules setup), instead of iterating
through all ports(during settig up firewall rules)and parsing them for
security groups and then applying ipset. With this we can avoid
duplicate ipset processing for same security groups.
Closes-bug: #1598734
Partial-Bug: #1499177
Change-Id: I3f16d1a3a847e706ff743a8e1a5e7598f9f4c6dd
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1598734
Title:
Avoid duplicate ipset processing for security groups
Status in neutron:
Fix Released
Bug description:
While applying firewall rules for ports, existing implementation
iterates through each port and applies ipset for its security groups.
With this, when ports share the security group, ipset for same security
group is called again and again while iterating through ports.
Instead, if we prepare list of security groups for all ports and apply
ipset on them before applying firewall, we can avoid duplicate ipset
processing for security groups.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1598734/+subscriptions
References