yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1836095] Re: Improve "OVSFirewallDriver.process_trusted_ports"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1836095@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jul 2019 18:34:59 -0000
Reply-to: Bug 1836095 <1836095@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/670162
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ae1d36fa9d8e2115a5241b5da2e941cdefa2c463
Submitter: Zuul
Branch:    master

commit ae1d36fa9d8e2115a5241b5da2e941cdefa2c463
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Wed Jul 10 18:57:02 2019 +0000

    Improve "OVSFirewallDriver.process_trusted_ports"
    
    FirewallDriver.process_trusted_ports" is called with many ports,
    "_initialize_egress_no_port_security" retrieves the VIF ports
    ("Interface" registers in OVS DB), one per iteration, based in the
    port_id. Instead of this procedure, if the DB is called only once to
    retrieve all the VIF ports, the performance increase is noticeable.
    E.g.: bridge with 1000 ports and interfaces.
    
    Retrieving 100 ports:
    - Bulk operation: 0.08 secs
    - Loop operation: 5.6 secs
    
    Retrieving 1000 ports:
    - Bulk operation: 0.08 secs
    - Loop operation: 59 secs
    
    Closes-Bug: #1836095
    Related-Bug: #1836023
    
    Change-Id: I5b259717c0fdb8991f1df86b1ef4fb8ad0f18e70


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1836095

Title:
  Improve "OVSFirewallDriver.process_trusted_ports"

Status in neutron:
  Fix Released

Bug description:
  When "OVSFirewallDriver.process_trusted_ports" is called with many
  ports, "_initialize_egress_no_port_security" retrieves the VIF ports
  ("Interface" registers in OVS DB), one per iteration, based in the
  port_id. Instead of this procedure, if the DB is called only once to
  retrieve all the VIF ports, the performance increase is noticeable.
  E.g.: bridge with 1000 ports and interfaces.

  port_ids = ['id%s' % i for i in range(1, 1000)]
  ts1 = timeutils.utcnow_ts(microsecond=True)
  vifs = ovs.get_vifs_by_ids(port_ids)
  ts2 = timeutils.utcnow_ts(microsecond=True)
  print("Time lapsed: %s" % str(ts2 - ts1))

  ts1 = timeutils.utcnow_ts(microsecond=True)
  for i in range(1, 1000):
      id = "id%s" % i
      vif = ovs.get_vif_port_by_id(id)
  ts2 = timeutils.utcnow_ts(microsecond=True)
  print("Time lapsed: %s" % str(ts2 - ts1))

  Retrieving 100 ports:
  - Bulk operation: 0.08 secs
  - Loop operation: 5.6 secs

  Retrieving 300 ports:
  - Bulk operation: 0.08 secs
  - Loop operation: 16.44 secs

  Retrieving 1000 ports:
  - Bulk operation: 0.08 secs
  - Loop operation: 59 secs

  [1]https://github.com/openstack/neutron/blob/06754907e241af76570f19301093c2abab97e627/neutron/agent/linux/openvswitch_firewall/firewall.py#L667
  [2]https://github.com/openstack/neutron/blob/06754907e241af76570f19301093c2abab97e627/neutron/agent/linux/openvswitch_firewall/firewall.py#L747

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1836095/+subscriptions

References

[Bug 1836095] [NEW] Improve "OVSFirewallDriver.process_trusted_ports"
From: Rodolfo Alonso, 2019-07-10