yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88620
[Bug 1952567] Re: [ml2][ovs] ports tag are missing and flood on those
Reviewed: https://review.opendev.org/c/openstack/neutron/+/819567
Committed: https://opendev.org/openstack/neutron/commit/c63ebef2d58e15f4388cf064066f77b503a2f841
Submitter: "Zuul (22348)"
Branch: master
commit c63ebef2d58e15f4388cf064066f77b503a2f841
Author: LIU Yulong <i@xxxxxxxxxxxx>
Date: Mon Nov 29 12:27:23 2021 +0800
Add tag to port more earlier
During some ml2 ovs agent port processing performance test, we noticed
that some ports are missing tag before it really done processing. While
ovs treats those ports without tag as trunk port, so some packets will
be flooded to it. In large scale cloud, if too many port added to the
bridge, the ovs-vswitchd will consume a huge amount of CPU cores if
ports are not bound in a short time.
So, in the port_bound function of ovs-agent, we set the port tag to
it after a local_vlan id is allocated. Because after that, setup
security groups (setup_port_filters) and bind devices in DB
(update_device_list) are really time-consuming.
And also fix a potential bug, port is processed as created first,
but no tag in ovsdb, so openflow security group will not be processed
successfully [1]. It must be done in a update event during next loop,
after port bound and ovsdb set the required value.
This patch can also fix some upstream test failures of waiting too
long time to ping some cases.
[1] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/openvswitch_firewall/firewall.py#L112
Closes-Bug: #1952567
Change-Id: I3533f0d416d32f8d0888ad58f975960d89a985d9
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1952567
Title:
[ml2][ovs] ports tag are missing and flood on those
Status in neutron:
Fix Released
Bug description:
During some ml2 ovs agent port processing performance test, we noticed
that some ports are missing tag before it really done processing. While
ovs treats those ports without tag as trunk port, so some packets will
be flooded to it. In large scale cloud, if too many port added to the
bridge, the ovs-vswitchd will consume a huge amount of CPU cores if
ports are not bound in a short time.
Another potential problem is openflow security group may not get
processed during the first created event.
Upstream test failures of waiting too long time to ping some cases,
may be related to these problems.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1952567/+subscriptions
References