← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1952567] Re: [ml2][ovs] ports tag are missing and flood on those

 

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/819567
Committed: https://opendev.org/openstack/neutron/commit/c63ebef2d58e15f4388cf064066f77b503a2f841
Submitter: "Zuul (22348)"
Branch:    master

commit c63ebef2d58e15f4388cf064066f77b503a2f841
Author: LIU Yulong <i@xxxxxxxxxxxx>
Date:   Mon Nov 29 12:27:23 2021 +0800

    Add tag to port more earlier
    
    During some ml2 ovs agent port processing performance test, we noticed
    that some ports are missing tag before it really done processing. While
    ovs treats those ports without tag as trunk port, so some packets will
    be flooded to it. In large scale cloud, if too many port added to the
    bridge, the ovs-vswitchd will consume a huge amount of CPU cores if
    ports are not bound in a short time.
    
    So, in the port_bound function of ovs-agent, we set the port tag to
    it after a local_vlan id is allocated. Because after that, setup
    security groups (setup_port_filters) and bind devices in DB
    (update_device_list) are really time-consuming.
    
    And also fix a potential bug, port is processed as created first,
    but no tag in ovsdb, so openflow security group will not be processed
    successfully [1]. It must be done in a update event during next loop,
    after port bound and ovsdb set the required value.
    
    This patch can also fix some upstream test failures of waiting too
    long time to ping some cases.
    
    [1] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/openvswitch_firewall/firewall.py#L112
    
    Closes-Bug: #1952567
    Change-Id: I3533f0d416d32f8d0888ad58f975960d89a985d9


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1952567

Title:
  [ml2][ovs] ports tag are missing and flood on those

Status in neutron:
  Fix Released

Bug description:
  During some ml2 ovs agent port processing performance test, we noticed
  that some ports are missing tag before it really done processing. While
  ovs treats those ports without tag as trunk port, so some packets will
  be flooded to it. In large scale cloud, if too many port added to the
  bridge, the ovs-vswitchd will consume a huge amount of CPU cores if
  ports are not bound in a short time.

  Another potential problem is openflow security group may not get
  processed during the first created event.

  Upstream test failures of waiting too long time to ping some cases,
  may be related to these problems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1952567/+subscriptions



References