← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #88738

[Bug 1970606] [NEW] Live migration packet loss increasing as the number of security group rules increases

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

We lose too many packets during live migration. (After
post_live_migration starts)

After investigation we have recognized that it is related with the
number of security group rules which are applied to instance.

We are loosing 26 ping if there exist 90 security rules applied to
instance. (Security group count does not matter, 1 group 90 rules or 3
group with 30 rules)

After detaching some rules from instance and let the instance have only
4 security group rules and then tried to migrate again. In that case we
are only loosing 3 pings.

Do you have any idea? If this is caused by migrating the ovs flows, than
is there any solution?

Environment Details:
 OpenStack Wallaby Cluster installed via kolla-ansible to Ubuntu 20.04.2 LTS Hosts. (Kernel:5.4.0-90-generic)
 There exist 5 controller+network node.
 "neutron-openvswitch-agent", "neutron-l3-agent" and "neutron-server" version is "18.1.2.dev118"
 OpenvSwitch used in DVR mode with router HA configured. (l3_ha = true)
 We are using a single centralized neutron router for connecting all tenant networks to provider network.
 We are using bgp_dragent to announce unique tenant networks.
 Tenant network type: vxlan
 External network type: vlan

** Affects: neutron
     Importance: Undecided
         Status: New

** Description changed:

  Hi,
  
- 
- We lose too many packets during live migration. (After post_live_migration starts)
+ We lose too many packets during live migration. (After
+ post_live_migration starts)
  
  After investigation we have recognized that it is related with the
  number of security group rules which are applied to instance.
  
  We are loosing 26 ping if there exist 90 security rules applied to
  instance. (Security group count does not matter, 1 group 90 rules or 3
  group with 30 rules)
  
  After detaching some rules from instance and let the instance have only
- 4 securit group rules then tried to migrate again. In that case we are
- only loosing 3 pings.
+ 4 security group rules and then tried to migrate again. In that case we
+ are only loosing 3 pings.
  
  Do you have any idea? If this is caused by migrating the ovs flows, than
  is there any solution?
  
- 
  Environment Details:
-  OpenStack Wallaby Cluster installed via kolla-ansible to Ubuntu 20.04.2 LTS Hosts. (Kernel:5.4.0-90-generic)
-  There exist 5 controller+network node.
-  "neutron-openvswitch-agent", "neutron-l3-agent" and "neutron-server" version is "18.1.2.dev118"
-  OpenvSwitch used in DVR mode with router HA configured. (l3_ha = true)
-  We are using a single centralized neutron router for connecting all tenant networks to provider network.
-  We are using bgp_dragent to announce unique tenant networks.
-  Tenant network type: vxlan
-  External network type: vlan
+  OpenStack Wallaby Cluster installed via kolla-ansible to Ubuntu 20.04.2 LTS Hosts. (Kernel:5.4.0-90-generic)
+  There exist 5 controller+network node.
+  "neutron-openvswitch-agent", "neutron-l3-agent" and "neutron-server" version is "18.1.2.dev118"
+  OpenvSwitch used in DVR mode with router HA configured. (l3_ha = true)
+  We are using a single centralized neutron router for connecting all tenant networks to provider network.
+  We are using bgp_dragent to announce unique tenant networks.
+  Tenant network type: vxlan
+  External network type: vlan

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1970606

Title:
  Live migration packet loss increasing as the number of security group
  rules increases

Status in neutron:
  New

Bug description:
  Hi,

  We lose too many packets during live migration. (After
  post_live_migration starts)

  After investigation we have recognized that it is related with the
  number of security group rules which are applied to instance.

  We are loosing 26 ping if there exist 90 security rules applied to
  instance. (Security group count does not matter, 1 group 90 rules or 3
  group with 30 rules)

  After detaching some rules from instance and let the instance have
  only 4 security group rules and then tried to migrate again. In that
  case we are only loosing 3 pings.

  Do you have any idea? If this is caused by migrating the ovs flows,
  than is there any solution?

  Environment Details:
   OpenStack Wallaby Cluster installed via kolla-ansible to Ubuntu 20.04.2 LTS Hosts. (Kernel:5.4.0-90-generic)
   There exist 5 controller+network node.
   "neutron-openvswitch-agent", "neutron-l3-agent" and "neutron-server" version is "18.1.2.dev118"
   OpenvSwitch used in DVR mode with router HA configured. (l3_ha = true)
   We are using a single centralized neutron router for connecting all tenant networks to provider network.
   We are using bgp_dragent to announce unique tenant networks.
   Tenant network type: vxlan
   External network type: vlan

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1970606/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next