Huge spikes in get_instance_nw_info since upgrading to grizzly
Bug #1202893 reported by
Sam Morrison
This bug report is a duplicate of:
Bug #1184041: [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185).
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
New
|
Undecided
|
Unassigned | ||
Bug Description
We have recently upgraded to grizzly and we have started seeing huge spikes on our network queue.
Our network queue sits on about 1 message per second usually but we get spikes of 200m/s every so often.
These spikes are all due to the message get_instance_
We're pretty sure this is due to a user action and not some periodic task.
One thought is maybe something to do with security groups and source groups.
We have some tenants with 100+ instances all sharing the same security group source group.
We're using nova-network in FlatDHCP mode.
Happy to help debug this, just don't know what information is useful.
Revision history for this message
| Sam Morrison (sorrison) wrote | #1 |
| tags: | added: network |
To post a comment you must log in.
A little more information, I asked one of our big users who can trigger this at will on what they were doing and I'm now pretty sure this has to do with security groups.
They have approx. 50 instances which have a security group rule X to allow traffic from another security group rule Y.
When they launch an instance with security group Y it creates about 250 get_instance_
These guys regularly launch a large number of instances at the same time and therefore we get Nx250 messages.
We didn't see this in folsom.