[OpenStack-OVN] Poor network performance when use Security Group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-ovn |
New
|
Undecided
|
Unassigned | ||
neutron |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Hello everyone, We have a critical problem with OpenStack using ML2/OVN.
We deploy two new OpenStack clusters OpenStack (both Yoga and Victoria), neutron using ML2/OVN.
We create a new network Geneve, and create 3 VM on that network. VM name test-1, test2 and gw-hn (See video for detail).
VM test-1 and test-2 in the same compute node and test bandwidth between them use iperf3 and result:
- >= 18Gbps if NO PORT in that network is attached security group
- 6Gbps if just only one port in that network is attached security group
Please see detail in video (https:/
- VM gw-hn is unrelated to VM test-1 and test-2, but if we add a security group for the port of VM gw-hn, bandwidth between VM test-1 and test-2 drops sharply
OpenStack Cluster Version Detail:
- OpenStack Yoga: OVN 22.03.0, Open vSwitch 2.17.0
- OpenStack Victoria: OVN 20.03.2, Open vSwitch 2.13.5
Changed in neutron: | |
status: | New → Incomplete |
summary: |
- [OpenStack-OVN] Poor network performance + [OpenStack-OVN] Poor network performance when use Security Group |
description: | updated |
description: | updated |
description: | updated |
Hi, I do not understand which version you installed, is it Yoga or Victoria? (it cannot be both)
Also networking-ovn as a separate project was merged back in neutron in Ussuri timeframe, so I suppose you mean the mechanism driver (ML2/OVN and ML2/OVS in second example).
I suppose this was done on same hardware and environment? Which firewall driver is used with ML2/OVS?
I need to dig up a bit to find relevant numbers, but ML2/OVN versus ML2/OVS should not show a perf degradation