Security group filters for all ports are refreshed on any DHCP port change
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Kevin Benton |
Bug Description
Whenever any change is made to a DHCP agent port, a refresh of all security group filters for all ports on that network is triggered. This is unnecessary as all instance ports automatically get a blanket allow rule for DHCP port numbers. So changes to DHCP ports in no way require updates to any filters.
For networks with a large number of ports, this also generates significant load against neutron-server and the backend database.
Steps to reproduce:
- Network with some number of instance ports
- Add or remove a DHCP agent from that network (constitutes a change of DHCP ports)
- A refresh for all ports on that network is triggered
See: https:/
We experience this issue in Liberty, and it's still present in master.
Fix proposed to branch: master /review. openstack. org/416380
Review: https:/