Conntrack entry removal can take a long time on large deployments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Brian Haley |
Bug Description
On a large deployment of about 1000 instances, instance deletion (neutron port deletion) or security group rule changes can take a really long time. We've actually seen it take hours in some instances.
While changing to netlink-lib for the IP Conntrack manager will help, https:/
Also, while the netlink-lib change above is better at only issuing calls for entries it finds, the current code doesn't do that, it could call 'conntrack -D' with arguments for nothing. If we first checked the table for given IPs it might reduce the time it takes for cleanup.
Changed in neutron: | |
status: | Confirmed → In Progress |
Changed in neutron: | |
milestone: | none → queens-rc1 |
Changed in neutron: | |
milestone: | queens-rc1 → none |
Fix proposed to branch: master /review. openstack. org/538042
Review: https:/