neutron

  1. Bug #1745468
  2. Comment #5

Comment 5 for bug 1745468

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/545612
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0dbd35df1bdaea7dec97fd976b6990f4b79a6b77
Submitter: Zuul
Branch: stable/queens

commit 0dbd35df1bdaea7dec97fd976b6990f4b79a6b77
Author: Brian Haley <email address hidden>
Date: Wed Jan 24 15:55:56 2018 -0500

    Process conntrack updates in worker threads

    With a large number of instances and/or security group rules,
    conntrack updates when ports are removed or rules are changed
    can take a long time to process. By enqueuing these to a set
    or worker threads, the agent can continue with other work while
    they are processed in the background.

    This is a change in behavior in the agent since it could
    program a new set of security group rules before all existing
    conntrack entries are deleted, but since the iptables or OVSfw
    NAT rules will have been removed, it should not pose a
    security issue.

    Change-Id: Ibf858c7fdf7a822a30e4a0c4722d70fd272741b6
    Closes-bug: #1745468
    (cherry picked from commit 65a81623fc0377b26d2d5800607f7c3acc08c45a)