Comment 2 for bug 1952567

Reviewed: https://review.opendev.org/c/openstack/neutron/+/819567
Committed: https://opendev.org/openstack/neutron/commit/c63ebef2d58e15f4388cf064066f77b503a2f841
Submitter: "Zuul (22348)"
Branch: master

commit c63ebef2d58e15f4388cf064066f77b503a2f841
Author: LIU Yulong <email address hidden>
Date: Mon Nov 29 12:27:23 2021 +0800

    Add tag to port more earlier

    During some ml2 ovs agent port processing performance test, we noticed
    that some ports are missing tag before it really done processing. While
    ovs treats those ports without tag as trunk port, so some packets will
    be flooded to it. In large scale cloud, if too many port added to the
    bridge, the ovs-vswitchd will consume a huge amount of CPU cores if
    ports are not bound in a short time.

    So, in the port_bound function of ovs-agent, we set the port tag to
    it after a local_vlan id is allocated. Because after that, setup
    security groups (setup_port_filters) and bind devices in DB
    (update_device_list) are really time-consuming.

    And also fix a potential bug, port is processed as created first,
    but no tag in ovsdb, so openflow security group will not be processed
    successfully [1]. It must be done in a update event during next loop,
    after port bound and ovsdb set the required value.

    This patch can also fix some upstream test failures of waiting too
    long time to ping some cases.

    [1] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/openvswitch_firewall/firewall.py#L112

    Closes-Bug: #1952567
    Change-Id: I3533f0d416d32f8d0888ad58f975960d89a985d9