diff -Nru neutron-16.4.2/debian/changelog neutron-16.4.2/debian/changelog --- neutron-16.4.2/debian/changelog 2022-07-06 03:50:56.000000000 +0800 +++ neutron-16.4.2/debian/changelog 2022-09-08 06:59:57.000000000 +0800 @@ -1,3 +1,10 @@ +neutron (2:16.4.2-0ubuntu4) focal; urgency=medium + + * d/defer-flow-deletion-in-openvswitch-firewall.patch + Defer flow deletion in openvswitch firewall (LP: #1975674) + + -- Zhang Hua Thu, 08 Sep 2022 06:59:57 +0800 + neutron (2:16.4.2-0ubuntu3) focal; urgency=medium * d/p/partially-revert-do-not-link-up-ha-router-gateway-in.patch: diff -Nru neutron-16.4.2/debian/patches/defer-flow-deletion-in-openvswitch-firewall.patch neutron-16.4.2/debian/patches/defer-flow-deletion-in-openvswitch-firewall.patch --- neutron-16.4.2/debian/patches/defer-flow-deletion-in-openvswitch-firewall.patch 1970-01-01 08:00:00.000000000 +0800 +++ neutron-16.4.2/debian/patches/defer-flow-deletion-in-openvswitch-firewall.patch 2022-09-08 06:59:50.000000000 +0800 @@ -0,0 +1,41 @@ +From 1a01d0e66a430d6716cf969facb15f626f0ed1a6 Mon Sep 17 00:00:00 2001 +From: Henning Eggers +Date: Wed, 25 May 2022 11:17:43 +0200 +Subject: [PATCH] Defer flow deletion in openvswitch firewall + +Reduces the deletion time of conjunction flows on hypervisors +where virtual machines reside which are part of a security +group that has remote security groups as target which contain +thousands of ports. + +Without deferred deletion the agent will call ovs-ofctl several +hundred times in succession, during this time the agent will +block any new vm creation or neutron port modifications on this +hypervisor. + +This patch has been tested using a single network with a single +vm with a security group that points to a remote security group +with 2000 ports. + +During testing without the patch, the iteration time for deletion +was at around 500 seconds. After adding the patch to the l2 agent +on the test environment the same deletion time went down to +4 seconds. + +Closes-Bug: #1975674 +Change-Id: I46b1fe94b2e358f7f4b2cd4943a74ebaf84f51b8 +(cherry picked from commit e09b128f416a809cd7734aba8ab52220ea01b2e2) +(cherry picked from commit 30ef996f8aa0b0bc57a280690871f1081946ffee) +Signed-off-by: Zhang Hua +--- + neutron/agent/linux/openvswitch_firewall/firewall.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- neutron-16.4.2.orig/neutron/agent/linux/openvswitch_firewall/firewall.py ++++ neutron-16.4.2/neutron/agent/linux/openvswitch_firewall/firewall.py +@@ -1553,4 +1553,4 @@ class OVSFirewallDriver(firewall.Firewal + # will not match with the ip flow's cookie so OVS won't actually + # delete the flow + flow['cookie'] = ovs_lib.COOKIE_ANY +- self._delete_flows(deferred=False, **flow) ++ self._delete_flows(**flow) diff -Nru neutron-16.4.2/debian/patches/series neutron-16.4.2/debian/patches/series --- neutron-16.4.2/debian/patches/series 2022-07-06 03:50:56.000000000 +0800 +++ neutron-16.4.2/debian/patches/series 2022-09-08 06:59:07.000000000 +0800 @@ -9,3 +9,4 @@ lp1975594-0006-Use-Port_Binding-up-column-to-set-Neutron-port-statu.patch lp1975594-0007-support-SB-OVSDB-connections-to-non-leader-servers.patch lp1975594-0008-fix-setting-table-monitoring-conditions.patch +defer-flow-deletion-in-openvswitch-firewall.patch