neutron

  1. Bug #1975674
  2. Comment #14

Comment 14 for bug 1975674

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/845100
Committed: https://opendev.org/openstack/neutron/commit/b70bf7fd9835671ea4c50556eb91e4f4d36b703d
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit b70bf7fd9835671ea4c50556eb91e4f4d36b703d
Author: Henning Eggers <email address hidden>
Date: Wed May 25 11:17:43 2022 +0200

    Defer flow deletion in openvswitch firewall

    Reduces the deletion time of conjunction flows on hypervisors
    where virtual machines reside which are part of a security
    group that has remote security groups as target which contain
    thousands of ports.

    Without deferred deletion the agent will call ovs-ofctl several
    hundred times in succession, during this time the agent will
    block any new vm creation or neutron port modifications on this
    hypervisor.

    This patch has been tested using a single network with a single
    vm with a security group that points to a remote security group
    with 2000 ports.

    During testing without the patch, the iteration time for deletion
    was at around 500 seconds. After adding the patch to the l2 agent
    on the test environment the same deletion time went down to
    4 seconds.

    Closes-Bug: #1975674
    Change-Id: I46b1fe94b2e358f7f4b2cd4943a74ebaf84f51b8
    (cherry picked from commit e09b128f416a809cd7734aba8ab52220ea01b2e2)