Reduces the deletion time of conjunction flows on hypervisors
where virtual machines reside which are part of a security
group that has remote security groups as target which contain
thousands of ports.
Without deferred deletion the agent will call ovs-ofctl several
hundred times in succession, during this time the agent will
block any new vm creation or neutron port modifications on this
hypervisor.
This patch has been tested using a single network with a single
vm with a security group that points to a remote security group
with 2000 ports.
During testing without the patch, the iteration time for deletion
was at around 500 seconds. After adding the patch to the l2 agent
on the test environment the same deletion time went down to
4 seconds.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/843253 /opendev. org/openstack/ neutron/ commit/ e09b128f416a809 cd7734aba8ab522 20ea01b2e2
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit e09b128f416a809 cd7734aba8ab522 20ea01b2e2
Author: Henning Eggers <email address hidden>
Date: Wed May 25 11:17:43 2022 +0200
Defer flow deletion in openvswitch firewall
Reduces the deletion time of conjunction flows on hypervisors
where virtual machines reside which are part of a security
group that has remote security groups as target which contain
thousands of ports.
Without deferred deletion the agent will call ovs-ofctl several
hundred times in succession, during this time the agent will
block any new vm creation or neutron port modifications on this
hypervisor.
This patch has been tested using a single network with a single
vm with a security group that points to a remote security group
with 2000 ports.
During testing without the patch, the iteration time for deletion
was at around 500 seconds. After adding the patch to the l2 agent
on the test environment the same deletion time went down to
4 seconds.
Closes-Bug: #1975674 f7f4b2cd4943a74 ebaf84f51b8
Change-Id: I46b1fe94b2e358