neutron

OVN DB sync acls Timeout

Bug #2023130 reported by ZhouHeng on 2023-06-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	Medium	ZhouHeng

Bug Description

There are over 200000 security group rules in the neutron database. When starting the neutron server synchronization, after a long period of time, the synchronization fails with an ovsdb.exceptions.TimeoutException message
Another issue with synchronization is that when there is a large inventory of acls, it may take several hours to compare the differences between Neutron db and ovn-nb.

See original description

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-07: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/885224

Changed in neutron:
status:	New → In Progress

ZhouHeng (zhouhenglc) on 2023-06-07

Changed in neutron:
assignee:	nobody → ZhouHeng (zhouhenglc)

Bernard Cafarelli (bcafarel) on 2023-06-08

tags:	added: ovn
Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-09:

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/885449

ZhouHeng (zhouhenglc) on 2023-06-09

description:

updated

Revision history for this message

Faizal Satrio (fsatrionn) wrote on 2023-07-06:

Hi, I have the same case after adding a new controller to the cluster.

Does it have anything to do if OVN DB not syncing between nodes can cause Neutron network agent 504 Gateway Timeout like this issue: https://bugs.launchpad.net/neutron/+bug/2025946 ?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-06-13: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/885449
Committed: https://opendev.org/openstack/neutron/commit/dbca7e1f8cc339c5c87ea5a68f1e1dd2c78c94c3
Submitter: "Zuul (22348)"
Branch: master

commit dbca7e1f8cc339c5c87ea5a68f1e1dd2c78c94c3
Author: zhouhenglc <email address hidden>
Date: Fri Jun 9 10:13:16 2023 +0800

Improve ACL comparison efficiency

    The current comparison strategy is very time-consuming, and if
    there are hundreds of thousands of security group rules, the
    comparison time can still vary from several hours. The main
    time-consuming operations are [1].

    This patch is sorted first by security group rule ID and then
    compared. The execution of sorting actions is relatively fast.
    After actual measurement, the total time consumption is in the
    minute level.

Partial-Bug: #2023130
[1] https://github.com/openstack/neutron/blob/b86ca713f7d422489f2526c1a94ffc8393b3ed75/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py#L285-L291

Change-Id: If4c886d928258450aac31e12a4e26e0cbe2ace62

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.