OVN DB sync acls Timeout

Bug #2023130 reported by ZhouHeng
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
In Progress
Medium
ZhouHeng

Bug Description

There are over 200000 security group rules in the neutron database. When starting the neutron server synchronization, after a long period of time, the synchronization fails with an ovsdb.exceptions.TimeoutException message
Another issue with synchronization is that when there is a large inventory of acls, it may take several hours to compare the differences between Neutron db and ovn-nb.

Tags: ovn
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/885224

Changed in neutron:
status: New → In Progress
ZhouHeng (zhouhenglc)
Changed in neutron:
assignee: nobody → ZhouHeng (zhouhenglc)
tags: added: ovn
Changed in neutron:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/885449

ZhouHeng (zhouhenglc)
description: updated
Revision history for this message
Faizal Satrio (fsatrionn) wrote :

Hi, I have the same case after adding a new controller to the cluster.

Does it have anything to do if OVN DB not syncing between nodes can cause Neutron network agent 504 Gateway Timeout like this issue: https://bugs.launchpad.net/neutron/+bug/2025946 ?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/885449
Committed: https://opendev.org/openstack/neutron/commit/dbca7e1f8cc339c5c87ea5a68f1e1dd2c78c94c3
Submitter: "Zuul (22348)"
Branch: master

commit dbca7e1f8cc339c5c87ea5a68f1e1dd2c78c94c3
Author: zhouhenglc <email address hidden>
Date: Fri Jun 9 10:13:16 2023 +0800

    Improve ACL comparison efficiency

    The current comparison strategy is very time-consuming, and if
    there are hundreds of thousands of security group rules, the
    comparison time can still vary from several hours. The main
    time-consuming operations are [1].

    This patch is sorted first by security group rule ID and then
    compared. The execution of sorting actions is relatively fast.
    After actual measurement, the total time consumption is in the
    minute level.

    Partial-Bug: #2023130
    [1] https://github.com/openstack/neutron/blob/b86ca713f7d422489f2526c1a94ffc8393b3ed75/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py#L285-L291

    Change-Id: If4c886d928258450aac31e12a4e26e0cbe2ace62

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.