2012-08-08 14:08:40 |
David McNally |
description |
When a compute service is restarted each instance running on the host has its iptables
rules built and applied sequentially during the host init stage. The impact of this, especially
on a host running many instances, can be observed as a period where some instances
are not accessible as the existing iptables rules have been torn down and not yet re-applied.
A suggested work-around for this would be a configurable/flagged deferred mode that
would prevent the application of the iptables rules until all instances on the host had been
initialised then the rules for all instances would be applied at once preventing a ‘blackout’
period. |
When a compute service is restarted each instance running on the host has its iptables rules built and applied sequentially during the host init stage. The impact of this, especially on a host running many instances, can be observed as a period where some instances are not accessible as the existing iptables rules have been torn down and not yet re-applied.
A suggested work-around for this would be a configurable/flagged deferred mode that would prevent the application of the iptables rules until all instances on the host had been initialised then the rules for all instances would be applied at once preventing a ‘blackout’ period. |
|