Slow ovs flows processing in 9.2 with ovs firewall
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Confirmed
|
High
|
Inessa Vasilevskaya | ||
9.x |
Confirmed
|
High
|
Inessa Vasilevskaya |
Bug Description
After some performance evaluations of ovs firewall in terms of existing limitations with large number of security group rules.
We found one potential performance problem. The scenario is:
1. Have a setup with ovs firewall enabled (In our case it is MOS 9.2, but I’m sure it’s reproducible with the devstack)
2. Create 1 security group with large number of sec group rules (in our case it was 4000) and use remote_
3. Then start booting VMs with this sec-group applied.
4. On each boot iteration measure the time when VMs gets pingable.
The issue: You will see that boot time increases almost non-linear. In our case when we spawned 10+ instances each next instance may go into error state because of timeouts.
This feature affects only 9.2+OVSFW enabled in case with only remote security groups.
Related bug in upstream: https:/
Changed in mos: | |
milestone: | 9.2 → 9.3 |
tags: | added: release-notes |
Changed in mos: | |
milestone: | 9.x-updates → 9.2 |
Fix for this bug in fuel-infra https:/ /review. fuel-infra. org/#/c/ 30019/