[ovs-dev] [RFC] Question about ovn-controller performance
Miguel Angel Ajo Pelayo
majopela at redhat.com
Thu Sep 14 21:10:42 UTC 2017
On Thu, Sep 14, 2017 at 2:58 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Thu, Sep 14, 2017 at 02:52:48PM -0600, Miguel Angel Ajo Pelayo wrote:
> > Although I see we have code for somehow packing stuff into conjunctions:
> >
> > https://github.com/openvswitch/ovs/blob/1ea2184501d43352ec40764f5eaa3c
> bd07e3fee3/ovn/controller/lflow.c#L298
> >
> > I don't really understand (yet) what's it doing. Is it may be supposed to
> > cover this case but we got into a bug?
>
> It's a naive, ad hoc algorithm that I implemented knowing at the time
> that I didn't know what was actually important yet. Now that we have an
> example of a case where it's important to get it right, it's time to
> take another look.
>
Oh, sounds great Ben, thank you for handling this.
I'm spending some time reading the lflow.c code to understand what we have
now.
I was wondering if, another improvement we could make in the future is
having ACL_Match sets, or something like that, to reduce the amount of ACL
entries and lflow entries that we generate, and also make it easier for
ovn-controller to group them. They would resemble the idea of security
groups (for rules, not for members) in neutron, but not sure if that's too
specific.
More information about the dev
mailing list