[ovs-discuss] OpenStack profiling with networking-ovn - port creation is slow

Ben Pfaff blp at ovn.org
Mon Feb 26 20:05:52 UTC 2018


On Fri, Feb 23, 2018 at 03:51:28PM -0800, Han Zhou wrote:
> On Fri, Feb 23, 2018 at 2:17 PM, Ben Pfaff <blp at ovn.org> wrote:
> >
> > On Tue, Feb 20, 2018 at 08:56:42AM -0800, Han Zhou wrote:
> > > On Tue, Feb 20, 2018 at 8:15 AM, Ben Pfaff <blp at ovn.org> wrote:
> > > >
> > > > On Mon, Feb 19, 2018 at 11:33:11AM +0100, Daniel Alvarez Sanchez
> wrote:
> > > > > @Han, I can try rebase the patch if you want but that was
> > > > > basically renaming the Address_Set table and from Ben's
> > > > > comment, it may be better to keep the name. Not sure,
> > > > > however, how we can proceed to address Lucas' points in
> > > > > this thread.
> > > >
> > > > I wouldn't rename the table.  It sounds like the priority should be to
> > > > add support for sets of port names.  I thought that there was already
> a
> > > > patch for that to be rebased, but maybe I misunderstood.
> > >
> > > I feel it is better to add a new table for port group explicitly, and
> the
> > > column type can be a set of weak reference to Logical_Switch_Port.
> > > The benefits are:
> > > - Better data integrity: deleting a lport automatically deletes from the
> > > port group
> > > - No confusion about the type of records in a single table
> > > - Existing Address_Set mechanism will continue to be supported without
> any
> > > change
> > > - Furthermore, the race condition issue brought up by Lucas can be
> solved
> > > by supporting port-group in IP address match condition in
> ovn-controller,
> > > so that all addresses in the lports are used just like how AddressSet is
> > > used today. And there is no need for Neutron networking-ovn to use
> > > AddressSet any more. Since addresses are deduced from lports, the
> ordering
> > > of deleting/adding doesn't matter any more.
> > >
> > > How does this sound?
> >
> > Will we want sets of Logical_Router_Ports later?
> At least I don't see any use case in Neutron for router ports since
> Security Group is only for VIF ports.
> 
> There is another tricky point I see while working on implementation. In
> Neutron, SG can be applied to ports across different networks, but in OVN
> lports works only on its own datapath, so in ovn-controller we need to be
> able to pickup related ports from the port-group when translating lflows
> for each datapath. I hope this is not an issue. Otherwise, Neutron plugin
> will have to divide the group of ports into sub-groups according to the
> lswitch they belong to, which would be a pain.

I think that we can make ovn-controller gracefully tolerate that.

Let's try this implementation.  I'm not excited about having a new table
for this purpose, but it sounds like the advantages may be worthwhile.


More information about the discuss mailing list