[ovs-git] [ovn-org/ovn] de6375: ovn-northd: Avoid ha_ref_chassis calculation when ...

Han Zhou noreply at github.com
Tue Aug 17 18:50:33 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: de6375a90fe63d718036a0cc2ec7a0a9dccf6173
      https://github.com/ovn-org/ovn/commit/de6375a90fe63d718036a0cc2ec7a0a9dccf6173
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M tests/ovn-northd.at

  Log Message:
  -----------
  ovn-northd: Avoid ha_ref_chassis calculation when there is only one chassis in ha_chassis_group.

When there is a big number of ha_chassis_groups (e.g. for distributed
gateway ports), the calculation of ha_ref_chassis can take the major
part of ovn-northd CPU as shown in perf.

However, when there is only one chassis in ha_chassis_group, no BFD
sessions are needed, so ha_ref_chassis calculation is unnecessary.

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


  Commit: 2bc0e1e4047112baf9e51e3ef6df8e3197631e2b
      https://github.com/ovn-org/ovn/commit/2bc0e1e4047112baf9e51e3ef6df8e3197631e2b
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M controller/binding.c

  Log Message:
  -----------
  binding.c: Refactor binding_handle_port_binding_changes.

The extra get_local_datapath() call seems unnecessary. Remove it and
combine the two if-blocks to an if-else block.

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


  Commit: 794e1b96395d4a78a5b60b8ff0e7139c2410d291
      https://github.com/ovn-org/ovn/commit/794e1b96395d4a78a5b60b8ff0e7139c2410d291
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M controller/binding.c

  Log Message:
  -----------
  binding.c: Create a new function consider_patch_port_for_local_datapaths.

Move the logical of handling patch port changes for updating local_datapaths
to a separate function, which will be reused later. Also split the
switch-case for the 2 cases: LP_PATCH and LP_VTEP, because there are
more differences than common, to avoid the extra if-blocks.

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


  Commit: 55e902409dcc61b7a9bdae5e47a68fc16460e576
      https://github.com/ovn-org/ovn/commit/55e902409dcc61b7a9bdae5e47a68fc16460e576
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M ovn-sb.xml

  Log Message:
  -----------
  ovn-sb.xml: Add the missing documentation for redirect-type.

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


  Commit: 4564b8cc4ae179474397e5eadd3332f96963b481
      https://github.com/ovn-org/ovn/commit/4564b8cc4ae179474397e5eadd3332f96963b481
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M ovn-architecture.7.xml

  Log Message:
  -----------
  ovn-architecture: Add description of a limitation for distributed gateway ports.

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


  Commit: 22298fd3790825f45680508bde821bb9a2d525d2
      https://github.com/ovn-org/ovn/commit/22298fd3790825f45680508bde821bb9a2d525d2
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)

  Changed paths:
    M controller/binding.c
    M controller/local_data.c
    M controller/local_data.h
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M ovn-architecture.7.xml
    M ovn-nb.xml
    M ovn-sb.xml
    M tests/ovn.at

  Log Message:
  -----------
  ovn-controller: Don't flood fill local datapaths beyond DGP boundary.

For a fully distributed virtual network dataplane, ovn-controller
flood-fills datapaths that are connected through patch ports. This
creates scale problems in ovn-controller when the connected datapaths
are too many.

In a particular situation, when distributed gateway ports are used to
connect logical routers to logical switches, when there is no need for
distributed processing of those gateway ports (e.g. no dnat_and_snat
configured), the datapaths on the other side of the gateway ports are
not needed locally on the current chassis. This patch avoids pulling
those datapaths to local in those scenarios.

There are two scenarios that can greatly benefit from this optimization.

1) When there are multiple tenants, each has its own logical topology,
   but sharing the same external/provider networks, connected to their
   own logical routers with DGPs. Without this optimization, each
   ovn-controller would process all logical topology of all tenants and
   program flows for all of them, even if there are only workloads of a
   very few number of tenants on the node where the ovn-controller is
   running, because the shared external network connects all tenants.
   With this change, only the logical topologies relevant to the node
   are processed and programmed on the node.

2) In some deployments, such as ovn-kubernetes, logical switches are
   bound to chassis instead of distributed, because each chassis is
   assigned dedicated subnets. With the current implementation,
   ovn-controller on each node processes all logical switches and all
   ports on them, without knowing that they are not distributed at all.
   At large scale with N nodes (N = hundreds or even more), there are
   roughly N times processing power wasted for the logical connectivity
   related flows. With this change, those depolyments can utilize DGP
   to connect the node level logical switches to distributed router(s),
   with gateway chassis (or HA chassis without really HA) of the DGP
   set to the chassis where the logical switch is bound. This inherently
   tells OVN the mapping between logical switch and chassis, and
   ovn-controller would smartly avoid processing topologies of other node
   level logical switches, which would hugely save compute cost of each
   ovn-controller.

For 2), test result for an ovn-kubernetes alike deployment shows
signficant improvement of ovn-controller, both CPU (>90% reduced) and memory.

Topology:

- 1000 nodes, 1 LS with 10 LSPs per node, connected to a distributed
  router.

- 2 large port-groups PG1 and PG2, each with 2000 LSPs

- 10 stateful ACLs: 5 from PG1 to PG2, 5 from PG2 to PG1

- 1 GR per node, connected to the distributed router through a join
  switch. Each GR also connects to an external logical switch per node.
  (This part is to keep the test environment close to a real
   ovn-kubernetes setup but shouldn't make much difference for the
   comparison)

==== Before the change ====
OVS flows per node: 297408
ovn-controller memory: 772696 KB
ovn-controller recompute: 13s
ovn-controller restart (recompute + reinstall OVS flows): 63s

==== After the change (also use DGP to connect node level LSes) ====
OVS flows per node: 81139 (~70% reduced)
ovn-controller memory: 163464 KB (~80% reduced)
ovn-controller recompute: 0.86s (>90% reduced)
ovn-controller restart (recompute + reinstall OVS flows): 5s (>90% reduced)

Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numan at ovn.org>


Compare: https://github.com/ovn-org/ovn/compare/1b123bc00965...22298fd37908


More information about the git mailing list