On 02/25/2015 08:52 AM, Miguel Ángel Ajo wrote: > I’m writing a plan/script to benchmark OVS+OF(CT) vs OVS+LB+iptables+ipsets, > so we can make sure there’s a real difference before jumping into any > OpenFlow security group filters when we have connection tracking in OVS. > > The plan is to keep all of it in a single multicore host, and make all the > measures > within it, to make sure we just measure the difference due to the software > layers. > > Suggestions or ideas on what to measure are welcome, there’s an initial draft > here: > > https://github.com/mangelajo/ovs-experiments/tree/master/ovs-ct
Thanks for writing this up Miguel. I realize this is more focusing on performance (how fast the packets flow), but one of the orthogonal issues to Security Groups in general is the time it takes for Neutron to apply or update them, for example, iptables_manager.apply(). I would like to make sure that time doesn't grow any larger than it is today. This can probably all be scraped from log files, so wouldn't require any special work, except for testing with a large SG set. Thanks, -Brian __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
