I'm looking at the issue as it was recently detected in our scale lab. Also you may find that ovn-controller is using a lot of memory.
Long ago the plan was to use conjunctions [1] to avoid the cartesian product resulting of openstack remote_group_id based rules where you reference all remote IPs in the same group to allow traffic in for each port, that's N x N or N x 400 in your case. I haven't yet confirmed that's the case, but if that's it we need to address those issues and optimize the flows. [1] http://openstack.10931.n7.nabble.com/Re-ovs-dev-PATCH-8-8-RFC-neutron-ovn-Start-work-on-design-ocumentation-td65405.html On Thu, Sep 14, 2017 at 6:18 AM, Numan Siddique <[email protected]> wrote: > On Thu, Sep 14, 2017 at 4:16 PM, <[email protected]> wrote: > > > Hi everyone, > > > > Whether we could add a port property to logical flow? port property have > > value of "normal" or logical port name. If the port property is "normal" > > means this logical flow should be allocated to all HVs, if port property > > is a name of logical_port, means this logical flow is related to specific > > port, not need allocated to all computer nodes. > > > > I think this manner may reduce a great mount of flows in single HV. > > > > Thanks. > > > > > > > > > > > > > > 王前宇10110202 > > 2017/09/14 10:39 > > > > 收件人: [email protected], [email protected], [email protected], > > 抄送: [email protected], XuRong037997/user/zte_ltd@zte_ltd, > > ZhouHuiJing033341/user/zte_ltd@zte_ltd > > 主题: [ovs-dev] [RFC] Question about ovn-controller performance > > > > I configure 5 networks, every network have about 80 ports, the total > ports > > is 400, all in same security group. > > > > > Can you please clear the remote group match on the security group rules (if > remote group is configured) and see the cpu usage of ovn-controllers? > Even we noticed similar behavior. > > Thanks > Numan > > > When I bind some port on HVs, the ovn-controller is always running with > > 100% cpu, and the total openflow table entities in ovs is more than > > 300,000. Most of the entities is table 52, worked as src ip filter. > > > > Could some one tell me how to reduce the flows or how to make > > ovn-controller work more efficient or do some options to reduce the table > > number of acls? > > > > The attachment is the dump of ovn-sb. > > > > Thanks. > > > > > > > > > > _______________________________________________ > > dev mailing list > > [email protected] > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
