From 3563497a4fb44d37eaf07f4953c7b58bb14778d5 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Wed, 27 Nov 2019 16:32:47 +0100 Subject: [PATCH] [neutron] Adjust neighbour table thresholds When clouds have a large number of hosts, the default size of the ARP cache is too small. The cache can overflow, which means that the system has no way to reach some IP addresses. Increasing threshold limits addresses the situation, in a reasonably safe way (the maximum impact is 5MB or so of additional RAM used). More context on this issue: * http://man7.org/linux/man-pages/man7/arp.7.html * https://bugs.launchpad.net/charm-nova-compute/+bug/1780348 * https://bugs.launchpad.net/fuel/+bug/1488938 * https://bugs.launchpad.net/tripleo/+bug/1690087 * https://github.com/crowbar/crowbar-openstack/commit/0583a0c94996df6b784229e8a534f955eaca85bc * https://github.com/crowbar/crowbar-openstack/commit/3dd21ea62ac152e40bfdfee4b8e25a528c82a79f * https://opendev.org/openstack/tripleo-heat-templates/commit/1651a1805a16212299fe0a91aebb2a91ed39bc6e Change-Id: I60c871e8eb9f2c086818ff077987f2390930800c Closes-Bug: #1844349 (cherry picked from commit 4234cc4b5b3ca7172c9d184ed3f145b955f11163) --- ansible/roles/neutron/defaults/main.yml | 6 ++++++ ansible/roles/neutron/tasks/config.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index c30c7f1d28..0724c4b756 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -325,6 +325,12 @@ neutron_logging_debug: "{{ openstack_logging_debug }}" openstack_neutron_auth: "{{ openstack_auth }}" neutron_l3_agent_host_rp_filter_mode: 0 +neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128 +neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672 +neutron_l3_agent_host_ipv4_neigh_gc_thresh3: 32768 +neutron_l3_agent_host_ipv6_neigh_gc_thresh1: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}" +neutron_l3_agent_host_ipv6_neigh_gc_thresh2: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}" +neutron_l3_agent_host_ipv6_neigh_gc_thresh3: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}" #################### # Extension drivers diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 4e02f478f5..03cc326501 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -8,6 +8,12 @@ - { name: "net.ipv4.ip_forward", value: 1} - { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"} - { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"} + - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} when: - set_sysctl | bool - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)