openstack
/
neutron
Code Issues Proposed changes
19,496 Commits
9 Branches
49 Tags
978 MiB
master
stable/2023.1
stable/wallaby
stable/zed
stable/ussuri
stable/victoria
stable/xena
stable/yoga
stable/train
23.0.0.0b2
23.0.0.0b1
xena-em
19.7.0
22.0.0
22.0.0.0rc2
21.1.0
20.3.0
19.6.0
22.0.0.0rc1
19.5.0
stein-eol
rocky-eol
queens-eol
wallaby-em
18.6.0
21.0.0
21.0.0.0rc2
21.0.0.0rc1
20.2.0
19.4.0
18.5.0
20.1.0
19.3.0
18.4.0
pike-eol
victoria-em
17.4.1
19.2.0
18.3.0
17.4.0
20.0.0
20.0.0.0rc2
20.0.0.0rc1
18.2.0
17.3.0
19.1.0
ussuri-em
16.4.2
19.0.0
19.0.0.0rc2
19.0.0.0rc1
18.1.1
17.2.1
16.4.1
18.1.0
17.2.0
16.4.0
ocata-eol
train-em
17.1.2
16.3.2
15.3.4
18.0.0
18.0.0.0rc2
18.0.0.0rc1
17.1.1
16.3.1
15.3.3
15.3.2
17.1.0
16.3.0
15.3.1
stein-em
14.4.2
14.4.1
17.0.0
17.0.0.0rc2
16.2.0
15.3.0
14.4.0
17.0.0.0rc1
14.3.1
16.1.0
15.2.0
14.3.0
14.2.0
15.1.0
16.0.0
16.0.0.0rc2
16.0.0.0rc1
rocky-em
13.0.7
16.0.0.0b1
14.1.0
15.0.2
15.0.1
14.0.4
13.0.6
queens-em
12.1.1
13.0.5
14.0.3
15.0.0
15.0.0.0rc2
15.0.0.0rc1
15.0.0.0b1
12.1.0
14.0.2
13.0.4
pike-em
11.0.8
14.0.1
ocata-em
12.0.6
13.0.3
11.0.7
14.0.0
14.0.0.0rc1
14.0.0.0b3
14.0.0.0b2
14.0.0.0b1
12.0.5
11.0.6
13.0.2
12.0.4
13.0.1
13.0.0
13.0.0.0rc2
13.0.0.0rc1
13.0.0.0b3
10.0.7
11.0.5
12.0.3
13.0.0.0b2
10.0.6
12.0.2
11.0.4
13.0.0.0b1
12.0.1
11.0.3
10.0.5
12.0.0
12.0.0.0rc2
12.0.0.0rc1
12.0.0.0b3
12.0.0.0b2
11.0.2
12.0.0.0b1
newton-eol
11.0.1
10.0.4
11.0.0
10.0.3
9.4.1
11.0.0.0rc3
11.0.0.0rc2
11.0.0.0rc1
11.0.0.0b3
mitaka-eol
11.0.0.0b2
10.0.2
9.4.0
11.0.0.0b1
9.3.1
10.0.1
9.3.0
10.0.0
10.0.0.0rc2
liberty-eol
10.0.0.0rc1
8.4.0
9.2.0
10.0.0.0b3
10.0.0.0b2
9.1.1
10.0.0.0b1
9.1.0
8.3.0
7.2.0
9.0.0
9.0.0.0rc3
9.0.0.0rc2
9.0.0.0rc1
9.0.0.0b3
8.2.0
7.1.2
9.0.0.0b2
8.1.2
7.1.1
9.0.0.0b1
7.1.0
8.1.1
kilo-eol
2015.1.4
8.1.0
8.0.0
8.0.0.0rc3
7.0.4
8.0.0.0rc2
8.0.0.0rc1
8.0.0.0b3
7.0.3
7.0.2
2015.1.3
8.0.0.0b2
juno-eol
7.0.1
8.0.0.0b1
2014.2.4
7.0.0
7.0.0.0rc3
2015.1.2
7.0.0.0rc2
7.0.0.0rc1
7.0.0.0b3
2015.1.1
7.0.0.0b2
icehouse-eol
7.0.0.0b1
2014.1.5
7.0.0a0
2015.1.0
2015.1.0rc3
2015.1.0rc2
2014.2.3
2015.1.0rc1
2015.1.0b3
2014.1.4
2014.2.2
2015.1.0b2
2015.1.0b1
2014.2.1
2014.2
2014.2.rc3
2014.2.rc2
2014.2.rc1
2014.1.3
havana-eol
2013.2.4
2014.2.b3
2014.1.2
2014.2.b2
2014.2.b1
2014.1.1
2014.1
2014.1.rc2
2013.2.3
2014.1.rc1
grizzly-eol
2013.1.5
2014.1.b3
2013.2.2
2014.1.b2
2013.2.1
2014.1.b1
folsom-eol
2013.1.4
2013.2
2013.2.rc3
2013.2.rc2
2013.2.rc1
2013.2.b3
2013.1.3
2013.2.b2
2013.1.2
2013.2.b1
2013.1.1
essex-eol
diablo-eol
2012.2.4
2013.1
2013.1.rc3
2013.1.rc2
2013.1.rc1
2013.1.g3
2012.2.3
grizzly-2
2012.2.1
grizzly-1
2012.2
folsom-rc3
folsom-rc2
folsom-rc1
folsom-3
folsom-2
folsom-1
2012.1
essex-rc2
essex-rc1
2011.3
essex-1
essex-2
essex-3
essex-4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6c9a282bcd'
${ noResults }
Commit Graph

3 Commits (6c9a282bcd36d744d1ad753afd8e7a219b1189c4)

Author SHA1 Message Date
Kevin Benton c76164c058 Move conntrack zones to IPTablesFirewall 
The regular IPTablesFirewall needs zones to support safely
clearly conntrack entries.

In order to support the single bridge use case, the conntrack
manager had to be refactored slightly to allow zones to be
either unique to ports or unique to networks.

Since all ports in a network share a bridge in the IPTablesDriver
use case, a zone per port cannot be used since there is no way
to distinguish which zone traffic should be checked against when
traffic enters the bridge from outside the system.

A zone per network is adequate for the single bridge per network
solution since it implicitly does not suffer from the double-bridge
cross in a single network that led to per port usage in OVS.[1]

This had to adjust the functional firewall tests to use the correct
bridge name now that it's relevant in the non hybrid IPTables case.

1. Ibe9e49653b2a280ea72cb95c2da64cd94c7739da

Closes-Bug: #1668958
Closes-Bug: #1657260
Change-Id: Ie88237d3fe4807b712a7ec61eb932748c38952cc
 6 years ago
Chandan Dutta Chowdhury 468b2f1b8b IP Conntrack Manager changes for FWaaS v2 
IpConntrackManager class should be a singleton
to be used by both SG and FWaaS v2 API at the same time

Change-Id: I4a9f3d9b3ac7afe989c0efb1fa4e7fd792cd9610
Closes-Bug: 1595515
 7 years ago
Kevin Benton d7aeb8dd4b De-dup conntrack deletions before running them 
During a lot of port deletions, the OVS agent will
build up a lot of remote security group member updates
for a single device. Once the call to delete all
of the removed remote IP conntrack state gets issued,
there will be many duplicated entries for the same
device in the devices_with_updated_sg_members dicionary
of lists.

This results in many duplicated calls to remove conntrack
entries that are just a waste of time. The longer it takes
to remove conntrack entries, the more of these duplicates
build up for other pending changes, to the point where there
can be hundreds of duplicate calls for a single device.

This just adjusts the conntrack manager clearing logic to
make sure it de-duplicates all of its delete commands before
it issues them.

In a local test on a single host I have 11 threads create
11 ports each, plug them into OVS, and then delete them.
Here are the number of conntrack delete calls issued:

Before this patch - ~232000
With this patch - ~5200

While the remaining number still seems high, the agent is now
fast enough to keep up with all of the deletes.

Closes-Bug: #1513765
Change-Id: Icba88ab47ee17bf5d6ccdfc0f78bec911987ca90
 7 years ago