ab84b7fb2b
This patch adds a new configuration variable to control the OVS OpenFlow rule processing operations: * ``openflow_processed_per_port``: by default "False". If enabled, all OpenFlow rules associated to a port will be processed at once, in one single transaction. If disabled, the flows will be processed in batches of "AGENT_RES_PROCESSING_STEP=100" number of OpenFlow rules. With ``openflow_processed_per_port`` enabled, all Firewall OpenFlow rules related to a port are processed in one transaction (executed in one single command). That ensures the rules are written atomically and apply all of them at the same time. That means all needed rules to handle the ingress and egress traffic of a port using the Open vSwitch Firewall, are committed in the OVS DB at the same time. That will prevent from partially applied OpenFlow sets in the Firewall and inconsistencies when applying new SG rules or during the OVS agent restart. That will override, if needed, the hard limit of "AGENT_RES_PROCESSING_STEP=100" OpenFlow rules that could be processed in OVS at once. If the default configuration values are not modified, the behaviour of the OVS library does not change. Closes-Bug: #1934917 Change-Id: If4984dece266a789d607725f8497f1aac3d73d23
12 lines
531 B
YAML
12 lines
531 B
YAML
---
|
|
features:
|
|
- |
|
|
Added a new configuration variable, in ``[OVS]`` section, to control
|
|
the OVS OpenFlow rule processing operations when using the OVS native
|
|
firewall driver (``securitygroup.firewall_driver=openvswitch``):
|
|
|
|
* ``openflow_processed_per_port``: by default "False". If enabled, all
|
|
OpenFlow rules associated to a port will be processed at once, in a
|
|
single transaction. If disabled, the flows will be processed in batches
|
|
of "AGENT_RES_PROCESSING_STEP=100" number of OpenFlow rules.
|