neutron/releasenotes/notes/accepted_egress_direct-cc23873e213c6919.yaml
LIU Yulong efa8dd0895 Add accepted egress direct flow
Do not flood the packets to bridge, since we have the
bridge port list, we can add a simple direct flow to
the right port only.

Closes-Bug: #1732067
Related-Bug: #1841622
Change-Id: I14fefe289a19b718b247bf0740ca9bc47f8903f4
2020-01-10 22:50:02 +08:00

21 lines
1.2 KiB
YAML

---
fixes:
- |
Bug https://bugs.launchpad.net/neutron/+bug/1732067 described a flooding
issue on the neutron-ovs-agent integration bridge. And bug
https://bugs.launchpad.net/neutron/+bug/1841622 proposed a solution for
it. The accepted egress packets will be taken care in the final egress
tables (61 when openflow firewall is not enabled, table 94 otherwise) with
direct output flows for unicast traffic with a minimum influence on the
existing cloud networking.
A new config option ``explicitly_egress_direct``, with default value False,
was added for the aim of distinguishing clouds which are running the
network node mixed with compute services, upstream neutron CI should be
an example. In such situation, this ``explicitly_egress_direct`` should be
set to False, because there are numerous cases from HA routers which can
not be covered, particularly when you have centralized floating IPs running
in such mixed hosts.
Otherwise, set ``explicitly_egress_direct`` to True to avoid the flooding.
One more note is if your network nodes are for networing services only, we
recommand you disable all the security_group to get a higher performance.