On 2/27/24 17:05, Ilya Maximets wrote:
> If the ACL.log is false for a fair meter, but ACL.meter is set in the
> Northbound database, northd will create a unique meter for this ACL in
> a Southbound database, even though it will never be used.
>
> Normal ovn-nbctl acl-add command can't create such a record, but it is
> possible with a plain 'ovn-nbctl set' or a direct database transaction.
> And, in practice, ovn-kubernetes always sets the ACL.meter column even
> if the logging is not enabled in the namespace. This creates extra
> unnecessary load on the Southbound database and the ovn-controller that
> performs a linear iteration over the Southbound Meter table on every
> ofctrl_put().
>
> Logging is also not a default option, so only a fraction of ACLs will
> actually need meters under normal circumstances.
>
> Stop generating these unnecessary meters.
>
> In an ovn-kubernetes setup with 90K ACLs 1K of which has logging
> enabled this saves ~20 MB of the Southbound database file size and
> about 30% of the RSS on ovsdb-server (with 1 ovn-controller connected).
> Should make ofctrl_put() in ovn-controller much faster as well.
>
> Arguably, CMS should not set ACL.meter without ACL.log, but the
> behavior of the ovn-northd is not correct either, so should be fixed
> anyway.
>
> Fixes: 880dca99eaf7 ("northd: Enhance the implementation of ACL log meters
> (pre-ddlog merge).")
> Reported-at: https://issues.redhat.com/browse/FDP-401
> Signed-off-by: Ilya Maximets <i.maxim...@ovn.org>
> ---
FWIW, CI failed due to crun issues. See:
https://patchwork.ozlabs.org/project/ovn/patch/20240227162801.1908669-2-mh...@redhat.com/
I have my own successful runs here:
https://github.com/igsilya/ovn/actions/runs/8067246686
https://github.com/igsilya/ovn/actions/runs/8067246684
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
