On 2/27/24 17:05, Ilya Maximets wrote: > If the ACL.log is false for a fair meter, but ACL.meter is set in the > Northbound database, northd will create a unique meter for this ACL in > a Southbound database, even though it will never be used. > > Normal ovn-nbctl acl-add command can't create such a record, but it is > possible with a plain 'ovn-nbctl set' or a direct database transaction. > And, in practice, ovn-kubernetes always sets the ACL.meter column even > if the logging is not enabled in the namespace. This creates extra > unnecessary load on the Southbound database and the ovn-controller that > performs a linear iteration over the Southbound Meter table on every > ofctrl_put(). > > Logging is also not a default option, so only a fraction of ACLs will > actually need meters under normal circumstances. > > Stop generating these unnecessary meters. > > In an ovn-kubernetes setup with 90K ACLs 1K of which has logging > enabled this saves ~20 MB of the Southbound database file size and > about 30% of the RSS on ovsdb-server (with 1 ovn-controller connected). > Should make ofctrl_put() in ovn-controller much faster as well. > > Arguably, CMS should not set ACL.meter without ACL.log, but the > behavior of the ovn-northd is not correct either, so should be fixed > anyway. > > Fixes: 880dca99eaf7 ("northd: Enhance the implementation of ACL log meters > (pre-ddlog merge).") > Reported-at: https://issues.redhat.com/browse/FDP-401 > Signed-off-by: Ilya Maximets <i.maxim...@ovn.org> > ---
FWIW, CI failed due to crun issues. See: https://patchwork.ozlabs.org/project/ovn/patch/20240227162801.1908669-2-mh...@redhat.com/ I have my own successful runs here: https://github.com/igsilya/ovn/actions/runs/8067246686 https://github.com/igsilya/ovn/actions/runs/8067246684 Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev