Hi, We've troubleshooted and mitigated a problem in our OpenStack installation running OVN 24.09 and Openvswitch 3.4.
We have experienced that port scans against entire subnets have caused enough ARP requests for ovs-vswitchd to have a saturated handler thread. On the hypervisor, this manifests itself as: - arp packets received due to flooding. Approximately 600 per second. - handler thread "handler38" uses 100% cpu - ovs-vswitchd logs "dropping packet-in due to queue overflow" We understand that arps need to be handled in userspace. We have mitigated the problem through tuning of Linux to lower the rate of arps (they were arriving due to addresses not in use). However, we are a bit puzzled. Is 600 arps per second the expected rate of arps a single thread should be able to handle? (The CPU in question of this node is Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz - so it's one of our older CPUs for this example.) Regards -- Trygve Vea
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
