Hi Trygve, On Thu, 5 Feb 2026 at 08:19 Trygve Vea via discuss < [email protected]> wrote:
> Hi, > > We've troubleshooted and mitigated a problem in our OpenStack installation > running OVN 24.09 and Openvswitch 3.4. > > We have experienced that port scans against entire subnets have caused > enough ARP requests for ovs-vswitchd to have a saturated handler thread. On > the hypervisor, this manifests itself as: > > - > > arp packets received due to flooding. Approximately 600 per second. > - > > handler thread "handler38" uses 100% cpu > - > > ovs-vswitchd logs "dropping packet-in due to queue overflow" > > We understand that arps need to be handled in userspace. > > We have mitigated the problem through tuning of Linux to lower the rate of > arps (they were arriving due to addresses not in use). However, we are a > bit puzzled. > Do you have configured the broadcast-arps-to-all-routers=false in the external logical switch? Ex: ovn-nbctl --no-leader-only set logical_switch <ID-Logical-Switch> other_config:broadcast-arps-to-all-routers=false We had the same behaviour in the past, that flap helped us a lot. Is 600 arps per second the expected rate of arps a single thread should be > able to handle? (The CPU in question of this node is Intel(R) Xeon(R) Gold > 6126 CPU @ 2.60GHz - so it's one of our older CPUs for this example.) > > Regards > -- > Trygve Vea > Regards, Tiago Pires _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > -- _‘Esta mensagem é direcionada apenas para os endereços constantes no cabeçalho inicial. Se você não está listado nos endereços constantes no cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão imediatamente anuladas e proibidas’._ * **‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.*
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
