On 2/5/26 12:10 PM, Trygve Vea via discuss wrote: > Hi, > > We've troubleshooted and mitigated a problem in our OpenStack installation > running OVN 24.09 and Openvswitch 3.4. We have experienced that port scans > against entire subnets have caused enough ARP requests for ovs-vswitchd to > have a saturated handler thread. On the hypervisor, this manifests itself as: > > * arp packets received due to flooding. Approximately 600 per second. > * handler thread "handler38" uses 100% cpu > * ovs-vswitchd logs "dropping packet-in due to queue overflow"
Hi, Trygve. The packet-in drop means that packets are dropped while sending them to ovn-controller. So, what's actually overloaded is ovn-controller. I'd guess, you're likley experiencing the issue fixed in commit: https://github.com/ovn-org/ovn/commit/c6f223795b2deb4a7b3424fb461e446ea933809d So, you may need to update your OVN version. The 24.09 branch is not an LTS, so there were no upstream releases containing that fix. So, you may need to go with v25.03.2. You may also want to turn off other_config:broadcast-arps-to-all-routers on a logical switch that is connected to OpenStack networks, as that is a common performance sink as well, when you have a ton of logical routers attached to the same switch. Turning this option off also mitigates the problem described in commit above in most cases. > > We understand that arps need to be handled in userspace. > We have mitigated the problem through tuning of Linux to lower the rate of > arps (they were arriving due to addresses not in use). However, we are a > bit puzzled. Is 600 arps per second the expected rate of arps a single > thread should be able to handle? (The CPU in question of this node is Intel(R) > Xeon(R) Gold 6126 CPU @ 2.60GHz - so it's one of our older CPUs for this > example.) I'd say that's about what ovn-controller can handle in this situation, from what I saw in real setups. Best regards, Ilya Maximets. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
