Public bug reported:
Summary: 40 VMs are created and then deleted on the same host. At the end of
this, I find that iptables rules for some ports are not cleaned up, and remain
as garbage. This garbage keeps piling up, as more VMs are created and deleted.
Topology:
Neutron Network using OVS & neutron security groups.
Test Case:
1) create 1 network, 1 subnetwork
2) boot 40 VMs on one hypervisor and 40 VMs on another
hypervisor using the default Security Group
3) Run some traffic tests between VMs
4) delete all VMs
Result:
Find that iptables rules are not cleaned up for the ports of
the VMs
Root Cause:
In the neutron-ovs-agent polling loop, there is an exception
during the processing of port events.
As a result of this exception, the neutron-ovs-agent resyncs
with plugin. This takes a while, At the same
time, VM ports are getting deleted. In this scenario, the
neutron-ovs-agent "misses" some deleted ports, and
does not cleanup SG filters for those "missed" ports
Reproducability:
Happens almost every time. With more number of VMs, it
is more likely
Logs:
Attached are a set of neutron-ovs-agent logs, and the
garbage iptables rules that remain.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489200
Title:
Upon VM deletes, SG iptables not cleaned up, garbage piles up
Status in neutron:
New
Bug description:
Summary: 40 VMs are created and then deleted on the same host. At the end of
this, I find that iptables rules for some ports are not cleaned up, and remain
as garbage. This garbage keeps piling up, as more VMs are created and deleted.
Topology:
Neutron Network using OVS & neutron security groups.
Test Case:
1) create 1 network, 1 subnetwork
2) boot 40 VMs on one hypervisor and 40 VMs on another
hypervisor using the default Security Group
3) Run some traffic tests between VMs
4) delete all VMs
Result:
Find that iptables rules are not cleaned up for the ports
of the VMs
Root Cause:
In the neutron-ovs-agent polling loop, there is an exception
during the processing of port events.
As a result of this exception, the neutron-ovs-agent resyncs
with plugin. This takes a while, At the same
time, VM ports are getting deleted. In this scenario, the
neutron-ovs-agent "misses" some deleted ports, and
does not cleanup SG filters for those "missed" ports
Reproducability:
Happens almost every time. With more number of VMs,
it is more likely
Logs:
Attached are a set of neutron-ovs-agent logs, and the
garbage iptables rules that remain.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1489200/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
