Public bug reported: Seen on: newton devstack, ubuntu 16.04, firewall_driver=openvswitch.
To emulate high load I cleared all quotas, created a security-group A with ~4200 security group rules with remote_group_id pointing to security-group B and booted 2 vms (one with secgroup A and another with secgroup B). Due to https://bugs.launchpad.net/neutron/+bug/1628819 every next VM boot resulted in plenty of ovs flows, so after booting 15 vms and reaching ~23000 flows every other VM would go into ERROR with nova blaming neutron for not providing network for an instance (nova compute logs - http://paste.openstack.org/show/597972/). The ovs- vswitchd logs complained of excessive load as well so my initial guess was that high load was the matter. After the environment was "heavy loaded" the switch to iptables firewall (and subsequent ovs-agent restart) didn't clean up the generated flows (23407 flows remained), although ovs-agent logs showed that the driver was changed http://paste.openstack.org/show/597978/ ** Affects: neutron Importance: Undecided Status: New ** Tags: ovs-fw ** Tags added: ovs-fw -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1662568 Title: ovs flows aren't cleaned up after switch to iptables firewall under high-load Status in neutron: New Bug description: Seen on: newton devstack, ubuntu 16.04, firewall_driver=openvswitch. To emulate high load I cleared all quotas, created a security-group A with ~4200 security group rules with remote_group_id pointing to security-group B and booted 2 vms (one with secgroup A and another with secgroup B). Due to https://bugs.launchpad.net/neutron/+bug/1628819 every next VM boot resulted in plenty of ovs flows, so after booting 15 vms and reaching ~23000 flows every other VM would go into ERROR with nova blaming neutron for not providing network for an instance (nova compute logs - http://paste.openstack.org/show/597972/). The ovs-vswitchd logs complained of excessive load as well so my initial guess was that high load was the matter. After the environment was "heavy loaded" the switch to iptables firewall (and subsequent ovs-agent restart) didn't clean up the generated flows (23407 flows remained), although ovs-agent logs showed that the driver was changed http://paste.openstack.org/show/597978/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1662568/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
