Bug 1684079
Summary: | egressnetworkpolicy with dnsname has performance impact due to calling dig often | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Juan Luis de Sousa-Valadas <jdesousa> | |
Component: | Networking | Assignee: | Aniket Bhat <anbhat> | |
Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | high | |||
Priority: | medium | CC: | anbhat, anusaxen, aos-bugs, cdc, erich, fgrosjea, travi, weliang | |
Version: | 3.11.0 | |||
Target Milestone: | --- | |||
Target Release: | 4.3.0 | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause: DNS Names are present in each EgressNetworkPolicy they are defined as a part of. When the DNS records for a given network policy are refreshed, the current code calls dig irrespective of whether that particular DNS record has been refreshed as a virtue of the same DNS Name being present in another EgressNetworkPolicy.
Consequence: If the same DNS Name is present in multiple egress network policies, at scale, we will end up calling DIG too often.
Fix: Make the querying of DNS records based on uniqueness of DNS names rather than for each EgressNetworkPolicy
Result: DNS records are queried only once uniquely no matter how many EgressNetworkPolicy objects they belong to. This significantly improves the performance of the queries.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1743881 (view as bug list) | Environment: | ||
Last Closed: | 2020-01-23 11:03:45 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1743881, 1772592, 1772593, 1772594 |
Description
Juan Luis de Sousa-Valadas
2019-02-28 11:24:10 UTC
Aniket, can you take a look at this one next? Apparently the PR got merged in 4.3. So this needs to be verified on 4.3 first and then it will be back ported to 3.11. Hope my understanding is correct here. Verified based on Comment 15. Juan, please re-open if you see something different in your env Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |