Bug 1968569
Summary: | Creating a network policy in OVN-Kubernetes can be very inefficient. | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Casey Callendrello <cdc> |
Component: | Networking | Assignee: | Casey Callendrello <cdc> |
Networking sub component: | ovn-kubernetes | QA Contact: | Mike Fiedler <mifiedle> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | anbhat, mifiedle |
Version: | 4.8 | ||
Target Milestone: | --- | ||
Target Release: | 4.9.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-18 17:32:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1950283, 1991621, 1996729 |
Description
Casey Callendrello
2021-06-07 15:07:21 UTC
Upstream PR: https://github.com/ovn-org/ovn-kubernetes/pull/2249 Disregard comment 5 - I missed the fact the rebase is part of the rest of 4.9 work. Verified on 4.9.0-0.nightly-2021-08-07-175228 as compared to 4.8.3 Both versions: 1500 pods/svc in a namespace spread over 20 computes Create a deny-all - time to deny traffic 4.8.3: 24 seconds 4.9.nightly: 3.5 seconds Delete the deny-all - time to allow traffic 4.8.3: 88 seconds 4.9.nightly: 4 seconds Verified on 4.8.13. Creating deny and allow policies selecting 1500 pods in a namespace by label takes effect almost instantaneously. < 2 seconds. Ignore comment 8 - this is the 4.9.0 version of the bz Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759 |