Bug 2228166

Summary: Add incremental processing in ovn-northd for ACLs.
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Dumitru Ceara <dceara>
Component: ovn23.09Assignee: Dumitru Ceara <dceara>
Status: ASSIGNED --- QA Contact: Jianlin Shi <jishi>
Severity: high Docs Contact:
Priority: high    
Version: FDP 23.GCC: ctrautma, jiji
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2228162    
Bug Blocks:    

Description Dumitru Ceara 2023-08-01 14:59:22 UTC 
Description of problem:
Currently NB DB ACL changes trigger recomputes of the northd and lflow I-P nodes in ovn-northd.  That's costly and can be avoided if we incrementally process the ACL changes in the lflow node.

This depends on port groups being incrementally processed (bug 2228162) because ACLs can be applied on port groups too.
Comment 1 Dumitru Ceara 2023-08-16 20:44:43 UTC 
Patch that removes the explicit dependency between NB.ACLs/NB.Meters and the northd incremental processing node:
https://patchwork.ozlabs.org/project/ovn/list/?series=369118&state=*

It doesn't actually fully implement I-P for ACLs or Meters but it's an important first step that already reduces the performance impact when adding new ACLs/Meters because the northd node doesn't need to perform a full recomputation.
Comment 2 Dumitru Ceara 2023-08-17 15:28:46 UTC 
V2 patch that moves NB.ACLs and NB.Meters out of the northd I-P node:
https://patchwork.ozlabs.org/project/ovn/list/?series=369253&state=*