Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1818501

Summary: [ovn-controller] Adding security group rules for the VM takes more time
Product: Red Hat Enterprise Linux Fast Datapath Reporter: anil venkata <vkommadi>
Component: OVNAssignee: Dumitru Ceara <dceara>
Status: CLOSED UPSTREAM QA Contact: Jianlin Shi <jishi>
Severity: medium Docs Contact:
Priority: medium    
Version: RHEL 8.0CC: avishnoi, ctrautma, dceara, rkhan
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-02-10 04:00:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description anil venkata 2020-03-28 18:09:48 UTC 
Description of problem:

Adding security group rules in OSP16 with OVN driver taking more time compared to ML2/OVS driver.

OVN 95 %le for 10 VMs with security groups takes 1069.872 seconds
ML2/OVS 95 %le for 10 VMs with security groups takes 793.85 seconds

http://rdu-storage01.scalelab.redhat.com/anilvenkata/20200327-195549/rally/simple-plugins/all-rally-run-0.html#/BrowbeatPlugin.create_network_nova_boot_ping_sec_groups

http://rdu-storage01.scalelab.redhat.com/anilvenkata/20200328-075419/rally/simple-plugins/all-rally-run-0.html#/BrowbeatPlugin.create_network_nova_boot_ping_sec_groups


I am booting 1000 VMs and each VM with 62 security group rules. The rally test iterates 100 times and in each iteration it creates
1 network and 1 router
7 security groups on these networks
totally 62 security group rules on these 7 security groups
then boots 10 VMs on this network with these 3 security groups (i.e 62 security group rules) and finally ping the VM
note: one of the security group rule is for icmp ping

Used this rally scenario to create security groups and boot the VM
https://review.opendev.org/#/c/714412/3/rally/rally-plugins/netcreate-boot/netcreate_nova_boot_fip_ping_sec_groups.py


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Jianlin Shi 2021-07-08 03:13:57 UTC 
set VERIFIED per comment 2
Comment 4 Red Hat Bugzilla 2025-02-10 04:00:09 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.