Bug 2228166 - Add incremental processing in ovn-northd for ACLs.
Summary: Add incremental processing in ovn-northd for ACLs.
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: ovn23.09
Version: FDP 23.G
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Dumitru Ceara
QA Contact: Jianlin Shi
URL:
Whiteboard:
Depends On: 2228162
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-01 14:59 UTC by Dumitru Ceara
Modified: 2023-08-17 15:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FD-3077 0 None None None 2023-08-01 15:00:18 UTC

Description Dumitru Ceara 2023-08-01 14:59:22 UTC 
Description of problem:
Currently NB DB ACL changes trigger recomputes of the northd and lflow I-P nodes in ovn-northd.  That's costly and can be avoided if we incrementally process the ACL changes in the lflow node.

This depends on port groups being incrementally processed (bug 2228162) because ACLs can be applied on port groups too.
Comment 1 Dumitru Ceara 2023-08-16 20:44:43 UTC 
Patch that removes the explicit dependency between NB.ACLs/NB.Meters and the northd incremental processing node:
https://patchwork.ozlabs.org/project/ovn/list/?series=369118&state=*

It doesn't actually fully implement I-P for ACLs or Meters but it's an important first step that already reduces the performance impact when adding new ACLs/Meters because the northd node doesn't need to perform a full recomputation.
Comment 2 Dumitru Ceara 2023-08-17 15:28:46 UTC 
V2 patch that moves NB.ACLs and NB.Meters out of the northd I-P node:
https://patchwork.ozlabs.org/project/ovn/list/?series=369253&state=*
Note You need to log in before you can comment on or make changes to this bug.