Hi Kevin The information you asked for For 1 compute node with 45 Vms here is the number of connection tracking entries getting deleted cat conntrack.file | wc -l 38528 The file with output is 14MB so ill email it to Ian and he can share it if needed Security group rules Direction Ether Type IP Protocol Port Range Remote IP Prefix Remote Security Group Actions Egress IPv4 Any Any 0.0.0.0/0 Ingress IPv6 Any Any - default Egress IPv6 Any Any ::/0 - Ingress IPv4 Any Any - Please let me know if u need the dump of conntrack entries if so I can email it to email address of your choice Ajay From: Ajay Kalambur <akalambu at cisco.com<mailto:akalambu at cisco.com>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>> Date: Monday, September 11, 2017 at 10:02 AM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>> Subject: Re: [openstack-dev] [neutron]OVS connection tracking cleanup Hi Kevin Thanks for your response it was about 50 vms Ajay On Sep 11, 2017, at 9:49 AM, Kevin Benton <kevin at benton.pub<mailto:kevin at benton.pub>> wrote: The biggest improvement will be switching to native netlink calls: https://review.openstack.org/#/c/470912/ How many VMs were on a single compute node? On Mon, Sep 11, 2017 at 9:15 AM, Ajay Kalambur (akalambu) <akalambu at cisco.com<mailto:akalambu at cisco.com>> wrote: Hi I am performing a scale test and I see that after creating 500 Vms with ping traffic between them it took almost 1 hr for the connection tracking To clean up and ovs agent was busy doing this and unable to service any new port bind requests on some computes for almost an hr It took that long for conntrack clean up to complete I see the following bug https://bugs.launchpad.net/neutron/+bug/1513765 And I also have the fix below https://git.openstack.org/cgit/openstack/neutron/commit/?id=d7aeb8dd4b1d122e17eef8687192cd122b79fd6e Still see really long times for conntrack cleanup What is the solution to this problem in scale scenarios? Ajay __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170911/dd3b12e8/attachment.html>