Open Stack

When we went from Mitaka to Rocky in August last year and we saw an exponential increase in api times for listing security group rules.

I think I last commented on this bug https://bugs.launchpad.net/neutron/+bug/1810563, but I have brought it up on a few other occasions as well.
Bug #1810563 “adding rules to security groups is slow” : Bugs : neutron<https://bugs.launchpad.net/neutron/+bug/1810563>
Sometime between liberty and pike, adding rules to SG's got slow, and slower with every rule added. Gerrit review with fixes is incoming. You can repro with a vanilla devstack install on master, and this script: #!/bin/bash OPENSTACK_TOKEN=$(openstack token issue | grep '| id' | awk '{print $4}') export OPENSTACK_TOKEN CCN1=10.210.162.2 CCN3=10.210.162.10 export ENDPOINT=localhost make_rules() { iter=$1 prefix=$2 file="$3" echo "generating rules" cat >$file <<EOF {...
bugs.launchpad.net


________________________________
From: Slawek Kaplonski <skaplons at redhat.com>
Sent: Saturday, February 29, 2020 12:44 AM
To: James Denton <james.denton at rackspace.com>
Cc: openstack-discuss <openstack-discuss at lists.openstack.org>
Subject: Re: [neutron] security group list regression

Hi,

I just replied in Your bug report. Can You try to apply patch https://urldefense.com/v3/__https://review.opendev.org/*/c/708695/__;Iw!!Ci6f514n9QsL8ck!2GsBjp6V_V3EzrzAbWgNfsURfCm2tZmlUaw2J6OxFwJZUCV71lSP1b9jg8Ul-OlUqQ$  to see if that will help with this problem?

> On 29 Feb 2020, at 02:41, James Denton <james.denton at rackspace.com> wrote:
>
> Hello all,
>
> We recently upgraded an environment from Newton -> Rocky, and have noticed a pretty severe regression in the time it takes the API to return the list of security groups. This environment has roughly 8,000+ security groups, and it takes nearly 75 seconds for the ‘openstack security group list’ command to complete. I don’t have actual data from the same environment running Newton, but was able to replicate this behavior with the following lab environments running a mix of virtual and baremetal machines:
>
> Newton (VM)
> Rocky (BM)
> Stein (VM)
> Train (BM)
>
> Number of sec grps vs time in seconds:
>
> #     Newton Rocky Stein  Train
> 200   4.1     3.7     5.4     5.2
> 500   5.3     7       11      9.4
> 1000  7.2     12.4    19.2    16
> 2000  9.2     24.2    35.3    30.7
> 3000  12.1    36.5    52      44
> 4000  16.1    47.2    73      58.9
> 5000  18.4    55      90      69
>
> As you can see (hopefully), the response time increased significantly between Newton and Rocky, and has grown slightly ever since. We don't know, yet, if this behavior can be seen with other 'list' commands or is limited to secgroups. We're currently verifying on some intermediate releases to see where things went wonky.
>
> There are some similar recent reports out in the wild with little feedback:
>
> https://urldefense.com/v3/__https://bugzilla.redhat.com/show_bug.cgi?id=1788749__;!!Ci6f514n9QsL8ck!2GsBjp6V_V3EzrzAbWgNfsURfCm2tZmlUaw2J6OxFwJZUCV71lSP1b9jg8Vx5jGlrA$
> https://urldefense.com/v3/__https://bugzilla.redhat.com/show_bug.cgi?id=1721273__;!!Ci6f514n9QsL8ck!2GsBjp6V_V3EzrzAbWgNfsURfCm2tZmlUaw2J6OxFwJZUCV71lSP1b9jg8U9NbN_LA$
>
> I opened a bug here, too:
>
> https://urldefense.com/v3/__https://bugs.launchpad.net/neutron/*bug/1865223__;Kw!!Ci6f514n9QsL8ck!2GsBjp6V_V3EzrzAbWgNfsURfCm2tZmlUaw2J6OxFwJZUCV71lSP1b9jg8UtMQ2-Dw$
>
> Bottom line: Has anyone else experienced similar regressions in recent releases? If so, were you able to address them with any sort of tuning?
>
> Thanks in advance,
> James
>

—
Slawek Kaplonski
Senior software engineer
Red Hat


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200302/bc43a203/attachment-0001.html>