<div dir="ltr"><div>So I am curious as to what your question is. Are you asking about ovs bridges learning MAC's of other compute nodes or why network performance is affected when you run more than one instance per node. <br></div><div><br></div><div>I have not observed this behaviour in my experience. <br></div><div>Could you tell us more about the configuration of your deployment?</div><div>I understand you are currently using linux bridges that are connected to openvswitch bridges? Why not just use ovs? OVS can handle security groups.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2020 at 9:48 AM Yi Yang (杨燚)-云服务集团 <<a href="mailto:yangyi01@inspur.com">yangyi01@inspur.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi, All<br>
<br>
Anybody has noticed network performance between VMs is extremely bad, it is<br>
basically linearly related with numbers of VMs in same compute node. In my<br>
case, if I launch one VM per compute node and run iperf3 tcp and udp,<br>
performance is good, it is about 4Gbps and 1.7Gbps, for 16 bytes small UDP<br>
packets, it can reach 180000 pps (packets per second), but if I launch two<br>
VMs per compute node (note: they are in the same subnet) and only run pps<br>
test case, that will be decrease to about 90000 pps, if I launch 3 VMs per<br>
compute node, that will be about 50000 pps, I tried to find out the root<br>
cause, other VMs in this subnet (they are in the same compute node as iperf3<br>
client) can receive all the packets iperf3 client VM sent out although<br>
destination MAC isn’t broadcast MAC or multicast MAC, actually it is MAC of<br>
iperf3 server VM in another compute node, by further check, I did find qemu<br>
instances of these VMs have higher CPU utilization and corresponding vhost<br>
kernel threads also also higher CPU utilization, to be importantly, I did<br>
find ovs was broadcasting these packets because all the ovs bridges didn’t<br>
learn this destination MAC. I tried this in Queens and Rocky, the same issue<br>
is there. By the way, we’re using linux bridge for security group, so VM<br>
tap interface is attached into linux bridge which is connected to br-int by<br>
veth pair.<br>
<br>
Here is output of “ovs-appctl dpif/dump-flows br-int” after I launched<br>
many VMs:<br>
<br>
recirc_id(0),in_port(12),eth(src=fa:16:3e:49:26:51,dst=fa:16:3e:a7:0a:3a),et<br>
h_type(0x0800),ipv4(tos=0/0x3,frag=no), packets:11012944, bytes:726983412,<br>
used:0.000s, flags:SP.,<br>
actions:push_vlan(vid=1,pcp=0),2,set(tunnel(tun_id=0x49,src=10.3.2.17,dst=10<br>
.3.2.16,ttl=64,tp_dst=4789,flags(df|key))),pop_vlan,9,8,11,13,14,15,16,17,18<br>
,19<br>
<br>
$ sudo ovs-appctl fdb/show br-floating | grep fa:16:3e:49:26:51<br>
$ sudo ovs-appctl fdb/show br-tun | grep fa:16:3e:49:26:51<br>
$ sudo ovs-appctl fdb/show br-bond1 | grep fa:16:3e:49:26:51<br>
$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:49:26:51<br>
<br>
All the bridges can’t learn this MAC.<br>
<br>
My question is why ovs bridges can’t learn MACs of other compute nodes, is<br>
this common issue of all the Openstack versions? Is there any known existing<br>
way to fix it? Look forward to hearing your insights and solutions, thank<br>
you in advance and have a good day.<br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>~/DonnyD</div><div>C: 805 814 6800</div><div>"No mission too difficult. No sacrifice too great. Duty First"</div></div></div>