[neutron] api performance at scale

Slawek Kaplonski skaplons at redhat.com
Wed Dec 4 10:25:16 UTC 2019


In the past we had biweekly meeting related to performance of Neutron.
Now we included this as one of the points on Monday's Neutron team meeting.

Please sync with Miguel Lavalle about that. He is leader of this
performance subteam in Neutron and he is working on some profiling and
identifying things which are slowing Neutron most.

Speaking about security groups, is Your problem on API level or backend level?
If it's on backend, what firewall driver are You using? Openvswitch or
iptables_hybrid (or maybe some other)?

Also, I know we have big performance issue if You are using security group with
remote_security_group set in it (it's added by default to default SG).
In such case if You have many ports using same SG, every time when You add new
port to this SG, all other ports are updated by L2 agent and that is very slow
if there is many ports there.
So removing remote_security_group from rules and create rules based on remote
CIDRs would help a lot with this.
We were discussing this in Denver PTG but I don't think any bug on launchpad was
reported for this.

On Tue, Dec 03, 2019 at 05:24:54PM +0000, Erik Olof Gunnar Andersson wrote:
> Is there a SIG or similar discussion on neutron performance at scale?
> For us nova used to be the biggest concern, but a lot of work has been done and nova now performers great. Instead we are having issues to get Neutron to perform at scale. Obvious calls like security groups are performing really poorly, and nova-compute defaults for refreshing the network cache on computes causes massive issues with Neutron.
> Best Regards, Erik Olof Gunnar Andersson

Slawek Kaplonski
Senior software engineer
Red Hat

More information about the openstack-discuss mailing list