[Openstack-operators] neutron + OVS 1.11 (or 2.0.1)

George Shuklin george.shuklin at gmail.com
Sun Jan 19 19:45:54 UTC 2014


Yes and no.

Yes: I was able to upgrade laboratory cluster from OVS 1.10 to OVS 1.11 
and it performs few orders better under --rand-source DoS attack then 
OVS 1.10-based installation.
No: there is issues.

Issue #1:
OVS 1.11 (vanilla version) has datapath (kernel module) with is not 
compilable with linux-3.11 (which is default for ubuntu cloud archive).  
Because canonical was able to build OVS 1.10 against 3.11, I think this 
is possible. Research pending, but right now I stuck with linux-3.8

Issue #2:
Delayed recovery after reboot. Because of unknown reason (research 
pending) systems under OVS 1.11 behave bit strange after whole system 
(all hosts) reboot. There is a long delay (about 6-10 minutes) before 
networking restore after successful booting of every server and instance 
start. At first I even thought it is broken (uptime 3 minutes - no dhcp 
for instances).

I'll continue to play around ovs 2.0.1 and other questions with 
networking, because deploying OVS 1.10 to production environment is some 
kind of slow suicide. Any script kiddie with hping and just 15 Mbit 
channel will able to completely shutoff networking node (>90% packet 
loss), and just about 5Mbit/s of --rand-source flood is enough to 
cripple it (>5% packet loss).

On 01/18/2014 04:24 PM, Jacob Godin wrote:
>
> Hi George,
>
> To clarify, you were able to upgrade from 1.10 or install 1.11 fresh 
> without any issues?
>
> Sent from my mobile device
>
> On Jan 17, 2014 4:56 PM, "George Shuklin" <george.shuklin at gmail.com 
> <mailto:george.shuklin at gmail.com>> wrote:
>
>     For 1.11 I was wrong, it working fine.
>
>     For 2.0.1 something is broken, but I still can't get where. VMs
>     can ping each other within host (if configured manually), but
>     traffic is not getting out br-tun (no GRE, no DHCP from network node).
>
>     On 01/16/14 18:11, Aaron Rosen wrote:
>>
>>     Hi,
>>
>>     Can you give more details on how it breaks? Did you restart the
>>     agents so it reprograms the flows back down?
>>
>>     On Jan 16, 2014 2:06 AM, "George Shuklin"
>>     <george.shuklin at gmail.com <mailto:george.shuklin at gmail.com>> wrote:
>>
>>         Good day.
>>
>>         Did anyone successfully combine havanna and OVS > 1.10? OVS
>>         1.10 is really suck under specific types of load (was fixed
>>         in OVS 1.11 and later). But plain upgrade of OVS breaks
>>         neutron (under research).
>>
>>         Did anyone walk that path?
>>
>>         Thanks.
>>
>>         _______________________________________________
>>         OpenStack-operators mailing list
>>         OpenStack-operators at lists.openstack.org
>>         <mailto:OpenStack-operators at lists.openstack.org>
>>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
>     _______________________________________________
>     OpenStack-operators mailing list
>     OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140119/ea8f6e70/attachment.html>


More information about the OpenStack-operators mailing list