[Openstack-operators] anyone using openvswitch 2.0.1 (ubuntu trusty) with GRE tunnels

Robert Collins robertc at robertcollins.net
Sun Jan 19 19:55:11 UTC 2014


On 20 January 2014 08:50, George Shuklin <george.shuklin at gmail.com> wrote:
> Never, EVER use any OVS < 1.10 in production.
>
> Here simple proof:
>
> hping3 -i u 100 any-floating-ip --rand-source
>
> and networking node is dead. If hping3 happens inside instance, compute node
> is dead and so on.
>
> Reason: OVS prior 1.11 can't use megaflow and any new port/ip address cause
> query from kernel to userspace. This is very slow process and ovs-switchd
> consume 100% cpu and cause huge packet loss. OVS 1.11+ can use asterisks (*)
> in their kernel flows (so called megaflow) so they can withstand flood.
>
> PS That problem is not just DoS attacking. I saw (at XenServer large
> installation, which use OVS 1.9) when lots of legitimate small tcp sessions
> (popular browser-mmo-game-site) cause cripple on servers.

So thats useful information, but - 1.10.2 appears direly broken (lots
of reports of the same symptoms we're seeing), 2.0.1 appears
fundamentally broken (GRE incoming traffic not being handled). What do
you suggest running?

-Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud



More information about the OpenStack-operators mailing list