Open Stack

On 01/19/2014 09:55 PM, Robert Collins wrote:
>> Never, EVER use any OVS < 1.10 in production.
>>
>> Here simple proof:
>>
>> hping3 -i u 100 any-floating-ip --rand-source
>>
>> and networking node is dead. If hping3 happens inside instance, compute node
>> is dead and so on.
>>
>> Reason: OVS prior 1.11 can't use megaflow and any new port/ip address cause
>> query from kernel to userspace. This is very slow process and ovs-switchd
>> consume 100% cpu and cause huge packet loss. OVS 1.11+ can use asterisks (*)
>> in their kernel flows (so called megaflow) so they can withstand flood.
>>
>> PS That problem is not just DoS attacking. I saw (at XenServer large
>> installation, which use OVS 1.9) when lots of legitimate small tcp sessions
>> (popular browser-mmo-game-site) cause cripple on servers.
> So thats useful information, but - 1.10.2 appears direly broken (lots
> of reports of the same symptoms we're seeing), 2.0.1 appears
> fundamentally broken (GRE incoming traffic not being handled). What do
> you suggest running?
>
I've still has no working production configuration (under construction), 
but I plan to stuck with 1.11, because IMHO after megaflow fix OVS 
become production grade. (And other non-OVS solutions is still under 
research).

Issues with 3.11 non-compatibility, I hope, are solvable. As emergency - 
3.8 seems be new enough for network namespaces for l3/dhcp-agents.