[Yahoo-eng-team] [Bug 1489200] Re: Upon VM deletes, SG iptables not cleaned up, garbage piles up

Mon, 31 Aug 2015 17:16:33 -0700 

I applied the following patch released in the later kilo release 
(neutron/2015.1.1)

- [81e043f] Don't delete port from bridge on delete_port event
https://bugs.launchpad.net/neutron/+bug/1333365

and the problem is not seen anymore.


** Changed in: neutron
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489200

Title:
  Upon VM deletes, SG iptables not cleaned up, garbage piles up

Status in neutron:
  Fix Released

Bug description:
  Summary:  40 VMs are created and then deleted on the same host. At the
  end of this, I find that iptables rules for some ports are not cleaned
  up, and remain as garbage. This garbage keeps piling up, as more VMs
  are created and deleted.

  Topology:
                       Openstack Kilo, with Neutron Network using OVS & neutron 
security groups.
                       Kilo Component versions are as follows:
                        openstack-neutron-2015.1.0.2
                        openstack-neutron-ml2-2015.1.0.2   
                        openstack-neutron-openvswitch-2015.1.0.2

  Test Case:

                       1) create 1 network, 1 subnetwork
                       2) boot 40 VMs on one hypervisor  and 40 VMs on another 
hypervisor using the default Security Group
                       3) Run some traffic tests between VMs
                       4) delete all VMs

  Result:
                     Find that iptables rules are not cleaned up for the ports 
of the VMs

  Root Cause:
                   In the neutron-ovs-agent polling loop, there is an exception 
during the processing of port events.
                  As a result of this exception, the neutron-ovs-agent resyncs 
with plugin. This takes a while, At the same
                 time, VM ports are getting deleted. In this scenario, the 
neutron-ovs-agent "misses" some deleted ports, and
                does not cleanup SG filters for those "missed" ports

  Reproducability:

                    Happens almost every time. With more number of VMs,
  it is more likely

  Logs:

                   Attached are a set of neutron-ovs-agent logs, and the
  garbage iptables rules that remain.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1489200/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to