** This bug is no longer a duplicate of bug 1732067 openvswitch firewall flows cause flooding on integration bridge
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1866445 Title: br-int bridge in one compute can't learn MAC addresses of VMs in other compute nodes Status in neutron: Incomplete Bug description: In Openstack Queens release, we noticed a very serious issue, br-int bridge in one compute node can't learn MAC addresses of VMs in other compute nodes, so after launched many VMs, VM-to-VM network performance will decrease linearly, especially ovs will broadcast packets because it doesn't learn target VM MAC address, other VMs in same subnet in same compute node can receive these broadcast packets, therefore, the corresponding vhost kernel threads are receiving these packets and wasting CPU resources. More VMs, more serious the issue, worse the performance, no matter UDP or TCP performance. We have checked several Queens deployments, they have same issues, but Openstack Rocky doesn't have this issue. Here is the flow I dumped: recirc_id(0),in_port(12),eth(src=fa:16:3e:49:26:51,dst=fa:16:3e:a7:0a:3a),eth_type(0x0800),ipv4(tos=0/0x3,frag=no), packets:11012944, bytes:726983412, used:0.000s, flags:SP., actions:push_vlan(vid=1,pcp=0),2,set(tunnel(tun_id=0x49,src=10.3.2.17,dst=10.3.2.16,ttl=64,tp_dst=4789,flags(df|key))),pop_vlan,9,8,11,13,14,15,16,17,18,19 MAC address of target VM wasn't learnt by br-int $ sudo ovs-appctl fdb/show br-int | grep "fa:16:3e:a7:0a:3a" By the way, we used linuxbridge for security group. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1866445/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
