diff options
| author | Rodolfo Alonso Hernandez <ralonsoh@redhat.com> | 2021-08-26 16:54:13 +0000 |
|---|---|---|
| committer | Rodolfo Alonso Hernandez <ralonsoh@redhat.com> | 2022-05-09 16:49:29 +0000 |
| commit | ab84b7fb2b6febc9dfd9b0767be90fcb3277c192 (patch) | |
| tree | 953d47c91ec44daba79bf24217b3f6d3222da811 /releasenotes | |
| parent | 7c97ed50d0cbee61360cad610c3bcc7ace426cab (diff) | |
| download | neutron-ab84b7fb2b6febc9dfd9b0767be90fcb3277c192.tar.gz | |
Allow to process FW OF rules belonging to a port in a single operation
This patch adds a new configuration variable to control the OVS
OpenFlow rule processing operations:
* ``openflow_processed_per_port``: by default "False". If enabled,
all OpenFlow rules associated to a port will be processed at once,
in one single transaction. If disabled, the flows will be processed
in batches of "AGENT_RES_PROCESSING_STEP=100" number of OpenFlow
rules.
With ``openflow_processed_per_port`` enabled, all Firewall
OpenFlow rules related to a port are processed in one transaction
(executed in one single command). That ensures the rules are written
atomically and apply all of them at the same time.
That means all needed rules to handle the ingress and egress traffic
of a port using the Open vSwitch Firewall, are committed in the OVS
DB at the same time. That will prevent from partially applied OpenFlow
sets in the Firewall and inconsistencies when applying new SG rules or
during the OVS agent restart.
That will override, if needed, the hard limit of
"AGENT_RES_PROCESSING_STEP=100" OpenFlow rules that could be
processed in OVS at once.
If the default configuration values are not modified, the behaviour of
the OVS library does not change.
Closes-Bug: #1934917
Change-Id: If4984dece266a789d607725f8497f1aac3d73d23
Diffstat (limited to 'releasenotes')
| -rw-r--r-- | releasenotes/notes/ovs-of-rules-processing-parameters-b38f7a1e88568798.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/releasenotes/notes/ovs-of-rules-processing-parameters-b38f7a1e88568798.yaml b/releasenotes/notes/ovs-of-rules-processing-parameters-b38f7a1e88568798.yaml new file mode 100644 index 0000000000..d3518d547e --- /dev/null +++ b/releasenotes/notes/ovs-of-rules-processing-parameters-b38f7a1e88568798.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + Added a new configuration variable, in ``[OVS]`` section, to control + the OVS OpenFlow rule processing operations when using the OVS native + firewall driver (``securitygroup.firewall_driver=openvswitch``): + + * ``openflow_processed_per_port``: by default "False". If enabled, all + OpenFlow rules associated to a port will be processed at once, in a + single transaction. If disabled, the flows will be processed in batches + of "AGENT_RES_PROCESSING_STEP=100" number of OpenFlow rules. |