openstack
/
neutron
Code Issues Proposed changes
OpenStack Networking (Neutron)
12,045 Commits 9 Branches 75 Tags 1,010 MiB
Python 99.5%
Shell 0.4%
Jinja 0.1%
Go to file
Kevin Benton f066e46bb7 Use diffs for iptables restore instead of all rules 
This patch changes our iptables logic to generate a delta of
iptables commands (inserts + deletes) to get from the current
iptables state to the new state. This will significantly reduce
the amount of data that we have to shell out to iptables-restore
on every call (and reduce the amount of data iptables-restore has
to parse).

We no longer have to worry about preserving counters since
we are adding and deleting specific rules, so the rule modification
code got a nice cleanup to get rid of the old rule matching.

This also gives us a new method of functionally testing that we are
generating rules in the correct manner. After applying new rules
once, a subsequent call should always have no work to do. The new
functional tests added leverage that property heavily and should
protect us from regressions in how rules are formed.


Performance metrics relative to HEAD~1:
+====================================+============+=======+
|               Scenario             | This patch | HEAD~1|
|------------------------------------|------------|-------|
| 200 VMs*22 rules existing - startup|            |       |
|                       _modify_rules|   0.67s    | 1.05s |
|                 _apply_synchronized|   1.87s    | 2.89s |
|------------------------------------|------------|-------|
| 200 VMs*22 rules existing - add VM |            |       |
|                       _modify_rules|   0.68s    | 1.05s |
|                 _apply_synchronized|   2.07s    | 2.92s |
|------------------------------------+------------+-------+
|200 VMs*422 rules existing - startup|            |       |
|                       _modify_rules|   5.43s    | 8.17s |
|                 _apply_synchronized|  12.77s    |28.00s |
|------------------------------------|------------|-------|
|200 VMs*422 rules existing - add VM |            |       |
|                       _modify_rules|   6.41s    | 8.33s |
|                 _apply_synchronized|  33.09s    |33.80s |
+------------------------------------+------------+-------+

The _apply_synchronized times seem to converge when dealing
with ~85k rules. In the profile I can see that both approaches
seem to wait on iptables-restore for approximately the same
amount of time so it could be hitting the performance limits
of iptables-restore.

DocImpact
Partial-Bug: #1502297
Change-Id: Ia6470c85b6b71979006ffe5da9095fdcce3122c1
 		2015-11-23 06:09:28 +00:00
bin Replace 'import json' with oslo_serialization 2015-08-11 06:05:37 -07:00
devstack Refactoring devstack script 2015-09-21 00:02:00 +09:00
doc Merge "Consume ConfigurableMiddleware from oslo_middleware" 2015-10-09 12:16:28 +00:00
etc Merge "Removed neutronclient option from metadata agent" 2015-10-09 12:38:00 +00:00
neutron Use diffs for iptables restore instead of all rules 2015-11-23 06:09:28 +00:00
rally-jobs Changes in rally-jobs/README.rst 2015-06-04 10:34:15 -04:00
tools Remove OneConvergence plugin from the source tree 2015-10-05 16:49:22 -07:00
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:31:29 +00:00
.gitignore Remove quantum untracked files from .gitignore 2015-06-25 11:59:37 +00:00
.gitreview Fix .gitreview to not point at a branch 2015-08-17 13:51:51 -06:00
.mailmap Add mailmap entry 2014-05-16 13:40:04 -04:00
.pylintrc pylint: enable `duplicate-key` check 2015-06-04 13:10:44 +10:00
.testr.conf Workaround test stream corruption issue. 2015-09-05 04:19:40 +00:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2014-12-05 03:30:37 +00:00
HACKING.rst Python3: use six.iteritems() instead of dict.iteritems() 2015-06-01 23:13:42 +02:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
MANIFEST.in Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
README.rst Update the URLs to the Cloud Admin Guide 2015-08-24 17:24:34 +02:00
TESTING.rst Add pointers to access Neutron test coverage details 2015-10-08 12:26:27 -07:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
openstack-common.conf Switch to the oslo_utils.fileutils 2015-07-15 08:09:26 +03:00
requirements.txt Consume sslutils and wsgi modules from oslo.service 2015-10-08 17:58:53 +00:00
run_tests.sh Remove check for bash usage 2015-04-07 15:15:33 +00:00
setup.cfg Merge "Remove OneConvergence plugin from the source tree" 2015-10-07 01:39:08 +00:00
setup.py Updated from global requirements 2015-09-21 18:56:49 +00:00
test-requirements.txt Add testresources used by oslo.db fixture 2015-10-07 10:17:51 +00:00
tox.ini Add the functional-py34 and dsvm-functional-py34 targets to tox.ini 2015-10-07 11:43:19 +02:00

README.rst

Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

External Resources:

The homepage for Neutron is: http://launchpad.net/neutron. Use this site for asking for help, and filing bugs. Code is available on git.openstack.org at <http://git.openstack.org/cgit/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide

http://docs.openstack.org/admin-guide-cloud/networking.html

Networking Guide

http://docs.openstack.org/networking-guide/

Neutron API Reference:

http://docs.openstack.org/api/openstack-network/2.0/content/

Current Neutron developer documentation is available at:

http://wiki.openstack.org/NeutronDevelopment

For help on usage and hacking of Neutron, please send mail to <mailto:openstack-dev@lists.openstack.org>.

For information on how to contribute to Neutron, please see the contents of the CONTRIBUTING.rst file.