)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d9bb9acbfdc41657a9619918b6bec4f0a56e2f72","unresolved":false,"context_lines":[{"line_number":9,"context_line":"In RULES_INGRESS_TABLE table 82 there is a rule for allow established and"},{"line_number":10,"context_line":"related connections. The current rule sends the packet directly to the dest"},{"line_number":11,"context_line":"port without doing a mac learning. This is causing ovs to age out the dest mac"},{"line_number":12,"context_line":"of the remote VM and causing the rule to be changed in flood rule."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Closes-Bug: #1897637"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9f560f44_5c73324f","line":12,"range":{"start_line":12,"start_character":21,"end_line":12,"end_character":65},"updated":"2020-09-30 02:52:20.000000000","message":"Hmm, looks like this is the egress flood issue, maybe take a look at this bug [1] and its fix [2].\n[1] https://bugs.launchpad.net/neutron/+bug/1732067\n[2] https://review.opendev.org/#/c/666991/\nPlease have a try to enable \"explicitly_egress_direct\u003dTrue\" to see if it could kill this flood.","commit_id":"67c40dc5b9221308ec1c8bf5cb9dbcb4c624ee5f"},{"author":{"_account_id":12171,"name":"Moshe Levi","email":"moshele@nvidia.com","username":"moshele"},"change_message_id":"f775c87c45fc4dcf1085487c02a7ab3a0abda8c3","unresolved":false,"context_lines":[{"line_number":9,"context_line":"In RULES_INGRESS_TABLE table 82 there is a rule for allow established and"},{"line_number":10,"context_line":"related connections. The current rule sends the packet directly to the dest"},{"line_number":11,"context_line":"port without doing a mac learning. This is causing ovs to age out the dest mac"},{"line_number":12,"context_line":"of the remote VM and causing the rule to be changed in flood rule."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Closes-Bug: #1897637"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9f560f44_3dc6006a","line":12,"range":{"start_line":12,"start_character":21,"end_line":12,"end_character":65},"in_reply_to":"9f560f44_5c73324f","updated":"2020-10-06 02:37:45.000000000","message":"\u003e Hmm, looks like this is the egress flood issue, maybe take a look\n \u003e at this bug [1] and its fix [2].\n \u003e [1] https://bugs.launchpad.net/neutron/+bug/1732067\n \u003e [2] https://review.opendev.org/#/c/666991/\n \u003e Please have a try to enable \"explicitly_egress_direct\u003dTrue\" to see\n \u003e if it could kill this flood.","commit_id":"67c40dc5b9221308ec1c8bf5cb9dbcb4c624ee5f"}],"neutron/agent/linux/openvswitch_firewall/firewall.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d9bb9acbfdc41657a9619918b6bec4f0a56e2f72","unresolved":false,"context_lines":[{"line_number":1336,"context_line":"                ct_state\u003dstate,"},{"line_number":1337,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1338,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1339,"context_line":"                actions\u003d\u0027mod_vlan_vid:{:d},normal\u0027.format(port.vlan_tag)"},{"line_number":1340,"context_line":"            )"},{"line_number":1341,"context_line":"        self._add_flow("},{"line_number":1342,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_dca622c1","line":1339,"range":{"start_line":1339,"start_character":43,"end_line":1339,"end_character":49},"updated":"2020-09-30 02:52:20.000000000","message":"+1, we have done some works to avoid using NORMAL flows, it can cause high CPU load of vswitchd when there are unknow dst MAC packets. Some bugs had described such behaivor as flood, ovs will send the packet to all ports under the same segment domain including those ports which have no local vlan.","commit_id":"67c40dc5b9221308ec1c8bf5cb9dbcb4c624ee5f"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"37f56faacf3d3f35338ba974f629eff12533affb","unresolved":false,"context_lines":[{"line_number":1336,"context_line":"                ct_state\u003dstate,"},{"line_number":1337,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1338,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1339,"context_line":"                actions\u003d\u0027mod_vlan_vid:{:d},normal\u0027.format(port.vlan_tag)"},{"line_number":1340,"context_line":"            )"},{"line_number":1341,"context_line":"        self._add_flow("},{"line_number":1342,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_051a11c5","line":1339,"updated":"2020-09-29 09:43:18.000000000","message":"That will forward to all OVS port some kind of traffic, like  multicast https://tools.ietf.org/html/rfc4541#section-2.1.2\n\nAnother reason to use explicit output was the performance.\n\nI would suggest, to keep the previous behavior and performance, to add a new config knob or read \"baremetal_smartnic\" (actually I prefer not to add a new config option)","commit_id":"67c40dc5b9221308ec1c8bf5cb9dbcb4c624ee5f"},{"author":{"_account_id":12171,"name":"Moshe Levi","email":"moshele@nvidia.com","username":"moshele"},"change_message_id":"f775c87c45fc4dcf1085487c02a7ab3a0abda8c3","unresolved":false,"context_lines":[{"line_number":1336,"context_line":"                ct_state\u003dstate,"},{"line_number":1337,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1338,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1339,"context_line":"                actions\u003d\u0027mod_vlan_vid:{:d},normal\u0027.format(port.vlan_tag)"},{"line_number":1340,"context_line":"            )"},{"line_number":1341,"context_line":"        self._add_flow("},{"line_number":1342,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_3d744036","line":1339,"range":{"start_line":1339,"start_character":43,"end_line":1339,"end_character":49},"in_reply_to":"9f560f44_dca622c1","updated":"2020-10-06 02:37:45.000000000","message":"\u003e +1, we have done some works to avoid using NORMAL flows, it can\n \u003e cause high CPU load of vswitchd when there are unknow dst MAC\n \u003e packets. Some bugs had described such behaivor as flood, ovs will\n \u003e send the packet to all ports under the same segment domain\n \u003e including those ports which have no local vlan.","commit_id":"67c40dc5b9221308ec1c8bf5cb9dbcb4c624ee5f"},{"author":{"_account_id":28714,"name":"Adrian Chiris","email":"adrianc@nvidia.com","username":"adrianc"},"change_message_id":"c1126d32cb7f2c4fe3befa68333cdf58e32f0822","unresolved":false,"context_lines":[{"line_number":1330,"context_line":"        actions \u003d \u0027output:{:d}\u0027.format(port.ofport)"},{"line_number":1331,"context_line":""},{"line_number":1332,"context_line":"        if (self.int_br.br.is_hw_offload_enabled and"},{"line_number":1333,"context_line":"                not cfg.CONF.AGENT.explicitly_egress_direct):"},{"line_number":1334,"context_line":"            actions \u003d \u0027mod_vlan_vid:{:d},normal\u0027.format(port.vlan_tag)"},{"line_number":1335,"context_line":"        # Allow established and related connections"},{"line_number":1336,"context_line":"        for state in (ovsfw_consts.OF_STATE_ESTABLISHED_REPLY,"}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_28c6859d","line":1333,"updated":"2020-10-08 07:55:52.000000000","message":"i think a comment explaining why we do that would be helpful down the road","commit_id":"cad73975b4babfee457d700b7dab2f7adc0a336f"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"510502788776ca31c3604a0c672328e7ff52df6f","unresolved":false,"context_lines":[{"line_number":1330,"context_line":"        actions \u003d \u0027output:{:d}\u0027.format(port.ofport)"},{"line_number":1331,"context_line":""},{"line_number":1332,"context_line":"        if (self.int_br.br.is_hw_offload_enabled and"},{"line_number":1333,"context_line":"                not cfg.CONF.AGENT.explicitly_egress_direct):"},{"line_number":1334,"context_line":"            actions \u003d \u0027mod_vlan_vid:{:d},normal\u0027.format(port.vlan_tag)"},{"line_number":1335,"context_line":"        # Allow established and related connections"},{"line_number":1336,"context_line":"        for state in (ovsfw_consts.OF_STATE_ESTABLISHED_REPLY,"}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_cfa1bc3c","line":1333,"in_reply_to":"9f560f44_28c6859d","updated":"2020-10-09 07:58:06.000000000","message":"A comment here and a small release note. This change could be small but important.\n\nAnyway, I\u0027m ok with this change.","commit_id":"cad73975b4babfee457d700b7dab2f7adc0a336f"}]}