What do you mean with re-plugged?
During my testing I always delete and create new Instances and every time
the Linux bridge+interfaces gets deleted and created as well.
Cheers
Chris
-----Original Message-----
From: Ihar Hrachyshka [mailto:ihrachys@redhat.com]
Sent: Thursday, October 30, 2014 00:04
To: Chris; rdo-list(a)redhat.com
Subject: Re: [Rdo-list] Compute Node without firewall (iptables) and Linux
bridge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Have you replugged your instances? VIF objects are persisted in db, I guess
with flags including the one that control whether a bridge should be
created.
Do you still see those bridges created for new instances?
/Ihar
On 29/10/14 11:26, Chris wrote:
Hello,
1) we just don't need it, we are using the provider network which
includes hardware firewalls. 2) We have huge performance problems
regarding TCP_CRR / TCP_RR. The OpenStack VMs can deal just half of
TCP connections per second compared to our bare metal installations.
Throughput (10Gbit NIC) is fine though. Specs VMs and bare metal are
of course equal (RAM, Cores, etc.)
Did a lot of testing regarding the performance issues, it happens
"after" the both (br-int/br-ex) openvswitches. Upgraded ovs to version
2.3 just fyi.
Cheers Chris
-----Original Message----- From: rdo-list-bounces(a)redhat.com
[mailto:rdo-list-bounces@redhat.com] On Behalf Of Ihar Hrachyshka
Sent: Wednesday, October 29, 2014 16:51 To: rdo-list(a)redhat.com
Subject: Re: [Rdo-list] Compute Node without firewall (iptables) and
Linux bridge
On 29/10/14 09:33, Chris wrote:
> Hello
> I?m looking for a way to disable any firewall feature in one of our
> compute nodes and prevent the creation of the Linux bridge in the
> data path inside of this compute node.
Can you elaborate on reasons to disable it? Of course it sounds a bit
not optimal, but do you have any performance concerns that you try to
address in this way?
> We using the RDO Icehouse release.
> Here is the configuration in the compute node:
> #/etc/neutron/plugin.ini
> [securitygroup]
> #firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
> firewall_driver = neutron.agent.firewall.NoopFirewall
> # enable_security_group = True
> enable_security_group = False
> #/etc/nova/nova.conf
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
> #security_group_api = neutron
> #/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
> [securitygroup]
> firewall_driver = neutron.agent.firewall.NoopFirewallDriver
> enable_security_group = False
> The firewall seems to be disabled but the bridge and the interfaces
> are being still created.
> I found an older post about it:
>
http://lists.openstack.org/pipermail/openstack/2014-May/007079.html
> But changing ?portbindings.OVS_HYBRID_PLUG" from a hard-coded "True"
> to "False" didn?t change anything.
> Please advise!
> Cheers
> Chris
> _______________________________________________ Rdo-list mailing list
> Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
_______________________________________________ Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQEcBAEBCgAGBQJUUR4LAAoJEC5aWaUY1u57uQgIAIUWQaBW9HshqnJiUSgsuH/5
9a7p0fZJW2JwhZ00TFq6K4njjPV2xnHKQrae1MbEduOD0SwpcXlzR2dXbOXLx8Mm
swWJim87X4uKNnK2c6MD1WB7wB1d3yVS4SurgS7/DFPyQD1ysHq4FM/XyWSNGcy/
n2GW5TMNokFe6gLXU9r/yDQlsnQsARmK5wnZ63VXHl3S9qnH2gnLPsuZh7X3FUV8
RAsiA9IR2RqiBamS3oGssgP0zIxkNRUwS+muZx//dwRr1NkqZMBNrkdN2t/PZLnD
MBwTX5e8uwJ1Jn5mQB7Wy9n1NdkNTPxZT2R5fBU70UVn8qJbXVzzyif7h4we0zU=
=VUIE
-----END PGP SIGNATURE-----