Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenShift SDN: Improvements to UpdateEgressNetworkPolicyRules() #19346

Merged
merged 1 commit into from
Apr 17, 2018
Merged

OpenShift SDN: Improvements to UpdateEgressNetworkPolicyRules() #19346

merged 1 commit into from
Apr 17, 2018

Conversation

pravisankar
Copy link

@pravisankar pravisankar commented Apr 13, 2018
edited
Loading

@openshift-ci-robot openshift-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Apr 13, 2018
@pravisankar
Copy link
Author

@openshift/sig-networking PTAL

@danwinship
Copy link
Contributor

Hm... so had you already written things this way before I pointed you to my ovs-transaction branch? I feel like that way is simpler, and it also has the advantage of automatically improving all uses of ovs-ofctl, without needing any further rewriting...

@mjudeikis mjudeikis mentioned this pull request Apr 14, 2018
Closed
Improve patching ovs flow rules in UpdateEgressNetworkPolicyRules
d615f22 
Old behavior:
1. Drop outgoing traffic
2. Examine egress np, generate and add ovs flows
3. Enable traffic
Step (2) could be slow when egress np has many DNS entries.

New behavior:
(1) Examine egress np, generate ovs flows (not added)
(2) Drop outgoing traffic
(3) Add generated ovs flows in (1)
(4) Enable traffic
@openshift-ci-robot openshift-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 17, 2018
@pravisankar
Copy link
Author

@danwinship
Removed ovs transaction (bundle) changes from this pr. I chose ovs-ofctl bundle over ovs-ofctl add-flow/delete-flows --bundle because latter option only applies atomicity for a single flow either add or del flows where as in the former we can operate on multiple add and/or del flows.
Yes, exposing ovs bundle op needs quite a bit of rewrite. So I reworked on my previous approach that makes ovs.Transaction a real atomic transaction with minimal changes to the code base. I will post these changes in a separate pr.

Current changes on this pr should unblock #19276

@danwinship
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2018
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, pravisankar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit c3d0a82 into openshift:master Apr 17, 2018
@danwinship danwinship mentioned this pull request Apr 18, 2018
Merged
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 24, 2018
Revert openshift#19346
bc80297 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 24, 2018
Revert openshift#19346
4159614 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 30, 2018
Revert openshift#19346
771595d 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request May 2, 2018
Revert openshift#19346
e752ca6 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
deads2k pushed a commit to openshift/sdn that referenced this pull request Jun 18, 2019
@deads2k
Revert openshift/origin#19346
d0528b7 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
saraberg pushed a commit to BonnierNews/origin that referenced this pull request Sep 20, 2019
Revert openshift#19346
4acacbb 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcbw dcbw Awaiting requested review from dcbw

@rajatchopra rajatchopra Awaiting requested review from rajatchopra

@danwinship danwinship Awaiting requested review from danwinship

@knobunc knobunc Awaiting requested review from knobunc

Assignees

@danwinship danwinship

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. component/networking lgtm Indicates that a PR is ready to be merged. sig/networking size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pravisankar @danwinship @openshift-ci-robot @openshift-merge-robot