Skip to content

OpenShift SDN: Improvements to UpdateEgressNetworkPolicyRules()#19346

Merged
openshift-merge-robot merged 1 commit intoopenshift:masterfrom
pravisankar:egress-dns-fix
Apr 17, 2018
Merged

OpenShift SDN: Improvements to UpdateEgressNetworkPolicyRules()#19346
openshift-merge-robot merged 1 commit intoopenshift:masterfrom
pravisankar:egress-dns-fix

Conversation

@pravisankar
Copy link

@pravisankar pravisankar commented Apr 13, 2018
edited
Loading

@openshift-ci-robot openshift-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Apr 13, 2018
@pravisankar
Copy link
Author

pravisankar commented Apr 13, 2018

@openshift/sig-networking PTAL

@danwinship
Copy link
Contributor

danwinship commented Apr 13, 2018

Hm... so had you already written things this way before I pointed you to my ovs-transaction branch? I feel like that way is simpler, and it also has the advantage of automatically improving all uses of ovs-ofctl, without needing any further rewriting...

@mjudeikis mjudeikis mentioned this pull request Apr 14, 2018
Closed
Improve patching ovs flow rules in UpdateEgressNetworkPolicyRules
d615f22 
Old behavior:
1. Drop outgoing traffic
2. Examine egress np, generate and add ovs flows
3. Enable traffic
Step (2) could be slow when egress np has many DNS entries.

New behavior:
(1) Examine egress np, generate ovs flows (not added)
(2) Drop outgoing traffic
(3) Add generated ovs flows in (1)
(4) Enable traffic
@openshift-ci-robot openshift-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 17, 2018
@pravisankar
Copy link
Author

pravisankar commented Apr 17, 2018

@danwinship
Removed ovs transaction (bundle) changes from this pr. I chose ovs-ofctl bundle over ovs-ofctl add-flow/delete-flows --bundle because latter option only applies atomicity for a single flow either add or del flows where as in the former we can operate on multiple add and/or del flows.
Yes, exposing ovs bundle op needs quite a bit of rewrite. So I reworked on my previous approach that makes ovs.Transaction a real atomic transaction with minimal changes to the code base. I will post these changes in a separate pr.

Current changes on this pr should unblock #19276

@danwinship
Copy link
Contributor

danwinship commented Apr 17, 2018

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2018
@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 17, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, pravisankar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit c3d0a82 into openshift:master Apr 17, 2018
@danwinship danwinship mentioned this pull request Apr 18, 2018
Merged
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 24, 2018
Revert openshift#19346
bc80297 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 24, 2018
Revert openshift#19346
4159614 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request Apr 30, 2018
Revert openshift#19346
771595d 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
pravisankar pushed a commit to pravisankar/origin that referenced this pull request May 2, 2018
Revert openshift#19346
e752ca6 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
deads2k pushed a commit to openshift/sdn that referenced this pull request Jun 18, 2019
@deads2k
Revert openshift/origin#19346
d0528b7 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
saraberg pushed a commit to BonnierNews/origin that referenced this pull request Sep 20, 2019
Revert openshift#19346
4acacbb 
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dcbw dcbw Awaiting requested review from dcbw

@rajatchopra rajatchopra Awaiting requested review from rajatchopra

@danwinship danwinship Awaiting requested review from danwinship

@knobunc knobunc Awaiting requested review from knobunc

Assignees

@danwinship danwinship

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. component/networking lgtm Indicates that a PR is ready to be merged. sig/networking size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pravisankar @danwinship @openshift-ci-robot @openshift-merge-robot