Comment 4 for bug 1336207
Revision history for this message
| Liping Mao (limao) wrote Re: There is no quota for allowed address pair | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi Jeremy Stanley ,
I think this is not the same problem with bug 1184041.
This problem happens only if neutron with allowed address pair extension.
So it can happen in Havana / Icehouse / Juno trunk.
The reproduce steps :
1. boot a vm.
2. update the vm port with the attachment script.
Then you can see about 10,000 iptables rules on compute node. and the update of iptable rule will be very slow. And I think the performance of iptables update rule will be very bad if there are too many rules.
And the root cause is that we do not have quota for allowed address pair. And a user can update unlimited allowed address pair for one port.
Regards,
Liping Mao