Skip to content

Speeds up ASG syncing and Querying #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 19, 2025
Merged

Speeds up ASG syncing and Querying #344

merged 3 commits into from
Aug 19, 2025

Conversation

@geofffranks
Copy link
Contributor

@geofffranks geofffranks commented Aug 7, 2025
edited
Loading

Summary

  • Normalizes DB data with join tables associating security_groups and spaces
  • Adds a migration to prepopulate associations prior to the next sync
  • When syncing, asg-syncer only updates security groups in the database that have changed compared to the existing data
  • Database updates are done in bulk to speed up transaction time
  • Significantly speeds up the database query for retrieving security groups by space guid using the normalized tables for filtering
  • small enhancements/fixes to cf multispace pusher (used for scaling out envs for testing)

Backward Compatibility

Breaking Change? No

@geofffranks geofffranks force-pushed the normalize-asg-schema branch 2 times, most recently from 0838ace to cb63480 Compare August 13, 2025 19:37
@geofffranks
Copy link
Contributor Author

geofffranks commented Aug 19, 2025

Perf Testing Environment:
350 cells, 13k apps, 15k spaces, 40k security groups, 47k security group-space associations, 50 global asgs, 100 asgs bound to 75 spaces each, avg security group size 200 rules,

policy-server-asg-syncer results:
SecurityGroupsTotalSyncTime: ~6s for a single asg changing, 16s for all asgs changing.

vxlan-policy-server sync results (when cells were limited to having 200k iptables rules):
asgTotalPollTime: 25-50s

Overall results will depend on cloud controller + database load, as this deployment was isolated for testing just ASG performance.

When no changes are occuring, sync times are ~100ms for each process.

@geofffranks geofffranks marked this pull request as ready for review August 19, 2025 15:10
@geofffranks geofffranks requested a review from a team as a code owner August 19, 2025 15:10
ameowlia
ameowlia requested changes Aug 19, 2025
View reviewed changes
@geofffranks
Speeds up ASG syncing and Querying
c86015c 
- Normalizes DB data with join tables associating security_groups and
  spaces
- Adds a migration to prepopulate associations prior to the next sync
- When syncing, asg-syncer only updates security groups in the database that have changed
  compared to the existing data
- Database updates are done in bulk to speed up transaction time
- Significantly speeds up the database query for retrieving security groups by space
  guid using the normalized tables for filtering
@geofffranks
Update multi-space-pusher to skip space creation and work during skip…
9980949 
… asg creation
@geofffranks geofffranks force-pushed the normalize-asg-schema branch from cb63480 to 9980949 Compare August 19, 2025 16:50
@geofffranks geofffranks force-pushed the normalize-asg-schema branch from bc64b90 to 64de98a Compare August 19, 2025 17:36
@ameowlia ameowlia self-requested a review August 19, 2025 17:38
@github-project-automation github-project-automation bot moved this from Inbox to Pending Merge | Prioritized in Application Runtime Platform Working Group Aug 19, 2025
@ameowlia ameowlia merged commit 159baaf into develop Aug 19, 2025
7 checks passed
@ameowlia ameowlia deleted the normalize-asg-schema branch August 19, 2025 17:39
@github-project-automation github-project-automation bot moved this from Pending Merge | Prioritized to Done in Application Runtime Platform Working Group Aug 19, 2025
@klapkov klapkov mentioned this pull request Sep 3, 2025
Closed
@klapkov klapkov mentioned this pull request Oct 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ebroberson ebroberson ebroberson left review comments

@ameowlia ameowlia ameowlia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Application Runtime Platform Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@geofffranks @ameowlia @ebroberson