Skip to content

Conversation

@geofffranks
Copy link
Contributor

@geofffranks geofffranks commented Aug 7, 2025

Summary

  • Normalizes DB data with join tables associating security_groups and spaces
  • Adds a migration to prepopulate associations prior to the next sync
  • When syncing, asg-syncer only updates security groups in the database that have changed compared to the existing data
  • Database updates are done in bulk to speed up transaction time
  • Significantly speeds up the database query for retrieving security groups by space guid using the normalized tables for filtering
  • small enhancements/fixes to cf multispace pusher (used for scaling out envs for testing)

Backward Compatibility

Breaking Change? No

@geofffranks geofffranks force-pushed the normalize-asg-schema branch 2 times, most recently from 0838ace to cb63480 Compare August 13, 2025 19:37
@geofffranks
Copy link
Contributor Author

Perf Testing Environment:
350 cells, 13k apps, 15k spaces, 40k security groups, 47k security group-space associations, 50 global asgs, 100 asgs bound to 75 spaces each, avg security group size 200 rules,

policy-server-asg-syncer results:
SecurityGroupsTotalSyncTime: ~6s for a single asg changing, 16s for all asgs changing.

vxlan-policy-server sync results (when cells were limited to having 200k iptables rules):
asgTotalPollTime: 25-50s

Overall results will depend on cloud controller + database load, as this deployment was isolated for testing just ASG performance.

When no changes are occuring, sync times are ~100ms for each process.

@geofffranks geofffranks marked this pull request as ready for review August 19, 2025 15:10
@geofffranks geofffranks requested a review from a team as a code owner August 19, 2025 15:10
- Normalizes DB data with join tables associating security_groups and
  spaces
- Adds a migration to prepopulate associations prior to the next sync
- When syncing, asg-syncer only updates security groups in the database that have changed
  compared to the existing data
- Database updates are done in bulk to speed up transaction time
- Significantly speeds up the database query for retrieving security groups by space
  guid using the normalized tables for filtering
@geofffranks geofffranks force-pushed the normalize-asg-schema branch from cb63480 to 9980949 Compare August 19, 2025 16:50
@geofffranks geofffranks force-pushed the normalize-asg-schema branch from bc64b90 to 64de98a Compare August 19, 2025 17:36
@ameowlia ameowlia self-requested a review August 19, 2025 17:38
@github-project-automation github-project-automation bot moved this from Inbox to Pending Merge | Prioritized in Application Runtime Platform Working Group Aug 19, 2025
@ameowlia ameowlia merged commit 159baaf into develop Aug 19, 2025
7 checks passed
@ameowlia ameowlia deleted the normalize-asg-schema branch August 19, 2025 17:39
@github-project-automation github-project-automation bot moved this from Pending Merge | Prioritized to Done in Application Runtime Platform Working Group Aug 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

3 participants