Return-Path: 
 <dev-return-88605-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id EE25F17D04
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Fri, 22 Jan 2016 10:29:59 +0000 (UTC)
Received: (qmail 36955 invoked by uid 500); 22 Jan 2016 10:29:59 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 36895 invoked by uid 500); 22 Jan 2016 10:29:59 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 36884 invoked by uid 99); 22 Jan 2016 10:29:59 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jan 2016 10:29:59 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id CEA96E0098; Fri, 22 Jan 2016 10:29:58 +0000 (UTC)
From: borisroman <git@git.apache.org>
To: dev@cloudstack.apache.org
Reply-To: dev@cloudstack.apache.org
References: <git-pr-1356-cloudstack@git.apache.org>
In-Reply-To: <git-pr-1356-cloudstack@git.apache.org>
Subject: [GitHub] cloudstack pull request: More VR performance!
Content-Type: text/plain
Message-Id: <20160122102958.CEA96E0098@git1-us-west.apache.org>
Date: Fri, 22 Jan 2016 10:29:58 +0000 (UTC)

Github user borisroman commented on the pull request:

    https://github.com/apache/cloudstack/pull/1356#issuecomment-173872641
  
    @DaanHoogland It improves performance due to fact firewall rules are only created (in memory) once we expect a change. If for example a dhcp lease needs to be added, no firewall rules will be build or changed.
    
    At first these were always executed:
    ```
    -    # Always run both CsAcl().process() methods		
     -    # They fill the base rules in config.fw[]		
     -    acls = CsAcl('networkacl', config)		
     -    acls.process()		
     -		
     -    acls = CsAcl('firewallrules', config)		
     -    acls.process()		
     -		
     -    fwd = CsForwardingRules("forwardingrules", config)		
     -    fwd.process()		
     -		
     -    vpns = CsSite2SiteVpn("site2sitevpn", config)		
     -    vpns.process()		
     -		
     -    rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)		
     -    rvpn.process()		
     -		
     -    lb = CsLoadBalancer("loadbalancer", config)		
     -    lb.process()
    ```
    
    Now they are only executed if we expect change to the firewall rules.
    
    Less execution == more performance!
    
    Hope that clears up! :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---