-
Notifications
You must be signed in to change notification settings - Fork 33
/
NEWS
2038 lines (1971 loc) · 105 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Post-v3.3.0
--------------------
- Option '--mlockall' now only locks memory pages on fault, if possible.
This also makes it compatible with vHost Post-copy Live Migration.
- ovs-appctl:
* Added new option [-f|--format] to choose the output format, e.g. 'json'
or 'text' (by default).
* Added new option [--pretty] to print JSON output in a readable fashion.
* 'dpif/show' and 'list-commands' now support output in JSON format.
- Userspace datapath:
* Conntrack now supports 'random' flag for selecting ports in a range
while natting and 'persistent' flag for selection of the IP address
from a range.
* IPv6 UDP tunnel encapsulation including Geneve and VXLAN will now
honour the csum option. Configuring the interface with
"options:csum=false" now has the same effect as the udp6zerocsumtx
option has with Linux kernel UDP tunnels.
- The primary development branch has been renamed from 'master' to 'main'.
The OVS tree remains hosted on GitHub.
https://github.com/openvswitch/ovs.git
- DPDK:
* OVS validated with DPDK 23.11.1.
* Link status changes are now handled via interrupt mode if the DPDK
driver supports it. It is possible to revert to polling mode by setting
per interface 'options:dpdk-lsc-interrupt' to 'false'.
- Python:
* Added custom transaction support to the Idl via add_op().
* Added support for different output formats like 'json' to Python's
unixctl classes.
- Tunnels:
* Previously the kernel datapath did not enable UDP checksums by default
in IPv6 tunnels. This behaviour is non-standard, differs from the
Linux kernel, and as also different than the userspace datapath. Now
these tunnels will calculate checksums by default and that behaviour can
be changed with "options:csum=false" just as with the userspace
datapath.
v3.3.0 - 16 Feb 2024
--------------------
- OVSDB:
* Support pre-vote mechanism in RAFT that protects the cluster against
disruptive servers (section 9.6 of the original RAFT paper). Upgrading
from older version is supported but it may trigger more leader elections
during the process, and error logs complaining unrecognized fields may
be observed on old nodes.
* New command line option --config-file that allows a fine control over
remotes and database configuration, including setting options for
connection methods for relays and active-backup replication.
For more details see ovsdb-server(1) and ovsdb(7).
* Make use of cooperative multitasking to improve maintenance of RAFT
cluster during long running processing such as online schema conversion.
- OpenFlow:
* NXT_CT_FLUSH extension is updated to support flushing connections
based on mark and labels. 'ct-flush' command of ovs-ofctl updated
to support these new arguments accordingly.
- ovs-appctl:
* 'ofproto/trace' now reports OpenFlow rules that make up a conjunctive
flow match.
* Output of 'dpctl/show' command no longer shows interface configuration
status, only values of the actual configuration options, a.k.a.
'requested' configuration. The interface configuration status,
a.k.a. 'configured' values, can be found in the 'status' column of
the Interface table, i.e. with 'ovs-vsctl get interface <..> status'.
Reported names adjusted accordingly.
* Added support for removal of default CT zone limit, e.g.
"ovs-appctl dpctl/ct-del-limits default".
* 'dpctl/flush-conntrack' is now capable of flushing connections based
on mark and labels.
* 'mdb/show': support for multicast snooping to show the protocol
responsible for adding/updating the entry.
- ovs-vsctl:
* New commands 'set-zone-limit', 'del-zone-limit' and 'list-zone-limits'
to manage the maximum number of connections in conntrack zones via
a new 'limit' column in the 'CT_Zone' database table and
'ct_zone_default_limit' column in the 'Datapath' table.
- Userspace datapath:
* Added support for Generic Segmentation Offloading for the cases where
TSO is enabled but not supported by an egress interface (except for
tunnel interfaces).
* 'pmd-sleep-max' is updated to also accept pmd-thread-core:sleep-max.
The existing behaviour is maintained and a non key:value pair value
will be applied to all other PMD thread cores.'pmd-sleep-show' is
updated to show the maximum sleep for each PMD thread core.
* The userspace conntrack module no longer requires the user to specify
connection helpers in all flow rules. Instead, the helper specified
during connection commit will be used by default.
- DPDK:
* Add support for DPDK 23.11.
v3.2.0 - 17 Aug 2023
--------------------
- OVSDB:
* Changed format in which ovsdb schema conversion operations are stored in
clustered database files. Such operations are now allowed to contain
the bare schema (without data). This allows to significantly improve
the schema conversion performance.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one, if
conversion operation is present. For the cluster service model follow
upgrade instructions in 'Upgrading from version 3.1 and earlier to 3.2
and later' section of ovsdb(7).
* When ovsdb-server is running in relay mode, the probe interval is
now configurable via 'ovsdb-server/set-relay-source-probe-interval'
unixctl command.
- IPFIX template and statistics intervals can now be configured through two
new options in the IPFIX table: 'template_interval' and 'stats_interval'.
- Linux kernel datapath:
* OVS now collects per-interface upcall statistics that can be obtained
via 'ovs-appctl dpctl/show -s' or the interface's statistics column
in OVSDB. Available with upstream kernel 6.2+.
- OVS route table in userspace now takes into account preferred source
address from cached kernel routes.
- ovs-appctl:
* Add support for selecting the source address with the
'ovs-appctl ovs/route/add' command.
* New commands "dpctl/{ct-get-sweep-interval,ct-set-sweep-interval}" that
allow to get and set, for the userspace datapath, the sweep interval
for the conntrack garbage collector.
* New commands "dpctl/dump-conntrack-exp" that allows to dump
conntrack's expectations for the userspace datapath.
- ovs-ctl:
* Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask
value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002
in order to create OVSDB sockets with access mode of 0770.
- QoS:
* Added new configuration option 'jitter' for a linux-netem QoS type.
* 'linux-htb' QoS type now supports rates higher than 34 Gbps.
- Ingress Policing:
* Ingress policing byte rates can now be configured higher than 34 Gbps.
- DPDK:
* ovs-vswitchd will keep the CAP_SYS_RAWIO capability when started
with the --hw-rawio-access command line option. This allows the
process extra privileges when mapping physical interconnect memory.
* New experimental "rx-steering=rss+<protocol>" option to redirect
certain protocols (for now, only LACP) to a dedicated hardware queue
using the rte_flow API.
- SRv6 Tunnel Protocol
* Added support for userspace datapath (only).
- Userspace datapath:
* Connection tracking now supports extraction of SCTP L4 information.
* Implementation of OpenFlow meters is now lockless allowing for better
multi-thread scalability.
* IP and L4 checksum offload support is now enabled by default for
interfaces that support it. See the 'status' column in the 'interface'
table to check the status.
* 'pmd-maxsleep' other_config was renamed to 'pmd-sleep-max'.
'pmd-maxsleep' is deprecated and will be removed in a future release.
* 'ovs-appctl dpif-netdev/pmd-sleep-show' command was added to get the
max sleep configuration of PMD thread cores.
* Removed experimental tag from PMD load based sleeping.
- Linux TC offload:
* Add support for offloading VXLAN tunnels with the GBP extensions.
- Python
* Added async DNS support.
* Dropped support for Python < 3.6.
v3.1.0 - 16 Feb 2023
--------------------
- ovs-vswitchd now detects changes in CPU affinity and adjusts the number
of handler and revalidator threads if necessary.
- AF_XDP:
* Added support for building with libxdp and libbpf >= 0.7.
* Support for AF_XDP is now enabled by default if all dependencies are
available at the build time. Use --disable-afxdp to disable.
Use --enable-afxdp to fail the build if dependencies are not present.
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
- OVSDB-IDL:
* Add the support to specify the persistent uuid for row insert in both
C and Python IDLs.
- Windows:
* Conntrack IPv6 fragment support.
- DPDK:
* Add support for DPDK 22.11.1.
- For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
10 Gbps link speed by default in case the actual link speed cannot be
determined. Previously it was 10 Mbps. Values can still be overridden
by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
- OpenFlow:
* New OpenFlow extension NXT_CT_FLUSH to flush connections matching
the specified fields.
- ovs-ctl:
* New option '--dump-hugepages' to include hugepages in core dumps. This
can assist with postmortem analysis involving DPDK, but may also produce
significantly larger core dump files.
- ovs-dpctl and 'ovs-appctl dpctl/' commands:
* 'flush-conntrack' is now capable of handling partial 5-tuple,
with additional optional parameter to specify the reply direction.
- ovs-ofctl:
* New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
5-tuple) for both directions.
- Support for travis-ci.org based continuous integration builds has been
dropped.
- Userspace datapath:
* Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
the pmd usage of an Rx queue over a configurable time period.
* Add new experimental PMD load based sleeping feature. PMD threads can
request to sleep up to a user configured 'pmd-maxsleep' value under
low load conditions.
v3.0.0 - 15 Aug 2022
--------------------
- libopenvswitch API change:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
- OVSDB:
* 'relay' service model now supports transaction history, i.e. honors the
'last-txn-id' field in 'monitor_cond_since' requests from clients.
* New unixctl command 'ovsdb-server/tlog-set DB:TABLE on|off".
If turned on, ovsdb-server will log (at level INFO and rate limited)
all operations that are committed to table TABLE in the DB database.
* New Local_Config schema added to support Connections (--remote)
configuration in a clustered databse independently for each server.
E.g. for listening on unique addresses. See the ovsdb.local-config.5
manpage for schema details.
* Returning unused memory to the OS after the database compaction is now
enabled by default. Use 'ovsdb-server/memory-trim-on-compaction off'
unixctl command to disable.
* Most of the work for the automatic database compaction in clustered
mode has been moved to a separate thread to avoid blocking the process.
- OVSDB-IDL:
* New monitor mode flag, OVSDB_IDL_WRITE_CHANGED_ONLY, allowing
applications to relax atomicity requirements when dealing with
columns whose value has been rewritten (but not changed).
- OpenFlow:
* Extended Flow Monitoring support for all supported OpenFlow versions:
OpenFlow versions 1.0-1.2 with Nicira Extensions
OpenFlow versions 1.3 with Open Network Foundation extension
OpenFlow versions 1.4+, as defined in the OpenFlow specification
- Python:
* Added a new flow parsing library ovs.flow capable of parsing
both OpenFlow and datapath flows.
- IPsec:
* Added support for custom per-tunnel options via 'options:ipsec_*' knobs.
See Documentation/tutorials/ipsec.rst for details.
- Windows:
* Conntrack support for TCPv6, UDPv6, ICMPv6, FTPv6.
* IPv6 Geneve tunnel support.
- DPDK:
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
* Delay creating or reusing a mempool for vhost ports until the VM
is started. A failure to create a mempool will now be logged only
when the VM is started.
* New configuration knob 'other_config:shared-mempool-config' to set MTU
that shared mempool mbuf size is based on. This allows interfaces with
different MTU sizes to share mempools.
- Userspace datapath:
* Improved multi-thread scalability of the userspace connection tracking.
* 'dpif-netdev/subtable-lookup-prio-get' appctl command renamed to
'dpif-netdev/subtable-lookup-info-get' to better reflect its purpose.
The old variant is kept for backward compatibility.
* Add actions auto-validator function to compare different actions
implementations against default implementation.
* Add command line option to switch between different actions
implementations available at run time.
* Add build time configure command to enable auto-validator as default
actions implementation at build time.
* Add AVX512 implementation of actions.
- Debian packaging updated to be on par with package source in Debian/Ubuntu.
* Provided an openvswitch-switch-dpdk package that integrates with the
dpdk package in the distributions so that end users can opt into a
DPDK-enabled Open vSwitch binary.
* Provided systemd service files.
* Provided openvswitch-source package for reproducible integrated build of
for example OVN.
* Shared library and subsequently libopenvswitch and libopenvswitch-dev
binary packages are no longer built.
- Linux TC offload:
* Add support for offloading meters via tc police.
* Add support for offloading the check_pkt_len action.
- New configuration knob 'other_config:all-members-active' for
balance-slb bonds.
- Previously deprecated Linux kernel module is now fully removed from
the OVS source tree. The version provided with the Linux kernel
should be used instead.
- XenServer: Support for integration with XenServer has been removed due to
lack of maintenance and bitrot.
v2.17.0 - 17 Feb 2022
---------------------
- Userspace datapath:
* Optimized flow lookups for datapath flows with simple match criteria.
See 'Simple Match Lookup' in Documentation/topics/dpdk/bridge.rst.
* New per-interface configuration knob 'other_config:tx-steering'. If set
to 'hash', enables hash-based Tx packet steering mode to utilize all the
Tx queues of the interface regardles of the number of PMD threads.
* Removed experimental tag for PMD Auto Load Balance.
* New configuration knob 'other_config:n-offload-threads' to change the
number of HW offloading threads.
- DPDK:
* EAL argument --socket-mem is no longer configured by default upon
start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified,
DPDK defaults will be used.
* EAL argument --socket-limit no longer takes on the value of --socket-mem
by default. 'other_config:dpdk-socket-limit' can be set equal to
the 'other_config:dpdk-socket-mem' to preserve the legacy memory
limiting behavior.
* EAL argument --in-memory is applied by default if supported.
* Add hardware offload support for matching IPv4/IPv6 frag types
(experimental).
* Add hardware offload support for GRE flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add support for DPDK 21.11.
* Forbid use of DPDK multiprocess feature.
* Add support for running threads on cores >= RTE_MAX_LCORE.
- Python:
* For SSL support, the use of the pyOpenSSL library has been replaced
with the native 'ssl' module.
- OVSDB:
* Python library for OVSDB clients now also supports faster
resynchronization with a clustered database after a brief disconnection,
i.e. 'monitor_cond_since' monitoring method.
* Major improvement in the performance of the OVSDB server. See the
"OVSDB: Performance and Scale Journey '21" talk of OVS+OVN Conf'21.
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands 'cache-get-size' and 'cache-set-size' that allows to
get or configure linux kernel datapath cache sizes.
- ovs-ofctl dump-flows no longer prints "igmp". Instead the flag
"ip,nw_proto=2" is used.
- ovs-appctl:
* New command tnl/neigh/aging to read/write the neigh aging time.
- OpenFlow:
* Default selection method for select groups with up to 256 buckets is
now dp_hash. Previously this was limited to 64 buckets. This change
is mainly for the benefit of OVN load balancing configurations.
* Encap & Decap action support for MPLS packet type.
- Ingress policing on Linux now uses 'matchall' classifier instead of
'basic', if available.
- Add User Statically-Defined Tracing (USDT) probe framework support.
v2.16.0 - 16 Aug 2021
---------------------
- Removed support for 1024-bit Diffie-Hellman key exchange, which is now
considered unsafe.
- Ingress Policing:
* Rate limiting configuration now supports setting packet-per-second
limits in addition to the previously configurable byte rate settings.
This is not supported in the userspace datapath yet.
- OVSDB:
* Introduced new database service model - "relay". Targeted to scale out
read-mostly access (ovn-controller) to existing databases.
For more information: ovsdb(7) and Documentation/topics/ovsdb-relay.rst
* New command line options --record/--replay for ovsdb-server and
ovsdb-client to record and replay all the incoming transactions,
monitors, etc. More datails in Documentation/topics/record-replay.rst.
* The Python Idl class now has a cooperative_yield() method that can be
overridden by an application that uses eventlet / gevent / asyncio with
the desired yield method (e.g. {eventlet,gevent,asyncio}.sleep(0)) to
prevent the application from being blocked for a long time while
processing database updates.
- In ovs-vsctl and vtep-ctl, the "find" command now accept new
operators {in} and {not-in}.
- Userspace datapath:
* Auto load balancing of PMDs now partially supports cross-NUMA polling
cases, e.g if all PMD threads are running on the same NUMA node.
* Userspace datapath now supports up to 2^18 meters.
* Added support for systems with non-contiguous NUMA nodes and core ids.
* Added all-zero IP SNAT handling to conntrack. In case of collision,
using ct(src=0.0.0.0), the source port will be replaced with another
non-colliding port in the ephemeral range (1024, 65535).
* Refactor lib/dpif-netdev.c to multiple header files.
* Add avx512 implementation of dpif which can process non recirculated
packets. It supports partial HWOL, EMC, SMC and DPCLS lookups.
* Add commands to get and set the dpif implementations.
* Add a partial HWOL PMD statistic counting hits similar to existing
EMC/SMC/DPCLS stats.
* Enable AVX512 optimized DPCLS to search subtables with larger miniflows.
* Add more specialized DPCLS subtables to cover common rules, enhancing
the lookup performance.
* Enable the AVX512 DPCLS implementation to use VPOPCNT instruction if the
CPU supports it. This enhances performance by using the native vpopcount
instructions, instead of the emulated version of vpopcount.
* Add command line option to switch between MFEX function pointers.
* Add miniflow extract auto-validator function to compare different
miniflow extract implementations against default implementation.
* Add study function to miniflow function table which studies packet
and automatically chooses the best miniflow implementation for that
traffic.
* Add build time configure command to enable auto-validatior as default
miniflow implementation at build time.
* Cache results for CPU ISA checks, reduces overhead on repeated lookups.
* Add AVX512 based optimized miniflow extract function for traffic type
IPv4/UDP, IPv4/TCP, Vlan/IPv4/UDP and Vlan/Ipv4/TCP.
* Added new 'group' option to pmd-rxq-assign. This will assign rxq to pmds
purely based on rxq and pmd load.
* Add new 'pmd-rxq-isolate' option that can be set to 'false' in order
that pmd cores which are pinned with rxqs using 'pmd-rxq-affinity'
are available for assigning other non-pinned rxqs.
- ovs-ctl:
* New option '--no-record-hostname' to disable hostname configuration
in ovsdb on startup.
* New command 'record-hostname-if-not-set' to update hostname in ovsdb.
- DPDK:
* OVS validated with DPDK 20.11.1. It is recommended to use this version
until further releases.
* New debug appctl command 'dpdk/get-malloc-stats'.
* Add hardware offload support for tunnel pop action (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add hardware offload support for VXLAN flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* EAL options --socket-mem and --socket-limit to have default values
removed with 2.17 release. Logging added to alert users.
- ovsdb-tool:
* New option '--election-timer' to the 'create-cluster' command to set the
leader election timer during cluster creation.
- OVS now reports the datapath capability 'ct_zero_snat', which reflects
whether the SNAT with all-zero IP address is supported.
See ovs-vswitchd.conf.db(5) for details.
- ovs-appctl:
* Added ability to add and delete static mac entries using:
'ovs-appctl fdb/add <bridge> <port> <vlan> <mac>'
'ovs-appctl fdb/del <bridge> <vlan> <mac>'
- Linux datapath:
* ovs-vswitchd will configure the kernel module using per-cpu dispatch
mode (if available). This changes the way upcalls are delivered to user
space in order to resolve a number of issues with per-vport dispatch.
* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
the current dispatch mode for each datapath.
v2.15.0 - 15 Feb 2021
---------------------
- OVSDB:
* Changed format in which ovsdb transactions are stored in database files.
Now each transaction contains diff of data instead of the whole new
value of a column.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one.
For cluster and active-backup service models follow upgrade instructions
in 'Upgrading from version 2.14 and earlier to 2.15 and later' section
of ovsdb(7).
* New unixctl command 'ovsdb-server/get-db-storage-status' to show the
status of the storage that's backing a database.
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
If turned on, ovsdb-server will try to reclaim all the unused memory
after every DB compaction back to OS. Disabled by default.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
Once threshold reached, connection is dropped (and re-established).
Use the 'cluster/set-backlog-threshold' command to change limits.
- DPDK:
* Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
- Userspace datapath:
* Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which
restricts a flow dump to a single PMD thread if set.
* New 'options:dpdk-vf-mac' field for DPDK interface of VF ports,
that allows configuring the MAC address of a VF representor.
* Add generic IP protocol support to conntrack. With this change, all
none UDP, TCP, and ICMP traffic will be treated as general L3
traffic, i.e. using 3 tupples.
* Add parameters 'pmd-auto-lb-load-threshold' and
'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance
behaviour.
- The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
- Linux datapath:
* Support for kernel versions up to 5.8.x.
- Terminology:
* The terms "master" and "slave" have been replaced by "primary" and
"secondary", respectively, for OpenFlow connection roles.
* The term "slave" has been replaced by "member", for bonds, LACP, and
OpenFlow bundle actions.
- Support for GitHub Actions based continuous integration builds has been
added.
- Bareudp Tunnel
* Bareudp device support is present in linux kernel from version 5.7
* Kernel bareudp device is not backported to ovs tree.
* Userspace datapath support is not added
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands '{add,mod,del}-flows' where added, which allow adding,
deleting, or modifying flows based on information read from a file.
- IPsec:
* Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
tearing down IPsec tunnels.
* Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
without restarting ipsec daemon.
- Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18
v2.14.0 - 17 Aug 2020
---------------------
- ovs-vswitchd no longer deletes datapath flows on exit by default.
- OpenFlow:
* The OpenFlow ofp_desc/serial_num may now be configured by setting the
value of other-config:dp-sn in the Bridge table.
* Added support to watch CONTROLLER port status in fast failover group.
* New action "delete_field".
- DPDK:
* Deprecated DPDK pdump packet capture support removed.
* Deprecated DPDK ring ports (dpdkr) are no longer supported.
* Add hardware offload support for VLAN Push/Pop actions (experimental).
* Add hardware offload support for matching IPv6 protocol (experimental).
* Add hardware offload support for set of IPv6 src/dst/ttl
and tunnel push-output actions (experimental).
* OVS validated with DPDK 19.11.2, due to the inclusion of fixes for
CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725 and
CVE-2020-10726, this DPDK version is strongly recommended to be used.
* New 'ovs-appctl dpdk/log-list' and 'ovs-appctl dpdk/log-set' commands
to list and change log levels in DPDK components.
* Vhost-user Dequeue zero-copy support is deprecated and will be removed
in the next release.
- Linux datapath:
* Support for kernel versions up to 5.5.x.
- AF_XDP:
* New netdev class 'afxdp-nonpmd' for netdev-afxdp to save CPU cycles
by enabling interrupt mode.
- Userspace datapath:
* Removed artificial datapath flow limit that was 65536.
Now number of datapath flows is fully controlled by revalidators and the
'other_config:flow-limit' knob.
* Add support for conntrack zone-based timeout policy.
* New configuration knob 'other_config:lb-output-action' for bond ports
that enables new datapath action 'lb_output' to avoid recirculation
in balance-tcp mode. Disabled by default.
* Add runtime CPU ISA detection to allow optimized ISA functions
* Add support for dynamically changing DPCLS subtable lookup functions
* Add ISA optimized DPCLS lookup function using AVX512
- New configuration knob 'other_config:bond-primary' for AB bonds
that specifies interface will be the preferred port if it is active.
- Tunnels: TC Flower offload
* Tunnel Local endpoint address masked match are supported.
* Tunnel Romte endpoint address masked match are supported.
- GTP-U Tunnel Protocol
* Add two new fields: tun_gtpu_flags, tun_gtpu_msgtype.
* Only support for userspace datapath.
v2.13.0 - 14 Feb 2020
---------------------
- OVN:
* OVN has been removed from this repository. It now exists as a
separate project. You can find it at
https://github.com/ovn-org/ovn.git
- Userspace datapath:
* Add option to enable, disable and query TCP sequence checking in
conntrack.
* Add support for conntrack zone limits.
* Command "ovs-appctl dpctl/dump-flows" refactored to show subtable
miniflow bits for userspace datapath.
- AF_XDP:
* New option 'use-need-wakeup' for netdev-afxdp to control enabling
of corresponding 'need_wakeup' flag in AF_XDP rings. Enabled by default
if supported by libbpf.
* 'xdpmode' option for netdev-afxdp renamed to 'xdp-mode'.
Modes also updated. New values:
native-with-zerocopy - former DRV
native - new one, DRV without zero-copy
generic - former SKB
best-effort [default] - new one, chooses the best available from
3 above modes
- DPDK:
* DPDK pdump packet capture support disabled by default. New configure
option '--enable-dpdk-pdump' to enable it.
* DPDK pdump support is deprecated and will be removed in next releases.
* DPDK ring ports (dpdkr) are deprecated and will be removed in next
releases.
* Add support for DPDK 19.11.
* Add hardware offload support for output, drop, set of MAC, IPv4 and
TCP/UDP ports actions (experimental).
* Add experimental support for TSO.
- RSTP:
* The rstp_statistics column in Port table will only be updated every
stats-update-interval configured in Open_vSwitch table.
- OVSDB:
* When ovsdb-server is running in backup mode, the default value of probe
interval is increased to 60 seconds for the connection to the
replication server. This value is configurable with the unixctl
command - ovsdb-server/set-active-ovsdb-server-probe-interval.
* ovsdb-server: New OVSDB extension to allow clients to specify row UUIDs.
- 'ovs-appctl dpctl/dump-flows' can now show offloaded=partial for
partially offloaded flows, dp:dpdk for fully offloaded by dpdk, and
type filter supports new filters: "dpdk" and "partially-offloaded".
- Add new argument '--offload-stats' for command
'ovs-appctl bridge/dump-flows',
so it can display offloaded packets statistics.
v2.12.0 - 03 Sep 2019
---------------------
- DPDK:
* New option 'other_config:dpdk-socket-limit' to limit amount of
hugepage memory that can be used by DPDK.
* Add support for vHost Post-copy Live Migration (experimental).
* OVS validated with DPDK 18.11.2 which is the new minimal supported
version.
* DPDK 18.11.1 and lower is no longer supported.
* New option 'tx-retries-max' to set the maximum amount of vhost tx
retries that can be made.
- OpenFlow:
* All features required by OpenFlow 1.5 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.5 by default (in addition to
OpenFlow 1.0 to 1.4).
* Removed support for OpenFlow 1.6 (draft), which ONF abandoned.
* New action "check_pkt_larger".
* Support for OpenFlow 1.5 "meter" action.
- Userspace datapath:
* ICMPv6 ND enhancements: support for match and set ND options type
and reserved fields.
* Add v4/v6 fragmentation support for conntrack.
* New ovs-appctl "dpctl/ipf-set-enabled" and "dpctl/ipf-set-disabled"
commands for userspace datapath conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-set-min-frag" command for userspace
datapath conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-set-max-nfrags" command for userspace datapath
conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-get-status" command for userspace datapath
conntrack fragmentation support.
* New action "check_pkt_len".
* Port configuration with "other-config:priority-tags" now has a mode
that retains the 802.1Q header even if VLAN and priority are both zero.
* 'ovs-appctl exit' now implies cleanup of non-internal ports in userspace
datapath regardless of '--cleanup' option. Use '--cleanup' to remove
internal ports too.
* Removed experimental tag for SMC cache.
* Datapath classifer code refactored to enable function pointers to select
the lookup implementation at runtime. This enables specialization of
specific subtables based on the miniflow attributes, enhancing the
performance of the subtable search.
* Add Linux AF_XDP support through a new experimental netdev type "afxdp".
- OVSDB:
* OVSDB clients can now resynchronize with clustered servers much more
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
* Support to convert from cluster database to standalone database is now
available when clustered is down and cannot be revived using ovsdb-tool
. Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
* IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
- add the capability to specify a static IPv4 and/or IPv6 address and
get the L2 one allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IPv4 addr> <IPv6 addr>"
* Added the HA chassis group support.
* Added 'external' logical port support.
* Added Policy-based routing(PBR) support to create permit/deny/reroute
policies on the logical router. New table(Logical_Router_Policy) added in
OVN-NB schema. New "ovn-nbctl" commands to add/delete/list PBR policies.
* Support for Transport Zones, a way to separate chassis into
logical groups which results in tunnels only been formed between
members of the same transport zone(s).
* Support for IGMP Snooping and IGMP Querier.
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
- Linux datapath:
* Support for the kernel versions 4.19.x and 4.20.x.
* Support for the kernel version 5.0.x.
* Add support for conntrack zone-based timeout policy.
- 'ovs-dpctl dump-flows' is no longer suitable for dumping offloaded flows.
'ovs-appctl dpctl/dump-flows' should be used instead.
- Add L2 GRE tunnel over IPv6 support.
v2.11.0 - 19 Feb 2019
---------------------
- OpenFlow:
* OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
- ovs-ofctl:
* "mod-table" command can now change OpenFlow table names.
- ovn:
* OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
* New support for IPSEC encrypted tunnels between hypervisors.
* ovn-ctl: allow passing user:group ids to the OVN daemons.
* IPAM/MACAM:
- add the capability to dynamically assign just L2 addresses
- add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
- DPDK:
* Add support for DPDK 18.11
* Add support for port representors.
- Userspace datapath:
* Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
* Add support for Auto load balancing of PMDs (experimental)
* Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
- Add 'symmetric_l3' hash function.
- OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
- ovs-vswitchd:
* New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
- The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
- The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
- The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
- RHEL packaging:
* OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Linux datapath:
* Support for the kernel versions 4.16.x, 4.17.x, and 4.18.x.
v2.10.0 - 18 Aug 2018
---------------------
- ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
- ovs-vswitchd:
* New options --l7 and --l7-len to "ofproto/trace" command.
* Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
* The "null" interface type, deprecated since 2013, has been removed.
* Add minimum network namespace support for Linux.
* New command "lacp/show-stats"
- ovs-ofctl:
* ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
- ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
- ovs-dpctl:
* New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
- OpenFlow:
* OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
* OpenFlow 1.5 extensible statistics (OXS) now implemented.
* New OpenFlow 1.0 extensions for group support.
* Default selection method for select groups is now dp_hash with improved
accuracy.
- Linux datapath
* Add support for compiling OVS with the latest Linux 4.14 kernel.
* Added support for meters.
* Add support for conntrack zone limit.
- ovn:
* Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
* ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
applied directly to Port_Groups as well.
* ovn-nbctl can now run as a daemon (long-lived, background process).
See ovn-nbctl(8) for details.
- DPDK:
* New 'check-dpdk' Makefile target to run a new system testsuite.
See Testing topic for the details.
* Add LSC interrupt support for DPDK physical devices.
* Allow init to fail and record DPDK status/version in OVS database.
* Add experimental flow hardware offload support
* Support both shared and per port mempools for DPDK devices.
- Userspace datapath:
* Commands ovs-appctl dpif-netdev/pmd-*-show can now work on a single PMD
* Detailed PMD performance metrics available with new command
ovs-appctl dpif-netdev/pmd-perf-show
* Supervision of PMD performance metrics and logging of suspicious
iterations
* Add signature match cache (SMC) as experimental feature. When turned on,
it improves throughput when traffic has many more flows than EMC size.
- ERSPAN:
* Implemented ERSPAN protocol (draft-foschiano-erspan-00.txt) for
both kernel datapath and userspace datapath.
* Added port-based and flow-based ERSPAN tunnel port support, added
OpenFlow rules matching ERSPAN fields. See ovs-fields(7).
- ovs-pki
* ovs-pki now generates x.509 version 3 certificate. The new format adds
subjectAltName field and sets its value the same as common name (CN).
v2.9.0 - 19 Feb 2018
--------------------
- NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* Add ttl field.
* Add a new action dec_nsh_ttl.
* Enable NSH support in kernel datapath.
- OVSDB has new, experimental support for database clustering:
* New high-level documentation in ovsdb(7).
* New file format documentation for developers in ovsdb(5).
* Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
* ovsdb-server now supports online schema conversion via
"ovsdb-client convert".
* ovsdb-server now always hosts a built-in database named _Server. See
ovsdb-server(5) for more details.
* ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
and "wait" commands. New --timeout option.
* ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
"db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
"schema-name", "compare-versions", and "check-cluster" commands.
* ovsdb-server: New ovs-appctl commands for managing clusters.
* ovs-sandbox: New support for clustered databases.
- ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
- No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
- OVN:
* The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
* IPv6
- Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
- Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
* Add support for QoS bandwidth limit with DPDK.
* ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
- OpenFlow:
* ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- Linux kernel 4.13
* Add support for compiling OVS with the latest Linux 4.13 kernel
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
- No longer send packets to the Linux TAP device if it's DOWN unless it is
in another networking namespace.
- DPDK:
* Add support for DPDK v17.11
* Add support for vHost IOMMU
* New debug appctl command 'netdev-dpdk/get-mempool-info'.
* All the netdev-dpdk appctl commands described in ovs-vswitchd man page.
* Custom statistics:
- DPDK physical ports now return custom set of "dropped", "error" and
"management" statistics.
- ovs-ofctl dump-ports command now prints new of set custom statistics
if available (for OpenFlow 1.4+).
* Switch from round-robin allocation of rxq to pmd assignments to a
utilization-based allocation.
* New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
pmd assignments.
* Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
* Add support for vHost dequeue zero copy (experimental).
- Userspace datapath:
* Output packet batching support.
- vswitchd:
* Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
* Configuring a controller, or unconfiguring all controllers, now deletes
all groups and meters (as well as all flows).
- New --enable-sparse configure option enables "sparse" checking by default.
- Added additional information to vhost-user status.
v2.8.0 - 31 Aug 2017
--------------------
- ovs-ofctl:
* ovs-ofctl can now accept and display port names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
- New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
- Tunnels:
* Added support to set packet mark for tunnel endpoint using
`egress_pkt_mark` OVSDB option.
* When using Linux kernel datapath tunnels may be created using rtnetlink.
This will allow us to take advantage of new tunnel features without
having to make changes to the vport modules.
- EMC insertion probability is reduced to 1% and is configurable via
the new 'other_config:emc-insert-inv-prob' option.
- DPDK:
* DPDK log messages redirected to OVS logging subsystem.
Log level can be changed in a usual OVS way using
'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed
in an upcoming release.
* Support for DPDK v17.05.1.
- IPFIX now provides additional counters:
* Total counters since metering process startup.
* Per-flow TCP flag counters.
* Multicast, broadcast, and unicast counters.
- New support for multiple VLANs (802.1ad or "QinQ"), including a new
"dot1q-tunnel" port VLAN mode.
- In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
abbreviated to 4 hex digits.
- Userspace Datapath:
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
- OVN:
* New built-in DNS support.
* IPAM for IPv4 can now exclude user-defined addresses from assignment.
* IPAM can now assign IPv6 addresses.
* Make the DHCPv4 router setting optional.
* Gratuitous ARP for NAT addresses on a distributed logical router.
* Allow ovn-controller SSL configuration to be obtained from vswitchd
database.
* ovn-trace now has basic support for tracing distributed firewalls.
* In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
abbreviated to 4 hex digits.
* "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
to logical flows.
* Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
* Multiple chassis may now be specified for L3 gateways. When more than
one chassis is specified, OVN will manage high availability for that
gateway.
* Add support for ACL logging.
* ovn-northd now has native support for active-standby high availability.
- Tracing with ofproto/trace now traces through recirculation.
- OVSDB:
* New support for role-based access control (see ovsdb-server(1)).
- New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
- OpenFlow:
* All features required by OpenFlow 1.4 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware
pipeline (PTAP).
* Added generic encap and decap actions (EXT-382).
First supported use case is encap/decap for Ethernet.
* Added NSH (Network Service Header) support in userspace
Used generic encap and decap actions to implement encapsulation and
decapsulation of NSH header.
IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
* Conntrack state is only available to the processing path that
follows the "recirc_table" argument of the ct() action. Starting
in OVS 2.8, this state is now cleared for the current processing
path whenever ct() is called.
- Fedora Packaging:
* OVN services are no longer restarted automatically after upgrade.
* ovs-vswitchd and ovsdb-server run as non-root users by default.
- Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
- L3 tunneling:
* Use new tunnel port option "packet_type" to configure L2 vs. L3.
* In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
payload.
* New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
* New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
- The BFD detection multiplier is now user-configurable.
- Add experimental support for hardware offloading
* HW offloading is disabled by default.
* HW offloading is done through the TC interface.
- IPv6 link local addresses are now supported on Linux. Use % to designate
the scope device.
v2.7.0 - 21 Feb 2017
---------------------
- Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
- OVN:
* QoS is now implemented via egress shaping rather than ingress policing.
* DSCP marking is now supported, via the new northbound QoS table.
* IPAM now supports fixed MAC addresses.
* Support for source IP address based routing.
* ovn-trace:
- New --ovs option to also print OpenFlow flows.
- put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
* Support for managing SSL and remote connection configuration in
northbound and southbound databases.
* TCP connections to northbound and southbound databases are no
longer enabled by default and must be explicitly configured.
See documentation for ovn-sbctl/ovn-nbctl "set-connection"
command or the ovn-ctl "--db-sb-create-insecure-remote" and
"--db-nb-create-insecure-remote" command-line options for
information regarding remote connection configuration.
* New appctl "inject-pkt" command in ovn-controller that allows
packets to be injected into the connected OVS instance.
* Distributed logical routers may now be connected directly to
logical switches with localnet ports, by specifying a
"redirect-chassis" on the distributed gateway port of the
logical router. NAT rules may be specified directly on the
distributed logical router, and are handled either centrally on
the "redirect-chassis", or in many cases are handled locally on
the hypervisor where the corresponding logical port resides.
Gratuitous ARP for NAT addresses on a distributed logical
router is not yet supported, but will be added in a future
version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
- OpenFlow:
* OFPT_PACKET_OUT messages are now supported in bundles.
* A new "selection_method=dp_hash" type for OpenFlow select group
bucket selection that uses the datapath computed 5-tuple hash
without making datapath flows match the 5-tuple fields, which
is useful for more efficient load balancing, for example. This
uses the Netronome extension to OpenFlow 1.5+ that allows
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
* The "sample" action now supports "ingress" and "egress" options.
* The "ct" action now supports the TFTP ALG where support is available.
* New actions "clone" and "ct_clear".
* The "meter" action is now supported in the userspace datapath.
- ovs-ofctl: