Current Series Release Notes

3.24.0-16

New Features

  • New extension pvlan: Adds support for Private VLANs (PVLANs), enabling a new way of port isolation within a shared VLAN. With PVLAN, users can define networks that allow selective communication between ports using modes such as promiscuous, isolated, and community. The extension introduces new port and network attributes: pvlan_type, pvlan_community, and pvlan.

Upgrade Notes

  • Now all service plugins, inheriting from ServicePluginBase class, will have the extension “filter-validation” enabled by default. That enforces the API filter validation in the queries, returning a HTTPBadRequest in case of using an invalid attribute. This extension can be enabled or disabled using the Neutron configuration variable [DEFAULT]filter_validation.

  • Added new vpn-no-sha1-3des API extension that removes the deprecated sha1 authentication algorithm and 3des encryption algorithm from the VPN API. When this extension is loaded, the default auth_algorithm for IKE and IPsec policies changes from sha1 to sha256.

Deprecation Notes

  • A new method was added to the TypeDriver and ML2TypeDriver API classes called allocate_project_segment. It take the same arguments as allocate_tenant_segment just uses a different name. By default, it calls the allocate_tenant_segment method to avoid any compatibility issues, but callers are expected to change to the new method, after which allocate_tenant_segment will be deprecated.

  • The sha1 authentication algorithm and 3des encryption algorithm are deprecated for VPN IKE and IPsec policies. Operators should use the vpn-no-sha1-3des API extension to enforce the use of stronger algorithms.

Bug Fixes

  • Fixed API reference documentation for port binding activation and deletion endpoints. The host parameter is now correctly documented as a path parameter instead of a body parameter for the following endpoints:

    • PUT /v2.0/ports/{port_id}/bindings/{host}/activate

    • DELETE /v2.0/ports/{port_id}/bindings/{host}

    This fixes the issue where clients (like openstacksdk) were incorrectly sending the host parameter in both the path and the body, causing a TypeError. For more information see bug 2146294

Other Notes

  • API policy rules SERVICE, ADMIN, PROJECT_MANAGER, PROJECT_MEMBER, PROJECT_READER, ADMIN_OR_SERVICE, ADMIN_OR_PROJECT_MANAGER, ADMIN_OR_PROJECT_MEMBER, ADMIN_OR_PROJECT_READER, RULE_PARENT_OWNER, PARENT_OWNER_MANAGER, PARENT_OWNER_MEMBER, PARENT_OWNER_READER, ADMIN_OR_PARENT_OWNER_MANAGER, ADMIN_OR_PARENT_OWNER_MEMBER, ADMIN_OR_PARENT_OWNER_READER are moved from neutron.conf.policy.base module to neutron_lib and are now available in neutron_lib.policy.rules module.