Liberty Series Release Notes


Upgrade Notes

  • A new option ha_keepalived_state_change_server_threads has been added to configure the number of concurrent threads spawned for keepalived server connection requests. Higher values increase the CPU load on the agent nodes. The default value is half of the number of CPUs present on the node. This allows operators to tune the number of threads to suit their environment. With more threads, simultaneous requests for multiple HA routers state change can be handled faster.



Allowed address pairs can now be cleared by passing None in addition to an empty list. This is to make it possible to use the –action=clear option with the neutron client. neutron port-update <uuid> –allowed-address-pairs action=clear

Support for MTU selection and advertisement.

New Features

  • Use the value of the network ‘mtu’ attribute for the MTU of virtual network interfaces such as veth pairs, patch ports, and tap devices involving a particular network.

  • Enable end-to-end support for arbitrary MTUs including jumbo frames between instances and provider networks by moving MTU disparities between flat or VLAN networks and overlay networks from layer-2 devices to layer-3 devices that support path MTU discovery (PMTUD).

  • When advertise_mtu is set in the config, Neutron supports advertising the LinkMTU using Router Advertisements.

Upgrade Notes

  • Does not change MTU for existing virtual network interfaces.

  • Actions that create virtual network interfaces on an existing network with the ‘mtu’ attribute containing a value greater than zero could cause issues for network traffic traversing existing and new virtual network interfaces.

Bug Fixes

  • Fixes bug 1537734

  • Explicitly configure MTU of virtual network interfaces rather than using default values or incorrect values that do not account for overlay protocol overhead.

  • The Linuxbridge agent now supports the ability to toggle the local ARP responder when L2Population is enabled. This ensures compatibility with the allowed-address-pairs extension. Closes bug 1445089.

Other Notes



ML2: ports can now recover from binding failed state.

New Features

  • Ports that failed to bind when an L2 agent was offline can now recover after the agent is back online.



An OVS agent configured to run in DVR mode will fail in case it can’t get proper DVR configs from server on start. Such agent will no longer fallback to non-DVR mode since it may lead to inconsistency in the DVR enabled cluster as Neutron server does not really distinguish DVR and non-DVR OVS agents.

Bug Fixes

  • Fix SR-IOV agent macvtap assigned VF check when linux kernel < 3.13



In Liberty, some changes were made to agent scheduling to enable a more flexible agent scheduling configuration.

During Liberty, some Neutron APIs and options were deprecated. This included the FWaaS API, the LBaaS V1 API, and the ‘external_network_bridge’ option for the L3 agent.

During Liberty, some plugins and drivers have been deprecated, including the metaplugin, the IBM SDN-VE plugin, the Cisco N1KV monolithic plugin, and the Embrane plugin.

IPv6 prefix delegation support was added to Neutron.

The LBaaS V2 API is no longer experimental. It is now stable.

Neutron now offers role base access control (RBAC) for networks.

The OVS agent had changes made to better handle restartability.

Certain performance enhancements when deploying Neutron with Ubuntu Trusty Tahr were found and should be used. Additionally, utilizing the Octavia Neutron-LBaaS driver has some performance considerations to be aware of during deployment.

Neutron now has a pluggable IP address management framework.

Neutron now exposes a QoS API, initially offering bandwidth limitation on the port level. See the QoS devref for additional information.

Neutron routers underwent some changes and enhancements during Liberty around L2 population integration, VPNaaS, and segmentation types.

New Features

  • Neutron now provides a way for admins to manually schedule agents, allowing host resources to be tested before they are enabled for tenant use.

  • Neutron now supports IPv6 Prefix Delegation for the automatic assignment of CIDRs to IPv6 subnets. For more information on the usage and configuration of this feature, see the OpenStack Networking Guide.

  • LBaaS V2 reference driver is now based on Octavia, an operator grade scalable, reliable Load Balancer platform.

  • The OVS agent may now be restarted without affecting data plane connectivity.

  • Pluggable IPAM enables the use of alternate or third-party IPAM.

  • The original, non-pluggable version of IPAM is enabled by default.

  • Router high availability (L3 HA / VRRP) now works when layer 2 population (l2pop) is enabled.

  • VPNaaS reference drivers now work with HA routers.

  • Networks used for VRRP traffic for HA routers may now be configured to use a specific segmentation type or physical network tag.

Known Issues

  • With regards to Neutron RBAC, an issue exists when trying to delete another tenant’s port on your own network if you are not an admin. This is being tracked with this bug.

  • The stock Ubuntu Trusty Tahr kernel (3.13) shows linear performance degradation when running “ip netns exec” as the number of namespaces increases. In cases where scale is important, a later version kernel (e.g. 3.19) should be used. This regression should be fixed in Trusty Tahr since 3.13.0-36.63 and later kernel versions. For more information, please see Launchpad bug 1328088.

  • Creating Neutron-LBaaS load balancers in environments without hardware virtualization may be slow when using the Octavia driver. This is due to QEMU using the TCG accelerator instead of the KVM accelerator in environments without hardware virtualization available. We recommend enabling hardware virtualization on your compute nodes, or enabling nested virtualization when using the Octavia driver inside a virtual environment. See this link explaining devstack with nested KVM for details on setting up nested virtualization for DevStack running inside KVM.

Bug Fixes

  • Launchpad Bug 1383674 has details on the agent restart fix which went into Liberty to address OVS agent restartability.

Other Notes

  • Start using reno to manage release notes.

  • The FWaaS API is marked as experimental for Liberty. Further, the current API will be removed in Mitaka and replaced with a new FWaaS API, which the team is in the process of developing.

  • The LBaaS V1 API is marked as deprecated and is planned to be removed in a future release. Going forward, the LBaaS V2 API should be used.

  • The ‘external_network_bridge’ option for the L3 agent has been deprecated in favor of a bridge_mapping with a physnet. For more information, see the Network Node section of this scenario in the networking guide.

  • The metaplugin is removed in the Liberty release.

  • The IBM SDN-VE monolithic plugin is removed in the Liberty release.

  • The Cisco N1kV monolithic plugin is removed in the Liberty release (replaced by the ML2 mechanism driver).

  • The Embrane plugin is deprecated and will be removed in the Mitaka release.

  • Please read the Neutron RBAC spec. for more information on how Neutron RBAC works and can be configured.