Current Series Release Notes

25.0.0.0b1-46

New Features

  • Neutron API RBAC policies now support by default the project MANAGER role. Please refer to the community goal for more information.

  • Added a new configuration option called broadcast_arps_to_all_routers to the [ovn] config section. This option is responsible for configuring the external networks with the broadcast-arps-to-all-routers config option available in OVN 23.06 and newer. By enabling this option (default) OVN will flood ARP requests to all attached ports on a network. If disabled, ARP requests are only sent to routers on that network if the target MAC address matches. ARP requests that do not match a router will only be forwarded to non-router ports.

  • Added a new process called neutron-ovn-maintenance-worker. This process is spawned when using the ML2/OVN mechanism driver and Neutron API WSGI module. It executes the maintenance task needed by the ML2/OVN mechanism driver to sync the Neutron and OVN databases.

  • Added a new process called neutron-periodic-workers. This process is spawned when using the Neutron API WSGI module with any mechanism driver. It executes the ML2 plugin periodic workers that are collected by an instance of the class AllServicesNeutronWorker and executed as threads on a single worker.

Deprecation Notes

  • Removed the maintenance method remove_duplicated_chassis_registers. This method is no longer needed since OVN 21.03.0. For more information, see the bug 2073613.

25.0.0.0b1

New Features

  • A new module, neutron.wsgi, has been added as a place to gather WSGI application objects. This is intended to ease deployment by providing a consistent location for these objects. For example, if using uWSGI then instead of:

    [uwsgi]
wsgi-file = /bin/neutron-api

    You can now use:

    [uwsgi]
module = neutron.wsgi.api:application

    This also simplifies deployment with other WSGI servers that expect module paths such as gunicorn.

  • Remote address group support was added to the iptables-based firewall drivers (IptablesFirewallDriver and OVSHybridIptablesFirewallDriver), Previously it was only available in the OVSFirewallDriver. For more information, see bug 2058138.

  • OVN routers can be attached to tunnelled external gateway networks. The Logical Router is pinned to a gateway chassis, instead of the gateway Logical Router Port. The mechanism driver monitors the status of the gateway chassis to re-schedule the Logical Router in case of failure, providing high availability.

Deprecation Notes

  • Removed the support for Windows OS.

Bug Fixes

  • Cleaned non-harmful stack trace errors from DNS integration plugin. This prevents the logs from filling with stack traces where error log messages would have been sufficient.

Other Notes

  • In some of previous versions of Neutron, it was not possible to create or delete a trunk port if it was bound to a parent port when using ML2/OVN driver. This restriction has been removed in this release. ML2/OVS driver still has this restriction due to backend limitations.

  • Neutron uses a new algorithm to compare the differences between security group rules in Neutron and ACLs in OVN. Before comparison, the data is sorted according to the security group rule ID, then the two ordered arrays are compared. This increases efficiency when larger sets of rules need to be synchronized.

  • Enhance error handling in the Neutron metadata service for cases when the Nova metadata service is unavailable, ensuring correct HTTP status codes are returned.