Current Series Release Notes¶
25.0.0.0rc1-79¶
New Features¶
Add support for the
address-group
in the OVN mechanism driver.
Since Epoxy (2025.1) release, the Neutron quota engine always checks the current resource usage before updating the quota limits. Only when the CLI “–force” parameter is passed, this check is skipped. That aligns the Neutron quota engine behaviour with other projects.
Upgrade Notes¶
The
ovn_emit_need_to_frag
option for OVN is now enabled by default. This may result in performance issues on older kernels (older than 5.2). If you are still using an old kernel, you may consider setting it toFalse
.
The
allow_stateless_action_supported
configuration option for OVN is removed. Thestateful-security-group
API is now unconditionally enabled. Please upgrade OVN to 21.06.0 or a later version.
The migration tool for TripleO deployments has been removed, because TripleO project has been retired.
Deprecation Notes¶
The
ovn_emit_need_to_frag
option is now deprecated for removal. The config option will removed in the2026.1
release.
The Neutron quota commands now always check the resource limits. The CLI parameter “–check-limits” is no longer needed, as this is the default behaviour.
Bug Fixes¶
Add special treatment for the keyword
any
in the security group rule API protocol field to match what is documented in the api-ref itself. It is already supported in the client, whereany
is simply changed toNone
, so do the same in the API itself. For more information, see bug 2074056.
Liberal TCP connection tracking is now enabled in SNAT namespaces, (
sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1
).In some cases, when a TCP connection that is NAT-ed ends up re-transmitting, a packet could be outside what the Linux kernel connection tracking considers part of the valid TCP window. When this happens, a TCP Reset (RST) is triggered, terminating the connection on the sender side, while leaving the receiver side (the Neutron port attached VM) hanging.
Since a number of firewall vendors typically turn this on by default to avoid unnecessary resets, we now do it in the Neutron router as well.
See bug 1804327 for more information.
Fixes an issue when associating floating IPs to OVN load balancers. See LP#2068644 for more details.