Current Series Release Notes

New Features

  • Add support for port ranges in the port forwarding rules. The supported ranges are N:M with N <= M. Also, the ranges of internal and external ports relation must be: internal range = external range or internal range = 1.

  • Support for IPv6 NDP proxy has been added. Read the related specification for more details.

  • Support for baremetal provisioning using OVN’s built-in DHCP server has been added for IPv4.

  • OVN mechanism driver refuses to bind a port to a dead agent.

  • Added support for router gateway IP QoS in OVN backend. The L3 OVN router plugin now can apply router QoS policy rules on the router gateway port.

  • Ovn configuration items “ovn_nb_connection” and “ovn_sb_connection” can set multiple addresses separated by commas. Setting NB/SB “connection” inactivity probe can also work well, if multiple connection be specified.

  • Added a new configuration variable, in [OVS] section, to control the OVS OpenFlow rule processing operations when using the OVS native firewall driver (securitygroup.firewall_driver=openvswitch):

    • openflow_processed_per_port: by default “False”. If enabled, all OpenFlow rules associated to a port will be processed at once, in a single transaction. If disabled, the flows will be processed in batches of “AGENT_RES_PROCESSING_STEP=100” number of OpenFlow rules.

  • If uplink-status-propagation extension is enabled, all existing ports before enabling it will have the flag “propagate_uplink_status” enabled by default. This is aligned with the aim of an administrator that enables this extension. Now only new ports can be created with this flag disabled.

  • Gateway IP QoS network inheritance is now available for OVN L3 plugin QoS extension. If the router external network (gateway network) has a QoS policy associated, the gateway IP port will inherit the network QoS policy.

  • QoS rule type list accepts two filter flags:

    • all_supported: if True, the listing call will print all QoS rule types supported by at least one loaded mechanism driver.

    • all_rules: if True, the listing call will print all QoS rule types supported by the Neutron server.

    Both filter flags are exclusive and not required.

  • Enabled DbQuotaDriverNull as production ready database quota driver. This driver does not have access to the database and will return empty values to the request queries. This driver can be used to override the Neutron quota engine.

Upgrade Notes

  • Previously deprecated configuration option allow_overlapping_ips is now removed.

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

  • A new configuration option called [ovn]/disable_ovn_dhcp_for_baremetal_ports has been added to ML2/OVN for IPv4. Since PXE booting nodes can be very sensitive depending on the hardware and some operators may prefer to use a fully-fledged DHCP server instead of OVN’s DHCP server this option allows for disabling OVN’s built-in DHCP server for baremetal ports (vnic type “baremetal”) when set to True. It defaults to False.

Bug Fixes

  • 1942329 Port binding logic for direct-physical ports has been extended to allow providing the MAC address of the physical device via the binding profile. If it is provided then Neutron overwrites the value of the device_mac_address field of the port object in the database with the value from the active binding profile. If there are ports bound before the nova side of this fix is depolyed then the VM using the port needs to be moved or the port needs to be detached and re-attached to force nova to provide the MAC address of the direct-physical port in the port binding.

Other Notes

  • The OVN migration performs validation by default. This validation means an instance is spawned and is tested by simple ping after the migration is finished. Also it tries to create new workload post migration. This is useful for very simple scenarios when migration is tested but is not really useful in production since likely the production envrionments already have running workloads. It makes more sense to require the validation explicitly rather than implicitly run it as the migration is mostly intended for production. The VALIDATE_MIGRATION now defaults to False and needs to be changed to True if validation upon request.

  • From now on, gateway interface will be kept up on all nodes where HA router is hosted, regardless of their state (active or standby). For more information see bug 1952907.

  • OVN driver reverted to using stateful NAT for floating IP implementation. The previous switch to stateless didn’t materialize the expected performance benefits and instead introduced problems with potential hardware offloading.