Current Series Release Notes

25.0.0.0rc1-79

New Features

  • Add support for the address-group in the OVN mechanism driver.

  • Since Epoxy (2025.1) release, the Neutron quota engine always checks the current resource usage before updating the quota limits. Only when the CLI “–force” parameter is passed, this check is skipped. That aligns the Neutron quota engine behaviour with other projects.

Upgrade Notes

  • The ovn_emit_need_to_frag option for OVN is now enabled by default. This may result in performance issues on older kernels (older than 5.2). If you are still using an old kernel, you may consider setting it to False.

  • The allow_stateless_action_supported configuration option for OVN is removed. The stateful-security-group API is now unconditionally enabled. Please upgrade OVN to 21.06.0 or a later version.

  • The migration tool for TripleO deployments has been removed, because TripleO project has been retired.

Deprecation Notes

  • The ovn_emit_need_to_frag option is now deprecated for removal. The config option will removed in the 2026.1 release.

  • The Neutron quota commands now always check the resource limits. The CLI parameter “–check-limits” is no longer needed, as this is the default behaviour.

Bug Fixes

  • Add special treatment for the keyword any in the security group rule API protocol field to match what is documented in the api-ref itself. It is already supported in the client, where any is simply changed to None, so do the same in the API itself. For more information, see bug 2074056.

  • Liberal TCP connection tracking is now enabled in SNAT namespaces, (sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1).

    In some cases, when a TCP connection that is NAT-ed ends up re-transmitting, a packet could be outside what the Linux kernel connection tracking considers part of the valid TCP window. When this happens, a TCP Reset (RST) is triggered, terminating the connection on the sender side, while leaving the receiver side (the Neutron port attached VM) hanging.

    Since a number of firewall vendors typically turn this on by default to avoid unnecessary resets, we now do it in the Neutron router as well.

    See bug 1804327 for more information.

  • Fixes an issue when associating floating IPs to OVN load balancers. See LP#2068644 for more details.