Current Series Release Notes

15.0.0.0rc1-203

New Features

  • Add new configuration option igmp_snooping_enable. New option is in OVS config section and is used by openvswitch agent. This option is used to enable support for Internet Group Management Protocol (IGMP) in integration bridge.

  • A new configuration option, cleanup_on_shutdown, was added to the L3 agent. If set to True the L3 agent will explicitly delete all routers on shutdown. For L3 HA routers it includes a graceful shutdown of keepalived and the state change monitor, which will allow a faster failover in certain conditions. The default value of cleanup_on_shutdown is False to maintain backward compatibility. Setting to True could affect the data plane when stopping or restarting the L3 agent.

  • The subnet-dns-publish-fixed-ip extension adds a new attribute to the definition of the subnet resource. When set to true it will allow publishing DNS records for fixed IPs from that subnet independent of the restrictions described in the DNS integration with an external service documentation.

Upgrade Notes

  • Python 2.7 support has been dropped. The minimum version of Python now supported by Neutron is Python 3.6.

  • For users affected by bug 1853840 the hypervisor name now can be set per physical network device in config option resource_provider_hypervisors which is located in the [ovs] ini-section for ovs-agent and [sriov_nic] ini-section for sriov-agent. Hypervisor names default to socket.gethostname() which works out of the box with libvirt even when the DEFAULT.host config option is set to a non-default value.

  • The network mtu attribute is set to be non-nullable. If the mtu is empty(create before Pike version), it is set to the default value of 1500.

  • Config option agent_type, which has been deprecated since Mitaka, is now removed. Agents should now use hardcoded values for agent type.

  • A security group rule added for the entire port range, for example, TCP ports 1-65535, is not optimal for backends that implement the rule. Rules like this will now automatically be converted to apply to the procotol itself, in other words, all TCP - the port ranges will be ignored. See bug 1848213 for more details.

  • SR-IOV agent code no longer supports old kernels (<3.13) for MacVtap ports. This change is not expected to affect existing deployments since most OS distributions already have the relevant kernel patches. In addition, latest major release of all Supported distributions already have a newer kernel.

Bug Fixes

  • Bug https://bugs.launchpad.net/neutron/+bug/1732067 described a flooding issue on the neutron-ovs-agent integration bridge. And bug https://bugs.launchpad.net/neutron/+bug/1841622 proposed a solution for it. The accepted egress packets will be taken care in the final egress tables (61 when openflow firewall is not enabled, table 94 otherwise) with direct output flows for unicast traffic with a minimum influence on the existing cloud networking. A new config option explicitly_egress_direct, with default value False, was added for the aim of distinguishing clouds which are running the network node mixed with compute services, upstream neutron CI should be an example. In such situation, this explicitly_egress_direct should be set to False, because there are numerous cases from HA routers which can not be covered, particularly when you have centralized floating IPs running in such mixed hosts. Otherwise, set explicitly_egress_direct to True to avoid the flooding. One more note is if your network nodes are for networing services only, we recommand you disable all the security_group to get a higher performance.

  • When listing ports using the openstack port list --mac-address A:B:C:D:E:F command we might not return any result when trying to list ports by MAC address if the cases differ. This fix makes the search based on MAC address case insensitive. For more information see bug 1843428.

  • When updating the fixed-ips of a port residing on a routed provider network the port update would always fail if host was not set. See bug: 1844124.

  • Neutron now locates the root resource provider of the resource provider tree it creates by using the hypervisor name instead of the hostname. These are different in rare cases only. The hypervisor name can be set per physical network device in config option resource_provider_hypervisors which is located in the [ovs] ini-section for ovs-agent and [sriov_nic] ini-section for sriov-agent. Hypervisor names default to socket.gethostname() which works out of the box with libvirt even when the DEFAULT.host config option is set to a non-default value. We believe this change fixes bug 1853840.

  • Neutron currently does not fully respect the network-auto-schedule configuration option. If the network-auto-schedule option is set to False, the network - a) Is still scheduled on the DHCP agent when it is created b) Is scheduled on a new DHCP agent if the old DHCP mapping is removed by the user/admin. It is especially necessary where the Network Backends provide DHCP directly. This has been fixed now and if the network-auto-schedule is set to False in the config file, networks would not be automatically scheduled to the DHCP Agents. If mapping/scheduling is required, it can be done manually or by setting the network-auto-schedule to True.

  • Owners of security groups now see all security group rules which belong to the security group, even if the rule was created by the admin user. Fixes bug 1824248.

Other Notes

  • Added QoS support for direct ports in neutron. The support requires Open vSwitch 2.11.0 or newer and is based on Linux kernel 5.4.0 or newer. [bug 1843165].

  • When the enable_distributed_routing (DVR) configuration option is set to True and tunneling is enabled, the arp_responder option will be forced to True since it is now required in order for ARP to work properly. For more information, see bug 1774459.

  • A new config option, radvd_user, was added to l3_agent.ini for the L3 agent. This option defines the username passed to radvd, used to drop “root” privileges and change user ID to username and group ID to the primary group of the user. If no user specified (by default), the user executing the L3 agent will be passed. If “root” specified, because radvd is spawned as root, no “username” parameter will be passed. (For more information see bug 1844688.)