Yoga Series Release Notes¶
Address scope is now added to all OVN LSP port registers in the northbound. Northd then writes the address scope from the northbound to the southbound so it can be used there by the ovn-bgp-agent.
After the port is considered as provisioned, the Nova port binding update could have not been received, leaving the port as not bound. Now the port provisioning method has an active wait that will retry several times, waiting for the port binding update. If received, the port status will be set as active if the admin state flag is set.
Core OVN now can set the destination host on the logical switch port during a live migration. That allows to prepare the destination host earlier, achieving a quicker live migration and a lower downtime during the switch between hosts. Neutron includes this information in the port options.
A new script to remove the duplicated port bindings was added. This script will list all
ml2_port_bindingsrecords in the database, finding those ones with the same port ID. Then the script removes those ones with status=INACTIVE. This script is useful to remove those leftovers that remain in the database after a failed live migration. It is important to remark that this script should not be executed during any live migration process.
use_random_fullysetting to allow an operator to disable the iptables random-fully property on an iptable rules.
use_random_fullysetting is disabled, it will prevent random fully from being used and if there’re 2 guests in different networks using the same source_ip and source_port and they try to reach the same dest_ip and dest_port, packets might be dropped in the kernel do to the racy tuple generation . Disabling this setting should only be done if source_port is really important such as in network firewall ACLs and that the source_ip are never repeating within the platform.
The default value for the
metadata_workersconfiguration option has changed to 0 for the ML2/OVN driver. Since [OVN] Allow to execute “MetadataProxyHandler” in a local thread, the OVN metadata proxy handler can be spawned in the same process of the OVN metadata agent, in a local thread. That reduces the number of OVN SB database connections to one.
Fixes an issue in the ML2/OVN driver where the network segment tag was not being updated in the OVN Northbound database. For more information, see bug 1944708.
Neutron can record full connection using log-related feature introduced in OVN 21.12. For more info see bug LP#<https://bugs.launchpad.net/neutron/+bug/2003706>
Since OVN 20.06, the “Chassis” register configuration is stored in the “other_config” field and replicated into “external_ids”. This replication is stopped in OVN 22.09. The ML2/OVN plugin tries to retrieve the “Chassis” configuration from the “other_config” field first; if this field does not exist (in OVN versions before 20.06), the plugin will use “external_ids” field instead. Neutron will be compatible with the different OVN versions (with and without “other_config” field).
OVN mechanism driver refuses to bind a port to a dead agent.
OVN driver reverted to using stateful NAT for floating IP implementation. The previous switch to stateless didn’t materialize the expected performance benefits and instead introduced problems with potential hardware offloading.
Add the shared field to security group API responses and support using shared as a query filter. For more information see bug 1942615.
Neutron now supports the placement enforcement for the guaranteed minimum bandwidth QoS rule type with direct-phyisical vnic_type as well. The data plane enforcement of such rule and vnic_type combination is still not supported.
request_bodyfield to router callback event payloads. The field record the origin request body from user.
BEFORE_UPDATEcallback event for router gateway.
Local IP - a virtual IP that can be shared across multiple ports/VMs (similar to anycast IP) and is guaranteed to only be reachable within the same physical server/node boundaries. The feature is primarily focused on high efficiency and performance of the networking data plane for very large scale clouds and/or clouds with high network throughput demands.
Added two new API methods to
get_resource_usagereturns the current resource usage.
quota_limit_checkchecks the current resource usage of several resources against a set of deltas (a dictionary of resource names and resource counters).
Add support for VNIC type
remote-managedin OVN. The OVN driver can now bind remote managed ports to SmartNIC DPUs. SmartNIC DPU portbinding requires OVN version 21.12 or above, compiled with OVN VIF version 21.12 or above.
Since this version, the support for stateless security groups is mandatory. The minimum OVN NB schema version must be 5.17.
Virtual ports are supported in OVN since version 2.12. Since Yoga, this support is mandatory. The minimum OVN SB schema version must be 2.5.
Report packet processing capacity on the OVS agent resource provider as the new
NET_PACKET_RATE_IGR_KILOPACKET_PER_SECresource inventory. This is similar to how the bandwidth resource is reported today. The former is used for non-hardware-offloaded OVS deployments, where packets processed from both ingress and egress directions are handled by the same set of CPU cores. Remaining inventories are used for hardware-offloaded OVS, where the incoming and outgoing packets are handled by independent hardware resources.
Added port-resource-request-groups API extension, that provides support for the new format of port’s
binding:profile.allocationattributes. The new format allows to request multiple groups of resources and traits from the same RP subtree.
Assigning a new
minimum_packet_raterule to an
already bound portupdates the allocation in Placement.
NOTE: Placement allocation update is not supported if original QoS policy had no
minimum_packet_raterule. Changing from direction-less
minimum_packet_raterule to a direction-oriented
minimum_packet_raterule is not supported.
New configuration options for neutron-ovs-agent under section
resource_provider_packet_processing_without_directioncontrols the minimum packet rate the OVS backend can guarantee in kilo (1000) packet per second.
resource_provider_packet_processing_with_directionis similar to the first option, but used in case the OVS backend has hardware offload capabilities. The last option can be used to tune the other fields (
step_size) of resource provider inventories.
Floating IP QoS network inheritance is now available for OVN L3 plugin QoS extension. If a network, hosting a floating IP, has a QoS associated, the floating IP addresses will inherit the network QoS policy and will apply on the OVN backend.
qos-pps-minimum-rule-aliasAPI extension to enable GET, PUT and DELETE operations on QoS minimum packet rate rule without specifying policy ID.
Enabled placement enforcement for QoS minimum packet rate rule in OVS backend.
Added new API extension to QoS service plugin to support CRUD operations for minimum packet rate rule in Neutron server.
Added a check to verify if all rows of
ml2_port_bindingstable in the DB are using the new format for
profilecolumn. This check is part of upgrade check, that can be executed with
neutron-status upgrade checkcommand. If some rows are using obsolete format, they can be sanitized with a script that can be executed with
A unique constraint for (network_id, network_type, physical_network) is added to the networksegments table. This was done to prevent race conditions on dynamic segment allocation. Operators having networks with multiple segments (e.g. when using hierarchical portbinding) should check that this constraint is not violated with the included upgrade-check.
allow_overlapping_ipsis deprecated for removal now. Default value for that option is now changed to the
Truein the default IPAM module of Neutron, as the only reason it was defaulting to
Falsewas to keep compatibility with Nova security group code that was removed already. The config option itself will removed in the
[agent] veth_mtuparameter of ML2 OVS mechanism driver configuration has been deprecated. This parameter has had no effect since the Wallaby release.
Changes the API behaviour while using OVN driver to enforce that it’s not possible to delete all the IPs from a router port. For more info see bug LP#1948457
Support for the extensions
subnet_dns_publish_fixed_ipbelonging to the DNS integration is now properly announced by the OVN driver. See bug 1947127
For IPv4 subnets when dns_nameservers is not set in the subnet, servers defined in ‘ovn/dns_servers’ config option or system’s resolv.conf are used, but for IPv6 subnets these are not used. The same will now be used for IPv6 subnets too. Additionally dns servers added in ‘ovn/dns_servers’ config option or system’s resolv.conf will be filtered as per the subnet’s IP version. For more info see the bug report 1951816.
Fixes bug 1943724.
The agent reporting state to the server now uses a RPC timeout set to the report_interval configuration option value. See 1948676.
plug_newfrom the neutron.agent.linux.interface.LinuxInterfaceDriver now has additional positional argument
link_up. Usage of this method without
link_upis now not possible. Third-party drivers which inherit from this base class now have to update the implementation of their
Class “PortBindingMixin” is removed. Last time this class was used in-tree was in Kilo release, in “N1kvNeutronPluginV2” and “SdnvePluginV2” classes. No active project is using it anymore. Table “portbindingports” is dropped from the database; it was used only in “PortBindingMixin”.
Any L3 agent extension must inherit from
L3AgentExtensionsManagermakes this check during the initial loading. A
L3ExtensionExceptionwill be raised if the condition is not met.
New service plugin and openvswitch agent extension could be configured in order to enable Local IP feature:
OVN mechanism driver allows only to have one physical network per bridge.
It is assumed now that OVN supports Northbound table
Port_Groupby default. This table was added in the DB schema version 5.11. A sanity check is included if OVN is defined in
OVN driver now uses stateless NAT for floating IP implementation. This allows to avoid hitting conntrack, potentially improving performance and also allowing to offload NAT rules to hardware.