]>
Commit | Line | Data |
---|---|---|
1 | Post-v2.9.0 | |
2 | -------------------- | |
3 | - ovs-vswitchd: | |
4 | * New options --l7 and --l7-len to "ofproto/trace" command. | |
5 | * Previous versions gave OpenFlow tables default names of the form | |
6 | "table#". These are not helpful names for the purpose of accepting | |
7 | and displaying table names, so now tables by default have no names. | |
8 | * The "null" interface type, deprecated since 2013, has been removed. | |
9 | - ovs-ofctl: | |
10 | * ovs-ofctl now accepts and display table names in place of numbers. By | |
11 | default it always accepts names and in interactive use it displays them; | |
12 | use --names or --no-names to override. See ovs-ofctl(8) for details. | |
13 | - ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface". | |
14 | - OpenFlow: | |
15 | * OFPT_ROLE_STATUS is now available in OpenFlow 1.3. | |
16 | - Linux kernel 4.14 | |
17 | * Add support for compiling OVS with the latest Linux 4.14 kernel | |
18 | ||
19 | v2.9.0 - 19 Feb 2018 | |
20 | -------------------- | |
21 | - NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28). | |
22 | * Add ttl field. | |
23 | * Add a new action dec_nsh_ttl. | |
24 | * Enable NSH support in kernel datapath. | |
25 | - OVSDB: | |
26 | * New high-level documentation in ovsdb(7). | |
27 | * New file format documentation for developers in ovsdb(5). | |
28 | * Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7). | |
29 | * ovsdb-server now always hosts a built-in database named _Server. See | |
30 | ovsdb-server(5) for more details. | |
31 | * ovsdb-client: New "get-schema-cksum" and "query" commands. | |
32 | * ovsdb-client: New "backup" and "restore" commands. | |
33 | * ovsdb-client: New --timeout option. | |
34 | * ovsdb-tool: New "db-name" and "schema-name" commands. | |
35 | - ovs-vsctl and other commands that display data in tables now support a | |
36 | --max-column-width option to limit column width. | |
37 | - No longer slow-path traffic that sends to a controller. Applications, | |
38 | such as OVN ACL logging, want to send a copy of a packet to a | |
39 | controller while leaving the actual packet forwarding in the datapath. | |
40 | - OVN: | |
41 | * The "requested-chassis" option for a logical switch port now accepts a | |
42 | chassis "hostname" in addition to a chassis "name". | |
43 | * IPv6 | |
44 | - Added support to send IPv6 Router Advertisement packets in response to | |
45 | the IPv6 Router Solicitation packets from the VIF ports. | |
46 | - Added support to generate Neighbor Solicitation packets using the OVN | |
47 | action 'nd_ns' to resolve unknown next hop MAC addresses for the | |
48 | IPv6 packets. | |
49 | * ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb. | |
50 | - OpenFlow: | |
51 | * ct_clear action is now backed by kernel datapath. Support is probed for | |
52 | when OVS starts. | |
53 | - Linux kernel 4.13 | |
54 | * Add support for compiling OVS with the latest Linux 4.13 kernel | |
55 | - ovs-dpctl and related ovs-appctl commands: | |
56 | * "flush-conntrack" now accept a 5-tuple to delete a specific | |
57 | connection tracking entry. | |
58 | * New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands | |
59 | for userspace datapath. | |
60 | - No longer send packets to the Linux TAP device if it's DOWN unless it is | |
61 | in another networking namespace. | |
62 | - DPDK: | |
63 | * Add support for DPDK v17.11 | |
64 | * Add support for vHost IOMMU | |
65 | * New debug appctl command 'netdev-dpdk/get-mempool-info'. | |
66 | * All the netdev-dpdk appctl commands described in ovs-vswitchd man page. | |
67 | * Custom statistics: | |
68 | - DPDK physical ports now return custom set of "dropped", "error" and | |
69 | "management" statistics. | |
70 | - ovs-ofctl dump-ports command now prints new of set custom statistics | |
71 | if available (for OpenFlow 1.4+). | |
72 | * New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to | |
73 | pmd assignments. | |
74 | * Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'. | |
75 | * Add support for vHost dequeue zero copy (experimental) | |
76 | - Userspace datapath: | |
77 | * Output packet batching support. | |
78 | - vswitchd: | |
79 | * Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits. | |
80 | * Configuring a controller, or unconfiguring all controllers, now deletes | |
81 | all groups and meters (as well as all flows). | |
82 | - New --enable-sparse configure option enables "sparse" checking by default. | |
83 | - Added additional information to vhost-user status. | |
84 | ||
85 | v2.8.0 - 31 Aug 2017 | |
86 | -------------------- | |
87 | - ovs-ofctl: | |
88 | * ovs-ofctl can now accept and display port names in place of numbers. By | |
89 | default it always accepts names and in interactive use it displays them; | |
90 | use --names or --no-names to override. See ovs-ofctl(8) for details. | |
91 | * "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics. | |
92 | - New ovs-dpctl command "ct-stats-show" to show connection tracking stats. | |
93 | - Tunnels: | |
94 | * Added support to set packet mark for tunnel endpoint using | |
95 | `egress_pkt_mark` OVSDB option. | |
96 | * When using Linux kernel datapath tunnels may be created using rtnetlink. | |
97 | This will allow us to take advantage of new tunnel features without | |
98 | having to make changes to the vport modules. | |
99 | - EMC insertion probability is reduced to 1% and is configurable via | |
100 | the new 'other_config:emc-insert-inv-prob' option. | |
101 | - DPDK: | |
102 | * DPDK log messages redirected to OVS logging subsystem. | |
103 | Log level can be changed in a usual OVS way using | |
104 | 'ovs-appctl vlog' commands for 'dpdk' module. Lower bound | |
105 | still can be configured via extra arguments for DPDK EAL. | |
106 | * dpdkvhostuser ports are marked as deprecated. They will be removed | |
107 | in an upcoming release. | |
108 | * Support for DPDK v17.05.1. | |
109 | - IPFIX now provides additional counters: | |
110 | * Total counters since metering process startup. | |
111 | * Per-flow TCP flag counters. | |
112 | * Multicast, broadcast, and unicast counters. | |
113 | - New support for multiple VLANs (802.1ad or "QinQ"), including a new | |
114 | "dot1q-tunnel" port VLAN mode. | |
115 | - In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be | |
116 | abbreviated to 4 hex digits. | |
117 | - Userspace Datapath: | |
118 | * Added NAT support for userspace datapath. | |
119 | * Added FTP and TFTP support with NAT for userspace datapath. | |
120 | * Experimental NSH (Network Service Header) support in userspace datapath. | |
121 | - OVN: | |
122 | * New built-in DNS support. | |
123 | * IPAM for IPv4 can now exclude user-defined addresses from assignment. | |
124 | * IPAM can now assign IPv6 addresses. | |
125 | * Make the DHCPv4 router setting optional. | |
126 | * Gratuitous ARP for NAT addresses on a distributed logical router. | |
127 | * Allow ovn-controller SSL configuration to be obtained from vswitchd | |
128 | database. | |
129 | * ovn-trace now has basic support for tracing distributed firewalls. | |
130 | * In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be | |
131 | abbreviated to 4 hex digits. | |
132 | * "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond | |
133 | to logical flows. | |
134 | * Now uses OVSDB RBAC support to reduce impact of compromised hypervisors. | |
135 | * Multiple chassis may now be specified for L3 gateways. When more than | |
136 | one chassis is specified, OVN will manage high availability for that | |
137 | gateway. | |
138 | * Add support for ACL logging. | |
139 | * ovn-northd now has native support for active-standby high availability. | |
140 | * Add support for QoS bandwidth limt with DPDK. | |
141 | - Tracing with ofproto/trace now traces through recirculation. | |
142 | - OVSDB: | |
143 | * New support for role-based access control (see ovsdb-server(1)). | |
144 | - New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)). | |
145 | - OpenFlow: | |
146 | * All features required by OpenFlow 1.4 are now implemented, so | |
147 | ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to | |
148 | OpenFlow 1.0 to 1.3). | |
149 | * Increased support for OpenFlow 1.6 (draft). | |
150 | * Bundles now support hashing by just nw_src or nw_dst. | |
151 | * The "learn" action now supports a "limit" option (see ovs-ofctl(8)). | |
152 | * The port status bit OFPPS_LIVE now reflects link aliveness. | |
153 | * OpenFlow 1.5 packet-out is now supported. | |
154 | * Support for OpenFlow 1.5 field packet_type and packet-type-aware | |
155 | pipeline (PTAP). | |
156 | * Added generic encap and decap actions (EXT-382). | |
157 | First supported use case is encap/decap for Ethernet. | |
158 | * Added NSH (Network Service Header) support in userspace | |
159 | Used generic encap and decap actions to implement encapsulation and | |
160 | decapsulation of NSH header. | |
161 | IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ | |
162 | * Conntrack state is only available to the processing path that | |
163 | follows the "recirc_table" argument of the ct() action. Starting | |
164 | in OVS 2.8, this state is now cleared for the current processing | |
165 | path whenever ct() is called. | |
166 | - Fedora Packaging: | |
167 | * OVN services are no longer restarted automatically after upgrade. | |
168 | * ovs-vswitchd and ovsdb-server run as non-root users by default. | |
169 | - Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)). | |
170 | - L3 tunneling: | |
171 | * Use new tunnel port option "packet_type" to configure L2 vs. L3. | |
172 | * In conjunction with PTAP tunnel ports can handle a mix of L2 and L3 | |
173 | payload. | |
174 | * New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels. | |
175 | * New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE. | |
176 | - The BFD detection multiplier is now user-configurable. | |
177 | - Add experimental support for hardware offloading | |
178 | * HW offloading is disabled by default. | |
179 | * HW offloading is done through the TC interface. | |
180 | - IPv6 link local addresses are now supported on Linux. Use % to designate | |
181 | the scope device. | |
182 | ||
183 | v2.7.0 - 21 Feb 2017 | |
184 | --------------------- | |
185 | - Utilities and daemons that support SSL now allow protocols and | |
186 | ciphers to be configured with --ssl-protocols and --ssl-ciphers. | |
187 | - OVN: | |
188 | * QoS is now implemented via egress shaping rather than ingress policing. | |
189 | * DSCP marking is now supported, via the new northbound QoS table. | |
190 | * IPAM now supports fixed MAC addresses. | |
191 | * Support for source IP address based routing. | |
192 | * ovn-trace: | |
193 | - New --ovs option to also print OpenFlow flows. | |
194 | - put_dhcp_opts and put_dhcp_optsv6 actions may now be traced. | |
195 | * Support for managing SSL and remote connection configuration in | |
196 | northbound and southbound databases. | |
197 | * TCP connections to northbound and southbound databases are no | |
198 | longer enabled by default and must be explicitly configured. | |
199 | See documentation for ovn-sbctl/ovn-nbctl "set-connection" | |
200 | command or the ovn-ctl "--db-sb-create-insecure-remote" and | |
201 | "--db-nb-create-insecure-remote" command-line options for | |
202 | information regarding remote connection configuration. | |
203 | * New appctl "inject-pkt" command in ovn-controller that allows | |
204 | packets to be injected into the connected OVS instance. | |
205 | * Distributed logical routers may now be connected directly to | |
206 | logical switches with localnet ports, by specifying a | |
207 | "redirect-chassis" on the distributed gateway port of the | |
208 | logical router. NAT rules may be specified directly on the | |
209 | distributed logical router, and are handled either centrally on | |
210 | the "redirect-chassis", or in many cases are handled locally on | |
211 | the hypervisor where the corresponding logical port resides. | |
212 | Gratuitous ARP for NAT addresses on a distributed logical | |
213 | router is not yet supported, but will be added in a future | |
214 | version. | |
215 | - Fixed regression in table stats maintenance introduced in OVS | |
216 | 2.3.0, wherein the number of OpenFlow table hits and misses was | |
217 | not accurate. | |
218 | - OpenFlow: | |
219 | * OFPT_PACKET_OUT messages are now supported in bundles. | |
220 | * A new "selection_method=dp_hash" type for OpenFlow select group | |
221 | bucket selection that uses the datapath computed 5-tuple hash | |
222 | without making datapath flows match the 5-tuple fields, which | |
223 | is useful for more efficient load balancing, for example. This | |
224 | uses the Netronome extension to OpenFlow 1.5+ that allows | |
225 | control over the OpenFlow select groups selection method. See | |
226 | "selection_method" and related options in ovs-ofctl(8) for | |
227 | details. | |
228 | * The "sample" action now supports "ingress" and "egress" options. | |
229 | * The "ct" action now supports the TFTP ALG where support is available. | |
230 | * New actions "clone" and "ct_clear". | |
231 | * The "meter" action is now supported in the userspace datapath. | |
232 | - ovs-ofctl: | |
233 | * 'bundle' command now supports packet-out messages. | |
234 | * New syntax for 'ovs-ofctl packet-out' command, which uses the | |
235 | same string parser as the 'bundle' command. The old 'packet-out' | |
236 | syntax is deprecated and will be removed in a later OVS | |
237 | release. | |
238 | * New unixctl "ofctl/packet-out" command, which can be used to | |
239 | instruct a flow monitor to issue OpenFlow packet-out messages. | |
240 | - ovsdb-server: | |
241 | * Remote connections can now be made read-only (see ovsdb-server(1)). | |
242 | - Tunnels: | |
243 | * TLV mappings for protocols such as Geneve are now segregated on | |
244 | a per-OpenFlow bridge basis rather than globally. (The interface | |
245 | has not changed.) | |
246 | * Removed support for IPsec tunnels. | |
247 | - DPDK: | |
248 | * New option 'n_rxq_desc' and 'n_txq_desc' fields for DPDK interfaces | |
249 | which set the number of rx and tx descriptors to use for the given port. | |
250 | * Support for DPDK v16.11. | |
251 | * Support for rx checksum offload. Refer DPDK HOWTO for details. | |
252 | * Port Hotplug is now supported. | |
253 | * DPDK physical ports can now have arbitrary names. The PCI address of | |
254 | the device must be set using the 'dpdk-devargs' option. Compatibility | |
255 | with the old dpdk<portid> naming scheme is broken, and as such a | |
256 | device will not be available for use until a valid dpdk-devargs is | |
257 | specified. | |
258 | * Virtual DPDK Poll Mode Driver (vdev PMD) support. | |
259 | * Removed experimental tag. | |
260 | - Fedora packaging: | |
261 | * A package upgrade does not automatically restart OVS service. | |
262 | - ovs-vswitchd/ovs-vsctl: | |
263 | * Ports now have a "protected" flag. Protected ports can not forward | |
264 | frames to other protected ports. Unprotected ports can receive and | |
265 | forward frames to protected and other unprotected ports. | |
266 | - ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl: | |
267 | * Database commands now accept integer ranges, e.g. "set port | |
268 | eth0 trunks=1-10" to enable trunking VLANs 1 to 10. | |
269 | ||
270 | v2.6.0 - 27 Sep 2016 | |
271 | --------------------- | |
272 | - First supported release of OVN. See ovn-architecture(7) for more | |
273 | details. | |
274 | - ovsdb-server: | |
275 | * New "monitor_cond" "monitor_cond_update" and "update2" extensions to | |
276 | RFC 7047. | |
277 | - OpenFlow: | |
278 | * OpenFlow 1.3+ bundles now expire after 10 seconds since the | |
279 | last time the bundle was either opened, modified, or closed. | |
280 | * OpenFlow 1.3 Extension 230, adding OpenFlow Bundles support, is | |
281 | now implemented. | |
282 | * OpenFlow 1.3+ bundles are now supported for group mods as well as | |
283 | flow mods and port mods. Both 'atomic' and 'ordered' bundle | |
284 | flags are supported for group mods as well as flow mods. | |
285 | * Internal OpenFlow rule representation for load and set-field | |
286 | actions is now much more memory efficient. For a complex flow | |
287 | table this can reduce rule memory consumption by 40%. | |
288 | * Bundles are now much more memory efficient than in OVS 2.5. | |
289 | Together with memory efficiency improvements in OpenFlow rule | |
290 | representation, the peak OVS resident memory use during a | |
291 | bundle commit for large complex set of flow mods can be only | |
292 | 25% of that in OVS 2.5 (4x lower). | |
293 | * OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY. | |
294 | * OpenFlow 1.4+ OFPMP_QUEUE_DESC is now supported. | |
295 | * OpenFlow 1.4+ OFPT_TABLE_STATUS is now supported. | |
296 | * New property-based packet-in message format NXT_PACKET_IN2 with support | |
297 | for arbitrary user-provided data and for serializing flow table | |
298 | traversal into a continuation for later resumption. | |
299 | * New extension message NXT_SET_ASYNC_CONFIG2 to allow OpenFlow 1.4-like | |
300 | control over asynchronous messages in earlier versions of OpenFlow. | |
301 | * New OpenFlow extension NXM_NX_MPLS_TTL to provide access to MPLS TTL. | |
302 | * New output option, output(port=N,max_len=M), to allow truncating a | |
303 | packet to size M bytes when outputting to port N. | |
304 | * New command OFPGC_ADD_OR_MOD for OFPT_GROUP_MOD message that adds a | |
305 | new group or modifies an existing groups | |
306 | * The optional OpenFlow packet buffering feature is deprecated in | |
307 | this release, and will be removed in the next OVS release | |
308 | (2.7). After the change OVS always sends the 'buffer_id' as | |
309 | 0xffffffff in packet-in messages and will send an error | |
310 | response if any other value of this field is included in | |
311 | packet-out and flow mod sent by a controller. Controllers are | |
312 | already expected to work properly in cases where the switch can | |
313 | not buffer packets, so this change should not affect existing | |
314 | users. | |
315 | * New OpenFlow extension NXT_CT_FLUSH_ZONE to flush conntrack zones. | |
316 | - Improved OpenFlow version compatibility for actions: | |
317 | * New OpenFlow extension to support the "group" action in OpenFlow 1.0. | |
318 | * OpenFlow 1.0 "enqueue" action now properly translated to OpenFlow 1.1+. | |
319 | * OpenFlow 1.1 "mod_nw_ecn" and OpenFlow 1.1+ "mod_nw_ttl" actions now | |
320 | properly translated to OpenFlow 1.0. | |
321 | - ovs-ofctl: | |
322 | * queue-get-config command now allows a queue ID to be specified. | |
323 | * '--bundle' option can now be used with OpenFlow 1.3 and with group mods. | |
324 | * New "bundle" command allows executing a mixture of flow and group mods | |
325 | as a single atomic transaction. | |
326 | * New option "--color" to produce colorized output for some commands. | |
327 | * New option '--may-create' to use OFPGC_ADD_OR_MOD in mod-group command. | |
328 | - IPFIX: | |
329 | * New "sampling_port" option for "sample" action to allow sampling | |
330 | ingress and egress tunnel metadata with IPFIX. | |
331 | * New ovs-ofctl commands "dump-ipfix-bridge" and "dump-ipfix-flow" to | |
332 | dump bridge IPFIX statistics and flow based IPFIX statistics. | |
333 | * New setting other-config:virtual_obs_id to add an arbitrary string | |
334 | to IPFIX records. | |
335 | - Linux: | |
336 | * OVS Linux datapath now implements Conntrack NAT action with all | |
337 | supported Linux kernels. | |
338 | * Support for truncate action. | |
339 | * New QoS type "linux-noop" that prevents Open vSwitch from trying to | |
340 | manage QoS for a given port (useful when other software manages QoS). | |
341 | - DPDK: | |
342 | * New option "n_rxq" for PMD interfaces. | |
343 | Old 'other_config:n-dpdk-rxqs' is no longer supported. | |
344 | Not supported by vHost interfaces. For them number of rx and tx queues | |
345 | is applied from connected virtio device. | |
346 | * New 'other_config:pmd-rxq-affinity' field for PMD interfaces, that | |
347 | allows to pin port's rx queues to desired cores. | |
348 | * New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq | |
349 | assignment. | |
350 | * Type of log messages from PMD threads changed from INFO to DBG. | |
351 | * QoS functionality with sample egress-policer implementation. | |
352 | * The mechanism for configuring DPDK has changed to use database | |
353 | * Sensible defaults have been introduced for many of the required | |
354 | configuration options | |
355 | * DB entries have been added for many of the DPDK EAL command line | |
356 | arguments. Additional arguments can be passed via the dpdk-extra | |
357 | entry. | |
358 | * Add ingress policing functionality. | |
359 | * PMD threads servicing vHost User ports can now come from the NUMA | |
360 | node that device memory is located on if CONFIG_RTE_LIBRTE_VHOST_NUMA | |
361 | is enabled in DPDK. | |
362 | * Basic connection tracking for the userspace datapath (no ALG, | |
363 | fragmentation or NAT support yet) | |
364 | * Support for DPDK 16.07 | |
365 | * Optional support for DPDK pdump enabled. | |
366 | * Jumbo frame support | |
367 | * Remove dpdkvhostcuse port type. | |
368 | * OVS client mode for vHost and vHost reconnect (Requires QEMU 2.7) | |
369 | * 'dpdkvhostuserclient' port type. | |
370 | - Increase number of registers to 16. | |
371 | - ovs-benchmark: This utility has been removed due to lack of use and | |
372 | bitrot. | |
373 | - ovs-appctl: | |
374 | * New "vlog/close" command. | |
375 | - ovs-ctl: | |
376 | * Added the ability to selectively start the forwarding and database | |
377 | functions (ovs-vswitchd and ovsdb-server, respectively). | |
378 | - ovsdb-server: | |
379 | * Remove max number of sessions limit, to enable connection scaling | |
380 | testing. | |
381 | - python: | |
382 | * Added support for Python 3.4+ in addition to existing support | |
383 | for 2.7+. | |
384 | - SELinux: | |
385 | * Introduced SELinux policy package. | |
386 | - Datapath Linux kernel compatibility. | |
387 | * Dropped support for kernel older than 3.10. | |
388 | * Removed VLAN splinters feature. | |
389 | * Datapath supports kernel upto 4.7. | |
390 | - Tunnels: | |
391 | * Flow based tunnel match and action can be used for IPv6 address using | |
392 | tun_ipv6_src, tun_ipv6_dst fields. | |
393 | * Added support for IPv6 tunnels, for details checkout FAQ. | |
394 | * Deprecated support for IPsec tunnels ports. | |
395 | - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port and | |
396 | watch with tcpdump | |
397 | - Introduce --no-self-confinement flag that allows daemons to work with | |
398 | sockets outside their run directory. | |
399 | - ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because | |
400 | SHA-1 is no longer secure and some operating systems have started to | |
401 | disable it in OpenSSL. | |
402 | - Add 'mtu_request' column to the Interface table. It can be used to | |
403 | configure the MTU of the ports. | |
404 | ||
405 | Known issues: | |
406 | - Using openvswitch module in conjunction with upstream Linux tunnels: | |
407 | * When using the openvswitch module distributed with OVS against kernel | |
408 | versions 4.4 to 4.6, the openvswitch module cannot be loaded or used at | |
409 | the same time as "ip_gre". | |
410 | - Conntrack FTP ALGs: When using the openvswitch module distributed with | |
411 | OVS, particular Linux distribution kernels versions may provide diminished | |
412 | functionality. This typically affects active FTP data connections when | |
413 | using "actions=ct(alg=ftp),..." in flow tables. Specifically: | |
414 | * Centos 7.1 kernels (3.10.0-2xx) kernels are unable to correctly set | |
415 | up expectations for FTP data connections in multiple zones, | |
416 | eg "actions=ct(zone=1,alg=ftp),ct(zone=2,alg=ftp),...". Executing the | |
417 | "ct" action for subsequent data connections may fail to determine that | |
418 | the data connection is "related" to an existing connection. | |
419 | * Centos 7.2 kernels (3.10.0-3xx) kernels may not establish FTP ALG state | |
420 | correctly for NATed connections. As a result, flows that perform NAT, | |
421 | eg "actions=ct(nat,ftp=alg,table=1),..." may fail to NAT the packet, | |
422 | and will populate the "ct_state=inv" bit in the flow. | |
423 | ||
424 | ||
425 | v2.5.0 - 26 Feb 2016 | |
426 | --------------------- | |
427 | - Dropped support for Python older than version 2.7. As a consequence, | |
428 | using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which | |
429 | have Python 2.4) requires first installing Python 2.7. | |
430 | - OpenFlow: | |
431 | * Group chaining (where one OpenFlow group triggers another) is | |
432 | now supported. | |
433 | * OpenFlow 1.4+ "importance" is now considered for flow eviction. | |
434 | * OpenFlow 1.4+ OFPTC_EVICTION is now implemented. | |
435 | * OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented. | |
436 | * OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented. | |
437 | * Allow modifying the ICMPv4/ICMPv6 type and code fields. | |
438 | * OpenFlow 1.4+ OFPT_SET_ASYNC_CONFIG and OFPT_GET_ASYNC_CONFIG are | |
439 | now implemented. | |
440 | - ovs-ofctl: | |
441 | * New "out_group" keyword for OpenFlow 1.1+ matching on output group. | |
442 | - Tunnels: | |
443 | * Geneve tunnels can now match and set options and the OAM bit. | |
444 | * The nonstandard GRE64 tunnel extension has been dropped. | |
445 | - Support Multicast Listener Discovery (MLDv1 and MLDv2). | |
446 | - Add 'symmetric_l3l4' and 'symmetric_l3l4+udp' hash functions. | |
447 | - sFlow agent now reports tunnel and MPLS structures. | |
448 | - New 'check-system-userspace', 'check-kmod' and 'check-kernel' Makefile | |
449 | targets to run a new system testsuite. These tests can be run inside | |
450 | a Vagrant box. See INSTALL.md for details | |
451 | - Mark --syslog-target argument as deprecated. It will be removed in | |
452 | the next OVS release. | |
453 | - Added --user option to all daemons | |
454 | - Add support for connection tracking through the new "ct" action | |
455 | and "ct_state"/"ct_zone"/"ct_mark"/"ct_label" match fields. Only | |
456 | available on Linux kernels with the connection tracking module loaded. | |
457 | - Add experimental version of OVN. OVN, the Open Virtual Network, is a | |
458 | system to support virtual network abstraction. OVN complements the | |
459 | existing capabilities of OVS to add native support for virtual network | |
460 | abstractions, such as virtual L2 and L3 overlays and security groups. | |
461 | - RHEL packaging: | |
462 | * DPDK ports may now be created via network scripts (see README.RHEL). | |
463 | - DPDK: | |
464 | * Requires DPDK 2.2 | |
465 | * Added multiqueue support to vhost-user | |
466 | * Note: QEMU 2.5+ required for multiqueue support | |
467 | ||
468 | v2.4.0 - 20 Aug 2015 | |
469 | --------------------- | |
470 | - Flow table modifications are now atomic, meaning that each packet | |
471 | now sees a coherent version of the OpenFlow pipeline. For | |
472 | example, if a controller removes all flows with a single OpenFlow | |
473 | "flow_mod", no packet sees an intermediate version of the OpenFlow | |
474 | pipeline where only some of the flows have been deleted. | |
475 | - Added support for SFQ, FQ_CoDel and CoDel qdiscs. | |
476 | - Add bash command-line completion support for ovs-vsctl Please check | |
477 | utilities/ovs-command-compgen.INSTALL.md for how to use. | |
478 | - The MAC learning feature now includes per-port fairness to mitigate | |
479 | MAC flooding attacks. | |
480 | - New support for a "conjunctive match" OpenFlow extension, which | |
481 | allows constructing OpenFlow matches of the form "field1 in | |
482 | {a,b,c...} AND field2 in {d,e,f...}" and generalizations. For details, | |
483 | see documentation for the "conjunction" action in ovs-ofctl(8). | |
484 | - Add bash command-line completion support for ovs-appctl/ovs-dpctl/ | |
485 | ovs-ofctl/ovsdb-tool commands. Please check | |
486 | utilities/ovs-command-compgen.INSTALL.md for how to use. | |
487 | - The "learn" action supports a new flag "delete_learned" that causes | |
488 | the learned flows to be deleted when the flow with the "learn" action | |
489 | is deleted. | |
490 | - Basic support for the Geneve tunneling protocol. It is not yet | |
491 | possible to generate or match options. This is planned for a future | |
492 | release. The protocol is documented at | |
493 | http://tools.ietf.org/html/draft-gross-geneve-00 | |
494 | - The OVS database now reports controller rate limiting statistics. | |
495 | - sflow now exports information about LACP-based bonds, port names, and | |
496 | OpenFlow port numbers, as well as datapath performance counters. | |
497 | - ovs-dpctl functionality is now available for datapaths integrated | |
498 | into ovs-vswitchd, via ovs-appctl. Some existing ovs-appctl | |
499 | commands are now redundant and will be removed in a future | |
500 | release. See ovs-vswitchd(8) for details. | |
501 | - OpenFlow: | |
502 | * OpenFlow 1.4 bundles are now supported for flow mods and port | |
503 | mods. For flow mods, both 'atomic' and 'ordered' bundle flags | |
504 | are trivially supported, as all bundled messages are executed | |
505 | in the order they were added and all flow table modifications | |
506 | are now atomic to the datapath. Port mods may not appear in | |
507 | atomic bundles, as port status modifications are not atomic. | |
508 | * IPv6 flow label and neighbor discovery fields are now modifiable. | |
509 | * OpenFlow 1.5 extended registers are now supported. | |
510 | * The OpenFlow 1.5 actset_output field is now supported. | |
511 | * OpenFlow 1.5 Copy-Field action is now supported. | |
512 | * OpenFlow 1.5 masked Set-Field action is now supported. | |
513 | * OpenFlow 1.3+ table features requests are now supported (read-only). | |
514 | * Nicira extension "move" actions may now be included in action sets. | |
515 | * "resubmit" actions may now be included in action sets. The resubmit | |
516 | is executed last, and only if the action set has no "output" or "group" | |
517 | action. | |
518 | * OpenFlow 1.4+ flow "importance" is now maintained in the flow table. | |
519 | * A new Netronome extension to OpenFlow 1.5+ allows control over the | |
520 | fields hashed for OpenFlow select groups. See "selection_method" and | |
521 | related options in ovs-ofctl(8) for details. | |
522 | - ovs-ofctl has a new '--bundle' option that makes the flow mod commands | |
523 | ('add-flow', 'add-flows', 'mod-flows', 'del-flows', and 'replace-flows') | |
524 | use an OpenFlow 1.4 bundle to operate the modifications as a single | |
525 | atomic transaction. If any of the flow mods in a transaction fail, none | |
526 | of them are executed. All flow mods in a bundle appear to datapath | |
527 | lookups simultaneously. | |
528 | - ovs-ofctl 'add-flow' and 'add-flows' commands now accept arbitrary flow | |
529 | mods as an input by allowing the flow specification to start with an | |
530 | explicit 'add', 'modify', 'modify_strict', 'delete', or 'delete_strict' | |
531 | keyword. A missing keyword is treated as 'add', so this is fully | |
532 | backwards compatible. With the new '--bundle' option all the flow mods | |
533 | are executed as a single atomic transaction using an OpenFlow 1.4 bundle. | |
534 | - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because | |
535 | MD5 is no longer secure and some operating systems have started to disable | |
536 | it in OpenSSL. | |
537 | - ovsdb-server: New OVSDB protocol extension allows inequality tests on | |
538 | "optional scalar" columns. See ovsdb-server(1) for details. | |
539 | - ovs-vsctl now permits immutable columns in a new row to be modified in | |
540 | the same transaction that creates the row. | |
541 | - test-controller has been renamed ovs-testcontroller at request of users | |
542 | who find it useful for testing basic OpenFlow setups. It is still not | |
543 | a necessary or desirable part of most Open vSwitch deployments. | |
544 | - Support for travis-ci.org based continuous integration builds has been | |
545 | added. Build failures are reported to build@openvswitch.org. See INSTALL.md | |
546 | file for additional details. | |
547 | - Support for the Rapid Spanning Tree Protocol (IEEE 802.1D-2004). | |
548 | The implementation has been tested successfully against the Ixia Automated | |
549 | Network Validation Library (ANVL). | |
550 | - Stats are no longer updated on fake bond interface. | |
551 | - Keep active bond slave selection across OVS restart. | |
552 | - A simple wrapper script, 'ovs-docker', to integrate OVS with Docker | |
553 | containers. If and when there is a native integration of Open vSwitch | |
554 | with Docker, the wrapper script will be retired. | |
555 | - Added support for DPDK Tunneling. VXLAN, GRE, and Geneve are supported | |
556 | protocols. This is generic tunneling mechanism for userspace datapath. | |
557 | - Support for multicast snooping (IGMPv1, IGMPv2 and IGMPv3) | |
558 | - Support for Linux kernels up to 4.0.x | |
559 | - The documentation now use the term 'destination' to mean one of syslog, | |
560 | console or file for vlog logging instead of the previously used term | |
561 | 'facility'. | |
562 | - Support for VXLAN Group Policy extension | |
563 | - Initial support for the IETF Auto-Attach SPBM draft standard. This | |
564 | contains rudimentary support for the LLDP protocol as needed for | |
565 | Auto-Attach. | |
566 | - The default OpenFlow and OVSDB ports are now the IANA-assigned | |
567 | numbers. OpenFlow is 6653 and OVSDB is 6640. | |
568 | - Support for DPDK vHost. | |
569 | - Support for outer UDP checksums in Geneve and VXLAN. | |
570 | - The kernel vports with dependencies are no longer part of the overall | |
571 | openvswitch.ko but built and loaded automatically as individual kernel | |
572 | modules (vport-*.ko). | |
573 | - Support for STT tunneling. | |
574 | - ovs-sim: New developer tool for simulating multiple OVS instances. | |
575 | See ovs-sim(1) for more information. | |
576 | - Support to configure method (--syslog-method argument) that determines | |
577 | how daemons will talk with syslog. | |
578 | - Support for "ovs-appctl vlog/list-pattern" command that lets to query | |
579 | logging message format for each destination. | |
580 | ||
581 | ||
582 | v2.3.0 - 14 Aug 2014 | |
583 | --------------------- | |
584 | - OpenFlow 1.1, 1.2, and 1.3 are now enabled by default in | |
585 | ovs-vswitchd. | |
586 | - Linux kernel datapath now has an exact match cache optimizing the | |
587 | flow matching process. | |
588 | - Datapath flows now have partially wildcarded tranport port field | |
589 | matches. This reduces userspace upcalls, but increases the | |
590 | number of different masks in the datapath. The kernel datapath | |
591 | exact match cache removes the overhead of matching the incoming | |
592 | packets with the larger number of masks, but when paired with an | |
593 | older kernel module, some workloads may perform worse with the | |
594 | new userspace. | |
595 | - Compatibility with autoconf 2.63 (previously >=2.64) | |
596 | ||
597 | v2.2.0 - Internal Release | |
598 | --------------------- | |
599 | - Internal ports are no longer brought up by default, because it | |
600 | should be an administrator task to bring up devices as they are | |
601 | configured properly. | |
602 | - ovs-vsctl now reports when ovs-vswitchd fails to create a new port or | |
603 | bridge. | |
604 | - Port creation and configuration errors are now stored in a new error | |
605 | column of the Interface table and included in 'ovs-vsctl show'. | |
606 | - The "ovsdbmonitor" graphical tool has been removed, because it was | |
607 | poorly maintained and not widely used. | |
608 | - New "check-ryu" Makefile target for running Ryu tests for OpenFlow | |
609 | controllers against Open vSwitch. See INSTALL.md for details. | |
610 | - Added IPFIX support for SCTP flows and templates for ICMPv4/v6 flows. | |
611 | - Upon the receipt of a SIGHUP signal, ovs-vswitchd no longer reopens its | |
612 | log file (it will terminate instead). Please use 'ovs-appctl vlog/reopen' | |
613 | instead. | |
614 | - Support for Linux kernels up to 3.14. From Kernel 3.12 onwards OVS uses | |
615 | tunnel API for GRE and VXLAN. | |
616 | - Added DPDK support. | |
617 | - Added support for custom vlog patterns in Python | |
618 | ||
619 | ||
620 | v2.1.0 - 19 Mar 2014 | |
621 | --------------------- | |
622 | - Address prefix tracking support for flow tables. New columns | |
623 | "prefixes" in OVS-DB table "Flow_Table" controls which packet | |
624 | header fields are used for address prefix tracking. Prefix | |
625 | tracking allows the classifier to skip rules with longer than | |
626 | necessary prefixes, resulting in better wildcarding for datapath | |
627 | flows. Default configuration is to not use any fields for prefix | |
628 | tracking. However, if any flow tables contain both exact matches | |
629 | and masked matches for IP address fields, OVS performance may be | |
630 | increased by using this feature. | |
631 | * As of now, the fields for which prefix lookup can be enabled | |
632 | are: 'tun_id', 'tun_src', 'tun_dst', 'nw_src', 'nw_dst' (or | |
633 | aliases 'ip_src' and 'ip_dst'), 'ipv6_src', and 'ipv6_dst'. | |
634 | (Using this feature for 'tun_id' would only make sense if the | |
635 | tunnel IDs have prefix structure similar to IP addresses.) | |
636 | * There is a maximum number of fields that can be enabled for any | |
637 | one flow table. Currently this limit is 3. | |
638 | * Examples: | |
639 | $ ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- \ | |
640 | --id=@N1 create Flow_Table name=table0 | |
641 | $ ovs-vsctl set Bridge br0 flow_tables:1=@N1 -- \ | |
642 | --id=@N1 create Flow_Table name=table1 | |
643 | $ ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src | |
644 | $ ovs-vsctl set Flow_Table table1 prefixes=[] | |
645 | - TCP flags matching: OVS now supports matching of TCP flags. This | |
646 | has an adverse performance impact when using OVS userspace 1.10 | |
647 | or older (no megaflows support) together with the new OVS kernel | |
648 | module. It is recommended that the kernel and userspace modules | |
649 | both are upgraded at the same time. | |
650 | - The default OpenFlow and OVSDB ports will change to | |
651 | IANA-assigned numbers in a future release. Consider updating | |
652 | your installations to specify port numbers instead of using the | |
653 | defaults. | |
654 | - OpenFlow: | |
655 | * The OpenFlow 1.1+ "Write-Actions" instruction is now supported. | |
656 | * OVS limits the OpenFlow port numbers it assigns to port 32767 and | |
657 | below, leaving port numbers above that range free for assignment | |
658 | by the controller. | |
659 | * ovs-vswitchd now honors changes to the "ofport_request" column | |
660 | in the Interface table by changing the port's OpenFlow port | |
661 | number. | |
662 | * The Open vSwitch software switch now supports OpenFlow groups. | |
663 | - ovs-vswitchd.conf.db.5 man page will contain graphviz/dot | |
664 | diagram only if graphviz package was installed at the build time. | |
665 | - Support for Linux kernels up to 3.11 | |
666 | - ovs-dpctl: | |
667 | The "show" command also displays mega flow mask stats. | |
668 | - ovs-ofctl: | |
669 | * New command "ofp-parse-pcap" to dump OpenFlow from PCAP files. | |
670 | - ovs-controller has been renamed test-controller. It is no longer | |
671 | packaged or installed by default, because too many users assumed | |
672 | incorrectly that ovs-controller was a necessary or desirable part | |
673 | of an Open vSwitch deployment. | |
674 | - Added vlog option to export to a UDP syslog sink. | |
675 | - ovsdb-client: | |
676 | * The "monitor" command can now monitor all tables in a database, | |
677 | instead of being limited to a single table. | |
678 | - The flow-eviction-threshold has been replaced by the flow-limit which is a | |
679 | hard limit on the number of flows in the datapath. It defaults to 200,000 | |
680 | flows. OVS automatically adjusts this number depending on network | |
681 | conditions. | |
682 | - Added IPv6 support for active and passive socket communications. | |
683 | ||
684 | ||
685 | v2.0.0 - 15 Oct 2013 | |
686 | --------------------- | |
687 | - The ovs-vswitchd process is no longer single-threaded. Multiple | |
688 | threads are now used to handle flow set up and asynchronous | |
689 | logging. | |
690 | - OpenFlow: | |
691 | * Experimental support for OpenFlow 1.1 (in addition to 1.2 and | |
692 | 1.3, which had experimental support in 1.10). | |
693 | * Experimental protocol support for OpenFlow 1.1+ groups. This | |
694 | does not yet include an implementation in the Open vSwitch | |
695 | software switch. | |
696 | * Experimental protocol support for OpenFlow 1.2+ meters. This | |
697 | does not yet include an implementation in the Open vSwitch | |
698 | software switch. | |
699 | * New support for matching outer source and destination IP address | |
700 | of tunneled packets, for tunnel ports configured with the newly | |
701 | added "remote_ip=flow" and "local_ip=flow" options. | |
702 | * Support for matching on metadata 'pkt_mark' for interacting with | |
703 | other system components. On Linux this corresponds to the skb | |
704 | mark. | |
705 | * Support matching, rewriting SCTP ports | |
706 | - The Interface table in the database has a new "ifindex" column to | |
707 | report the interface's OS-assigned ifindex. | |
708 | - New "check-oftest" Makefile target for running OFTest against Open | |
709 | vSwitch. See README-OFTest for details. | |
710 | - The flow eviction threshold has been moved to the Open_vSwitch table. | |
711 | - Database names are now mandatory when specifying ovsdb-server options | |
712 | through database paths (e.g. Private key option with the database name | |
713 | should look like "--private-key=db:Open_vSwitch,SSL,private_key"). | |
714 | - Added ovs-dev.py, a utility script helpful for Open vSwitch developers. | |
715 | - Support for Linux kernels up to 3.10 | |
716 | - ovs-ofctl: | |
717 | * New "ofp-parse" for printing OpenFlow messages read from a file. | |
718 | * New commands for OpenFlow 1.1+ groups. | |
719 | - Added configurable flow caching support to IPFIX exporter. | |
720 | - Dropped support for Linux pre-2.6.32. | |
721 | - Log file timestamps and ovsdb commit timestamps are now reported | |
722 | with millisecond resolution. (Previous versions only reported | |
723 | whole seconds.) | |
724 | ||
725 | ||
726 | v1.11.0 - 28 Aug 2013 | |
727 | --------------------- | |
728 | - Support for megaflows, which allows wildcarding in the kernel (and | |
729 | any dpif implementation that supports wildcards). Depending on | |
730 | the flow table and switch configuration, flow set up rates are | |
731 | close to the Linux bridge. | |
732 | - The "tutorial" directory contains a new tutorial for some advanced | |
733 | Open vSwitch features. | |
734 | - Stable bond mode has been removed. | |
735 | - The autopath action has been removed. | |
736 | - New support for the data encapsulation format of the LISP tunnel | |
737 | protocol (RFC 6830). An external control plane or manual flow | |
738 | setup is required for EID-to-RLOC mapping. | |
739 | - OpenFlow: | |
740 | * The "dec_mpls_ttl" and "set_mpls_ttl" actions from OpenFlow | |
741 | 1.1 and later are now implemented. | |
742 | * New "stack" extension for use in actions, to push and pop from | |
743 | NXM fields. | |
744 | * The "load" and "set_field" actions can now modify the "in_port". (This | |
745 | allows one to enable output to a flow's input port by setting the | |
746 | in_port to some unused value, such as OFPP_NONE.) | |
747 | - ovs-dpctl: | |
748 | * New debugging commands "add-flow", "mod-flow", "del-flow". | |
749 | * "dump-flows" now has a -m option to increase output verbosity. | |
750 | - In dpif-based bridges, cache action translations, which can improve | |
751 | flow set up performance by 80% with a complicated flow table. | |
752 | - New syslog format, prefixed with "ovs|", to be easier to filter. | |
753 | - RHEL: Removes the default firewall rule that allowed GRE traffic to | |
754 | pass through. Any users that relied on this automatic firewall hole | |
755 | will have to manually configure it. The ovs-ctl(8) manpage documents | |
756 | the "enable-protocol" command that can be used as an alternative. | |
757 | - New CFM demand mode which uses data traffic to indicate interface | |
758 | liveness. | |
759 | ||
760 | v1.10.0 - 01 May 2013 | |
761 | --------------------- | |
762 | - Bridge compatibility support has been removed. Any uses that | |
763 | rely on ovs-brcompatd will have to stick with Open vSwitch 1.9.x | |
764 | or adapt to native Open vSwitch support (e.g. use ovs-vsctl instead | |
765 | of brctl). | |
766 | - The maximum size of the MAC learning table is now configurable. | |
767 | - With the Linux datapath, packets for new flows are now queued | |
768 | separately on a per-port basis, so it should no longer be | |
769 | possible for a large number of new flows arriving on one port to | |
770 | prevent new flows from being processed on other ports. | |
771 | - ovs-vsctl: | |
772 | * Previously ovs-vsctl would retry connecting to the database forever, | |
773 | causing it to hang if ovsdb-server was not running. Now, ovs-vsctl | |
774 | only tries once by default (use --retry to try forever). This change | |
775 | means that you may want to remove uses of --timeout to avoid hangs | |
776 | in ovs-vsctl calls. | |
777 | * Many "ovs-vsctl" database commands now accept an --if-exists option. | |
778 | Please refer to the ovs-vsctl manpage for details. | |
779 | - OpenFlow: | |
780 | - Experimental support for newer versions of OpenFlow. See | |
781 | the "What versions of OpenFlow does Open vSwitch support?" | |
782 | question in the FAQ for more details. | |
783 | - The OpenFlow "dp_desc" may now be configured by setting the | |
784 | value of other-config:dp-desc in the Bridge table. | |
785 | - It is possible to request the OpenFlow port number with the | |
786 | "ofport_request" column in the Interface table. | |
787 | - The NXM flow_removed message now reports the OpenFlow table ID | |
788 | from which the flow was removed. | |
789 | - Tunneling: | |
790 | - New support for the VXLAN tunnel protocol (see the IETF draft here: | |
791 | http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03). | |
792 | - Tunneling requires the version of the kernel module paired with | |
793 | Open vSwitch 1.9.0 or later. | |
794 | - Inheritance of the Don't Fragment bit in IP tunnels (df_inherit) | |
795 | is no longer supported. | |
796 | - Path MTU discovery is no longer supported. | |
797 | - CAPWAP tunneling support removed. | |
798 | - Tunnels with multicast destination ports are no longer supported. | |
799 | - ovs-dpctl: | |
800 | - The "dump-flows" and "del-flows" no longer require an argument | |
801 | if only one datapath exists. | |
802 | - ovs-appctl: | |
803 | - New "vlog/disable-rate-limit" and "vlog/enable-rate-limit" | |
804 | commands available allow control over logging rate limits. | |
805 | - New "dpif/dump-dps", "dpif/show", and "dpif/dump-flows" command | |
806 | that mimic the equivalent ovs-dpctl commands. | |
807 | - The ofproto library is now responsible for assigning OpenFlow port | |
808 | numbers. An ofproto implementation should assign them when | |
809 | port_construct() is called. | |
810 | - All dpif-based bridges of a particular type share a common | |
811 | datapath called "ovs-<type>", e.g. "ovs-system". The ovs-dpctl | |
812 | commands will now return information on that shared datapath. To | |
813 | get the equivalent bridge-specific information, use the new | |
814 | "ovs-appctl dpif/*" commands. | |
815 | - Backward-incompatible changes: | |
816 | - Earlier Open vSwitch versions treated ANY as a wildcard in flow | |
817 | syntax. OpenFlow 1.1 adds a port named ANY, which introduces a | |
818 | conflict. ANY was rarely used in flow syntax, so we chose to | |
819 | retire that meaning of ANY in favor of the OpenFlow 1.1 meaning. | |
820 | - Patch ports no longer require kernel support, so they now work | |
821 | with FreeBSD and the kernel module built into Linux 3.3 and later. | |
822 | - New "sample" action. | |
823 | ||
824 | ||
825 | v1.9.0 - 26 Feb 2013 | |
826 | ------------------------ | |
827 | - Datapath: | |
828 | - Support for ipv6 set action. | |
829 | - SKB mark matching and setting. | |
830 | - support for Linux kernels up to 3.8 | |
831 | - FreeBSD is now a supported platform, thanks to code contributions from | |
832 | Gaetano Catalli, Ed Maste, and Giuseppe Lettieri. | |
833 | - ovs-bugtool: New --ovs option to report only OVS related information. | |
834 | - New %t and %T log escapes to identify the subprogram within a | |
835 | cooperating group of processes or threads that emitted a log message. | |
836 | The default log patterns now include this information. | |
837 | - OpenFlow: | |
838 | - Allow bitwise masking for SHA and THA fields in ARP, SLL and TLL | |
839 | fields in IPv6 neighbor discovery messages, and IPv6 flow label. | |
840 | - Adds support for writing to the metadata field for a flow. | |
841 | - Tunneling: | |
842 | - The tunneling code no longer assumes input and output keys are | |
843 | symmetric. If they are not, PMTUD needs to be disabled for | |
844 | tunneling to work. Note this only applies to flow-based keys. | |
845 | - New support for a nonstandard form of GRE that supports a 64-bit key. | |
846 | - Tunnel Path MTU Discovery default value was set to 'disabled'. | |
847 | This feature is deprecated and will be removed soon. | |
848 | - Tunnel header caching removed. | |
849 | - ovs-ofctl: | |
850 | - Commands and actions that accept port numbers now also accept keywords | |
851 | that represent those ports (such as LOCAL, NONE, and ALL). This is | |
852 | also the recommended way to specify these ports, for compatibility | |
853 | with OpenFlow 1.1 and later (which use the OpenFlow 1.0 numbers | |
854 | for these ports for different purposes). | |
855 | - ovs-dpctl: | |
856 | - Support requesting the port number with the "port_no" option in | |
857 | the "add-if" command. | |
858 | - ovs-pki: The "online PKI" features have been removed, along with | |
859 | the ovs-pki-cgi program that facilitated it, because of some | |
860 | alarmist insecurity claims. We do not believe that these claims | |
861 | are true, but because we do not know of any users for this | |
862 | feature it seems better on balance to remove it. (The ovs-pki-cgi | |
863 | program was not included in distribution packaging.) | |
864 | - ovsdb-server now enforces the immutability of immutable columns. This | |
865 | was not enforced in earlier versions due to an oversight. | |
866 | - The following features are now deprecated. They will be removed no | |
867 | earlier than February 2013. Please email dev@openvswitch.org with | |
868 | concerns. | |
869 | - Bridge compatibility. | |
870 | - Stable bond mode. | |
871 | - The autopath action. | |
872 | - Interface type "null". | |
873 | - Numeric values for reserved ports (see "ovs-ofctl" note above). | |
874 | - Tunnel Path MTU Discovery. | |
875 | - CAPWAP tunnel support. | |
876 | - The data in the RARP packets can now be matched in the same way as the | |
877 | data in ARP packets. | |
878 | ||
879 | ||
880 | v1.8.0 - 26 Feb 2013 | |
881 | ------------------------ | |
882 | *** Internal only release *** | |
883 | - New FAQ. Please send updates and additions! | |
884 | - Authors of controllers, please read the new section titled "Action | |
885 | Reproduction" in DESIGN, which describes an Open vSwitch change in | |
886 | behavior in corner cases that may affect some controllers. | |
887 | - ovs-l3ping: | |
888 | - A new test utility that can create L3 tunnel between two Open | |
889 | vSwitches and detect connectivity issues. | |
890 | - ovs-ofctl: | |
891 | - New --sort and --rsort options for "dump-flows" command. | |
892 | - "mod-port" command can now control all OpenFlow config flags. | |
893 | - OpenFlow: | |
894 | - Allow general bitwise masking for IPv4 and IPv6 addresses in | |
895 | IPv4, IPv6, and ARP packets. (Previously, only CIDR masks | |
896 | were allowed.) | |
897 | - Allow support for arbitrary Ethernet masks. (Previously, only | |
898 | the multicast bit in the destination address could be individually | |
899 | masked.) | |
900 | - New field OXM_OF_METADATA, to align with OpenFlow 1.1. | |
901 | - The OFPST_QUEUE request now reports an error if a specified port or | |
902 | queue does not exist, or for requests for a specific queue on all | |
903 | ports, if the specified queue does not exist on any port. (Previous | |
904 | versions generally reported an empty set of results.) | |
905 | - New "flow monitor" feature to allow controllers to be notified of | |
906 | flow table changes as they happen. | |
907 | - Additional protocols are not mirrored and dropped when forward-bpdu is | |
908 | false. For a full list, see the ovs-vswitchd.conf.db man page. | |
909 | - Open vSwitch now sends RARP packets in situations where it previously | |
910 | sent a custom protocol, making it consistent with behavior of QEMU and | |
911 | VMware. | |
912 | - All Open vSwitch programs and log files now show timestamps in UTC, | |
913 | instead the local timezone, by default. | |
914 | ||
915 | ||
916 | v1.7.0 - 30 Jul 2012 | |
917 | ------------------------ | |
918 | - kernel modules are renamed. openvswitch_mod.ko is now | |
919 | openvswitch.ko and brcompat_mod.ko is now brcompat.ko. | |
920 | - Increased the number of NXM registers to 8. | |
921 | - Added ability to configure DSCP setting for manager and controller | |
922 | connections. By default, these connections have a DSCP value of | |
923 | Internetwork Control (0xc0). | |
924 | - Added the granular link health statistics, 'cfm_health', to an | |
925 | interface. | |
926 | - OpenFlow: | |
927 | - Added support to mask nd_target for ICMPv6 neighbor discovery flows. | |
928 | - Added support for OpenFlow 1.3 port description (OFPMP_PORT_DESC) | |
929 | multipart messages. | |
930 | - ovs-ofctl: | |
931 | - Added the "dump-ports-desc" command to retrieve port | |
932 | information using the new port description multipart messages. | |
933 | - ovs-test: | |
934 | - Added support for spawning ovs-test server from the client. | |
935 | - Now ovs-test is able to automatically create test bridges and ports. | |
936 | - "ovs-dpctl dump-flows" now prints observed TCP flags in TCP flows. | |
937 | - Tripled flow setup performance. | |
938 | - The "coverage/log" command previously available through ovs-appctl | |
939 | has been replaced by "coverage/show". The new command replies with | |
940 | coverage counter values, instead of logging them. | |
941 | ||
942 | ||
943 | v1.6.1 - 25 Jun 2012 | |
944 | ------------------------ | |
945 | - Allow OFPP_CONTROLLER as the in_port for packet-out messages. | |
946 | ||
947 | ||
948 | v1.6.0 - 24 Feb 2012 | |
949 | ------------------------ | |
950 | *** Internal only release *** | |
951 | - bonding | |
952 | - LACP bonds no longer fall back to balance-slb when negotiations fail. | |
953 | Instead they drop traffic. | |
954 | - The default bond_mode changed from SLB to active-backup, to protect | |
955 | unsuspecting users from the significant risks of SLB bonds (which are | |
956 | documented in vswitchd/INTERNALS). | |
957 | - Load balancing can be disabled by setting the bond-rebalance-interval | |
958 | to zero. | |
959 | - OpenFlow: | |
960 | - Added support for bitwise matching on TCP and UDP ports. | |
961 | See ovs-ofctl(8) for more information. | |
962 | - NXM flow dumps now include times elapsed toward idle and hard | |
963 | timeouts. | |
964 | - Added an OpenFlow extension NXT_SET_ASYNC_CONFIG that allows | |
965 | controllers more precise control over which OpenFlow messages they | |
966 | receive asynchronously. | |
967 | - New "fin_timeout" action. | |
968 | - Added "fin_timeout" support to "learn" action. | |
969 | - New Nicira action NXAST_CONTROLLER that offers additional features | |
970 | over output to OFPP_CONTROLLER. | |
971 | - When QoS settings for an interface do not configure a default queue | |
972 | (queue 0), Open vSwitch now uses a default configuration for that | |
973 | queue, instead of dropping all packets as in previous versions. | |
974 | - Logging: | |
975 | - Logging to console and file will have UTC timestamp as a default for | |
976 | all the daemons. An example of the default format is | |
977 | 2012-01-27T16:35:17Z. ovs-appctl can be used to change the default | |
978 | format as before. | |
979 | - The syntax of commands and options to set log levels was simplified, | |
980 | to make it easier to remember. | |
981 | - New support for limiting the number of flows in an OpenFlow flow | |
982 | table, with configurable policy for evicting flows upon | |
983 | overflow. See the Flow_Table table in ovs-vswitch.conf.db(5) | |
984 | for more information. | |
985 | - New "enable-async-messages" column in the Controller table. If set to | |
986 | false, OpenFlow connections to the controller will initially have all | |
987 | asynchronous messages disabled, overriding normal OpenFlow behavior. | |
988 | - ofproto-provider interface: | |
989 | - "struct rule" has a new member "used" that ofproto implementations | |
990 | should maintain by updating with ofproto_rule_update_used(). | |
991 | - ovsdb-client: | |
992 | - The new option --timestamp causes the "monitor" command to print | |
993 | a timestamp with every update. | |
994 | - CFM module CCM broadcasts can now be tagged with an 802.1p priority. | |
995 | ||
996 | ||
997 | v1.5.0 - 01 Jun 2012 | |
998 | ------------------------ | |
999 | - OpenFlow: | |
1000 | - Added support for querying, modifying, and deleting flows | |
1001 | based on flow cookie when using NXM. | |
1002 | - Added new NXM_PACKET_IN format. | |
1003 | - Added new NXAST_DEC_TTL action. | |
1004 | - ovs-ofctl: | |
1005 | - Added daemonization support to the monitor and snoop commands. | |
1006 | - ovs-vsctl: | |
1007 | - The "find" command supports new set relational operators | |
1008 | {=}, {!=}, {<}, {>}, {<=}, and {>=}. | |
1009 | - ovsdb-tool now uses the typical database and schema installation | |
1010 | directories as defaults. | |
1011 | - The default MAC learning timeout has been increased from 60 seconds | |
1012 | to 300 seconds. The MAC learning timeout is now configurable. | |
1013 | ||
1014 | ||
1015 | v1.4.0 - 30 Jan 2012 | |
1016 | ------------------------ | |
1017 | - Compatible with Open vSwitch kernel module included in Linux 3.3. | |
1018 | - New "VLAN splinters" feature to work around buggy device drivers | |
1019 | in old Linux versions. (This feature is deprecated. When | |
1020 | broken device drivers are no longer in widespread use, we will | |
1021 | delete this feature.) See ovs-vswitchd.conf.db(5) for more | |
1022 | information. | |
1023 | - OpenFlow: | |
1024 | - Added ability to match on IPv6 flow label through NXM. | |
1025 | - Added ability to match on ECN bits in IPv4 and IPv6 through NXM. | |
1026 | - Added ability to match on TTL in IPv4 and IPv6 through NXM. | |
1027 | - Added ability to modify ECN bits in IPv4. | |
1028 | - Added ability to modify TTL in IPv4. | |
1029 | - ovs-vswitchd: | |
1030 | - Don't require the "normal" action to use mirrors. Traffic will | |
1031 | now be properly mirrored for any flows, regardless of their | |
1032 | actions. | |
1033 | - Track packet and byte statistics sent on mirrors. | |
1034 | - The sFlow implementation can now usually infer the correct agent | |
1035 | device instead of having to be told explicitly. | |
1036 | - ovs-appctl: | |
1037 | - New "fdb/flush" command to flush bridge's MAC learning table. | |
1038 | - ovs-test: | |
1039 | - A new distributed testing tool that allows one to diagnose performance | |
1040 | and connectivity issues. This tool currently is not included in RH or | |
1041 | Xen packages. | |
1042 | - RHEL packaging now supports integration with Red Hat network scripts. | |
1043 | - bonding: | |
1044 | - Post 1.4.*, OVS will be changing the default bond mode from balance-slb | |
1045 | to active-backup. SLB bonds carry significant risks with them | |
1046 | (documented vswitchd/INTERNALS) which we want to prevent unsuspecting | |
1047 | users from running into. Users are advised to update any scripts or | |
1048 | configuration which may be negatively impacted by explicitly setting | |
1049 | the bond mode which they want to use. | |
1050 | ||
1051 | ||
1052 | v1.3.0 - 09 Dec 2011 | |
1053 | ------------------------ | |
1054 | - OpenFlow: | |
1055 | - Added an OpenFlow extension which allows the "output" action to accept | |
1056 | NXM fields. | |
1057 | - Added an OpenFlow extension for flexible learning. | |
1058 | - Bumped number of NXM registers from four to five. | |
1059 | - ovs-appctl: | |
1060 | - New "version" command to determine version of running daemon. | |
1061 | - If no argument is provided for "cfm/show", displays detailed | |
1062 | information about all interfaces with CFM enabled. | |
1063 | - If no argument is provided for "lacp/show", displays detailed | |
1064 | information about all ports with LACP enabled. | |
1065 | - ovs-dpctl: | |
1066 | - New "set-if" command to modify a datapath port's configuration. | |
1067 | - ovs-vswitchd: | |
1068 | - The software switch now supports 255 OpenFlow tables, instead | |
1069 | of just one. By default, only table 0 is consulted, but the | |
1070 | new NXAST_RESUBMIT_TABLE action can look up in additional | |
1071 | tables. Tables 128 and above are reserved for use by the | |
1072 | switch itself; please use only tables 0 through 127. | |
1073 | - Add support for 802.1D spanning tree (STP). | |
1074 | - Fragment handling extensions: | |
1075 | - New OFPC_FRAG_NX_MATCH fragment handling mode, in which L4 | |
1076 | fields are made available for matching in fragments with | |
1077 | offset 0. | |
1078 | - New NXM_NX_IP_FRAG match field for matching IP fragments (usable | |
1079 | via "ip_frag" in ovs-ofctl). | |
1080 | - New ovs-ofctl "get-frags" and "set-frags" commands to get and set | |
1081 | fragment handling policy. | |
1082 | - CAPWAP tunneling now supports an extension to transport a 64-bit key. | |
1083 | By default it remains compatible with the old version and other | |
1084 | standards-based implementations. | |
1085 | - Flow setups are now processed in a round-robin manner across ports | |
1086 | to prevent any single client from monopolizing the CPU and conducting | |
1087 | a denial of service attack. | |
1088 | - Added support for native VLAN tagging. A new "vlan_mode" | |
1089 | parameter can be set for "port". Possible values: "access", | |
1090 | "trunk", "native-tagged" and "native-untagged". | |
1091 | - test-openflowd has been removed. Please use ovs-vswitchd instead. | |
1092 | ||
1093 | v1.2.0 - 03 Aug 2011 | |
1094 | ------------------------ | |
1095 | - New "ofproto" abstraction layer to ease porting to hardware | |
1096 | switching ASICs. | |
1097 | - Packaging for Red Hat Enterprise Linux 5.6 and 6.0. | |
1098 | - Datapath support for Linux kernels up to 3.0. | |
1099 | - OpenFlow: | |
1100 | - New "bundle" and "bundle_load" action extensions. | |
1101 | - Database: | |
1102 | - Implement table unique constraints. | |
1103 | - Support cooperative locking between callers. | |
1104 | - ovs-dpctl: | |
1105 | - New "-s" option for "show" command prints packet and byte | |
1106 | counters for each port. | |
1107 | - ovs-ofctl: | |
1108 | - New "--readd" option for "replace-flows". | |
1109 | - ovs-vsctl: | |
1110 | - New "show" command to print an overview of configuration. | |
1111 | - New "comment" command to add remark that explains intentions. | |
1112 | - ovs-brcompatd has been rewritten to fix long-standing bugs. | |
1113 | - ovs-openflowd has been renamed test-openflowd and moved into the | |
1114 | tests directory. Its presence confused too many users. Please | |
1115 | use ovs-vswitchd instead. | |
1116 | - New ovs-benchmark utility to test flow setup performance. | |
1117 | - A new log level "off" has been added. Configuring a log facility | |
1118 | "off" prevents any messages from being logged to it. Previously, | |
1119 | "emer" was effectively "off" because no messages were ever logged at | |
1120 | level "emer". Now, errors that cause a process to exit are logged | |
1121 | at "emer" level. | |
1122 | - "configure" option --with-l26 has been renamed --with-linux, and | |
1123 | --with-l26-source has been renamed --with-linux-source. The old | |
1124 | names will be removed after the next release, so please update | |
1125 | your scripts. | |
1126 | - The "-2.6" suffix has been dropped from the datapath/linux-2.6 and | |
1127 | datapath/linux-2.6/compat-2.6 directories. | |
1128 | - Feature removals: | |
1129 | - Dropped support for "tun_id_from_cookie" OpenFlow extension. | |
1130 | Please use the extensible match extensions instead. | |
1131 | - Removed the Maintenance_Point and Monitor tables in an effort | |
1132 | to simplify 802.1ag configuration. | |
1133 | - Performance and scalability improvements | |
1134 | - Bug fixes | |
1135 | ||
1136 | v1.1.0 - 05 Apr 2011 | |
1137 | ------------------------ | |
1138 | - Ability to define policies over IPv6 | |
1139 | - LACP | |
1140 | - 802.1ag CCM | |
1141 | - Support for extensible match extensions to OpenFlow | |
1142 | - QoS: | |
1143 | - Support for HFSC qdisc. | |
1144 | - Queue used by in-band control can now be configured. | |
1145 | - Kernel: | |
1146 | - Kernel<->userspace interface has been reworked and should be | |
1147 | close to a stable ABI now. | |
1148 | - "Port group" concept has been dropped. | |
1149 | - GRE over IPSEC tunnels | |
1150 | - Bonding: | |
1151 | - New active backup bonding mode. | |
1152 | - New L4 hashing support when LACP is enabled. | |
1153 | - Source MAC hash now includes VLAN field also. | |
1154 | - miimon support. | |
1155 | - Greatly improved handling of large flow tables | |
1156 | - ovs-dpctl: | |
1157 | - "show" command now prints full vport configuration. | |
1158 | - "dump-groups" command removed since kernel support for | |
1159 | port groups was dropped. | |
1160 | - ovs-vsctl: | |
1161 | - New commands for working with the new Managers table. | |
1162 | - "list" command enhanced with new formatting options and --columns | |
1163 | option. | |
1164 | - "get" command now accepts new --id option. | |
1165 | - New "find" command. | |
1166 | - ovs-ofctl: | |
1167 | - New "queue-stats" command for printing queue stats. | |
1168 | - New commands "replace-flows" and "diff-flows". | |
1169 | - Commands to add and remove flows can now read from files. | |
1170 | - New --flow-format option to enable or disable NXM. | |
1171 | - New --more option to increase OpenFlow message verbosity. | |
1172 | - Removed "tun-cookie" command, which is no longer useful. | |
1173 | - ovs-controller enhancements for testing various features. | |
1174 | - New ovs-vlan-test command for testing for Linux kernel driver VLAN | |
1175 | bugs. New ovs-vlan-bug-workaround command for enabling and | |
1176 | disabling a workaround for these driver bugs. | |
1177 | - OpenFlow support: | |
1178 | - "Resubmit" actions now update flow statistics. | |
1179 | - New "register" extension for use in matching and actions, via NXM. | |
1180 | - New "multipath" experimental action extension. | |
1181 | - New support for matching multicast Ethernet frames, via NXM. | |
1182 | - New extension for OpenFlow vendor error codes. | |
1183 | - New extension to set the QoS output queue without actually | |
1184 | sending to an output port. | |
1185 | - Open vSwitch now reports a single flow table, instead of | |
1186 | separate hash and wildcard tables. This better models the | |
1187 | current implementation. | |
1188 | - New experimental "note" action. | |
1189 | - New "ofproto/trace" ovs-appctl command and associated utilities | |
1190 | to ease debugging complex flow tables. | |
1191 | - Database: | |
1192 | - Schema documentation now includes an entity-relationship diagram. | |
1193 | - The database is now garbage collected. In most tables, | |
1194 | unreferenced rows will be deleted automatically. | |
1195 | - Many tables now include statistics updated periodically by | |
1196 | ovs-vswitchd or ovsdb-server. | |
1197 | - Every table now has an "external-ids" column for use by OVS | |
1198 | integrators. | |
1199 | - There is no default controller anymore. Each bridge must have its | |
1200 | controller individually specified. | |
1201 | - The "fail-mode" is now a property of a Bridge instead of a Controller. | |
1202 | - New versioning and checksum features. | |
1203 | - New Managers table and manager_options column in Open_vSwitch table | |
1204 | for specifying managers. The old "managers" column in the | |
1205 | Open_vSwitch table has been removed. | |
1206 | - Many "name" columns are now immutable. | |
1207 | - Feature removals: | |
1208 | - Dropped support for XenServer pre-5.6.100. | |
1209 | - Dropped support for Linux pre-2.6.18. | |
1210 | - Dropped controller discovery support. | |
1211 | - Dropped "ovs-ofctl status" and the OpenFlow extension that it used. | |
1212 | Statistics reporting in the database is a rough equivalent. | |
1213 | - Dropped the "corekeeper" package (now separate, at | |
1214 | http://openvswitch.org/cgi-bin/gitweb.cgi?p=corekeeper). | |
1215 | - Performance and scalability improvements | |
1216 | - Bug fixes | |
1217 | ||
1218 | v1.1.0pre2 - 13 Sep 2010 | |
1219 | ------------------------ | |
1220 | - Bug fixes | |
1221 | ||
1222 | v1.1.0pre1 - 31 Aug 2010 | |
1223 | ------------------------ | |
1224 | - OpenFlow 1.0 slicing (QoS) functionality | |
1225 | - Python bindings for configuration database (no write support) | |
1226 | - Performance and scalability improvements | |
1227 | - Bug fixes | |
1228 | ||
1229 | v1.0.1 - 31 May 2010 | |
1230 | -------------------- | |
1231 | - New "patch" interface type | |
1232 | - Bug fixes | |
1233 | ||
1234 | v1.0.0 - 15 May 2010 | |
1235 | -------------------- | |
1236 | - Configuration database with remote management | |
1237 | - OpenFlow 1.0 | |
1238 | - GRE tunneling | |
1239 | - Support for XenServer 5.5 and 5.6 | |
1240 | - Performance and scalability improvements | |
1241 | - Bug fixes | |
1242 | ||
1243 | v0.99.2 - 18 Feb 2010 | |
1244 | --------------------- | |
1245 | - Bug fixes | |
1246 | ||
1247 | v0.99.1 - 25 Jan 2010 | |
1248 | --------------------- | |
1249 | - Add support for sFlow(R) | |
1250 | - Make headers compatible with C++ | |
1251 | - Bug fixes | |
1252 | ||
1253 | v0.99.0 - 14 Jan 2010 | |
1254 | --------------------- | |
1255 | - User-space forwarding engine | |
1256 | - Bug fixes | |
1257 | ||
1258 | v0.90.7 - 29 Nov 2009 | |
1259 | --------------------- | |
1260 | - Add support for NetFlow active timeouts | |
1261 | - Bug fixes | |
1262 | ||
1263 | v0.90.6 - 6 Oct 2009 | |
1264 | -------------------- | |
1265 | - Bug fixes | |
1266 | ||
1267 | v0.90.5 - 21 Sep 2009 | |
1268 | --------------------- | |
1269 | - Generalize in-band control to more diverse network setups | |
1270 | - Bug fixes |