-Post-v2.7.0
----------------------
+Post-v2.8.0
+--------------------
+ - NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
+ - OVSDB:
+ * New high-level documentation in ovsdb(7).
+ * New file format documentation for developers in ovsdb(5).
+ * Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
+ * ovsdb-client: New "get-schema-cksum" command.
+ * ovsdb-client: New "backup" command.
+ * ovsdb-tool: New "db-name" and "schema-name" commands.
+ - OVN:
+ * The "requested-chassis" option for a logical switch port now accepts a
+ chassis "hostname" in addition to a chassis "name".
+ * IPv6
+ - Added support to send IPv6 Router Advertisement packets in response to
+ the IPv6 Router Solicitation packets from the VIF ports.
+ - Added support to generate Neighbor Solicitation packets using the OVN
+ action 'nd_ns' to resolve unknown next hop MAC addresses for the
+ IPv6 packets.
+ * ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
+ - Linux kernel 4.13
+ * Add support for compiling OVS with the latest Linux 4.13 kernel
+ - "flush-conntrack" in ovs-dpctl and ovs-appctl now accept a 5-tuple to
+ delete a specific connection tracking entry.
+ - DPDK:
+ * Add support for DPDK v17.11
+ * Add support for vHost IOMMU
+
+v2.8.0 - 31 Aug 2017
+--------------------
+ - ovs-ofctl:
+ * ovs-ofctl can now accept and display port names in place of numbers. By
+ default it always accepts names and in interactive use it displays them;
+ use --names or --no-names to override. See ovs-ofctl(8) for details.
+ * "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
+ - New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
- Tunnels:
* Added support to set packet mark for tunnel endpoint using
`egress_pkt_mark` OVSDB option.
+ * When using Linux kernel datapath tunnels may be created using rtnetlink.
+ This will allow us to take advantage of new tunnel features without
+ having to make changes to the vport modules.
+ - EMC insertion probability is reduced to 1% and is configurable via
+ the new 'other_config:emc-insert-inv-prob' option.
+ - DPDK:
+ * DPDK log messages redirected to OVS logging subsystem.
+ Log level can be changed in a usual OVS way using
+ 'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
+ still can be configured via extra arguments for DPDK EAL.
+ * dpdkvhostuser ports are marked as deprecated. They will be removed
+ in an upcoming release.
+ * Support for DPDK v17.05.1.
+ - IPFIX now provides additional counters:
+ * Total counters since metering process startup.
+ * Per-flow TCP flag counters.
+ * Multicast, broadcast, and unicast counters.
+ - New support for multiple VLANs (802.1ad or "QinQ"), including a new
+ "dot1q-tunnel" port VLAN mode.
+ - In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ - Userspace Datapath:
+ * Added NAT support for userspace datapath.
+ * Added FTP and TFTP support with NAT for userspace datapath.
+ * Experimental NSH (Network Service Header) support in userspace datapath.
+ - OVN:
+ * New built-in DNS support.
+ * IPAM for IPv4 can now exclude user-defined addresses from assignment.
+ * IPAM can now assign IPv6 addresses.
+ * Make the DHCPv4 router setting optional.
+ * Gratuitous ARP for NAT addresses on a distributed logical router.
+ * Allow ovn-controller SSL configuration to be obtained from vswitchd
+ database.
+ * ovn-trace now has basic support for tracing distributed firewalls.
+ * In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ * "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
+ to logical flows.
+ * Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
+ * Multiple chassis may now be specified for L3 gateways. When more than
+ one chassis is specified, OVN will manage high availability for that
+ gateway.
+ * Add support for ACL logging.
+ * ovn-northd now has native support for active-standby high availability.
+ - Tracing with ofproto/trace now traces through recirculation.
+ - OVSDB:
+ * New support for role-based access control (see ovsdb-server(1)).
+ - New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
+ - OpenFlow:
+ * All features required by OpenFlow 1.4 are now implemented, so
+ ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
+ OpenFlow 1.0 to 1.3).
+ * Increased support for OpenFlow 1.6 (draft).
+ * Bundles now support hashing by just nw_src or nw_dst.
+ * The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
+ * The port status bit OFPPS_LIVE now reflects link aliveness.
+ * OpenFlow 1.5 packet-out is now supported.
+ * Support for OpenFlow 1.5 field packet_type and packet-type-aware
+ pipeline (PTAP).
+ * Added generic encap and decap actions (EXT-382).
+ First supported use case is encap/decap for Ethernet.
+ * Added NSH (Network Service Header) support in userspace
+ Used generic encap and decap actions to implement encapsulation and
+ decapsulation of NSH header.
+ IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
+ * Conntrack state is only available to the processing path that
+ follows the "recirc_table" argument of the ct() action. Starting
+ in OVS 2.8, this state is now cleared for the current processing
+ path whenever ct() is called.
+ - Fedora Packaging:
+ * OVN services are no longer restarted automatically after upgrade.
+ * ovs-vswitchd and ovsdb-server run as non-root users by default.
+ - Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+ - L3 tunneling:
+ * Use new tunnel port option "packet_type" to configure L2 vs. L3.
+ * In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
+ payload.
+ * New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
+ * New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
+ - The BFD detection multiplier is now user-configurable.
+ - Add experimental support for hardware offloading
+ * HW offloading is disabled by default.
+ * HW offloading is done through the TC interface.
+ - IPv6 link local addresses are now supported on Linux. Use % to designate
+ the scope device.
-v2.7.0 - xx xxx xxxx
+v2.7.0 - 21 Feb 2017
---------------------
- Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
information regarding remote connection configuration.
* New appctl "inject-pkt" command in ovn-controller that allows
packets to be injected into the connected OVS instance.
+ * Distributed logical routers may now be connected directly to
+ logical switches with localnet ports, by specifying a
+ "redirect-chassis" on the distributed gateway port of the
+ logical router. NAT rules may be specified directly on the
+ distributed logical router, and are handled either centrally on
+ the "redirect-chassis", or in many cases are handled locally on
+ the hypervisor where the corresponding logical port resides.
+ Gratuitous ARP for NAT addresses on a distributed logical
+ router is not yet supported, but will be added in a future
+ version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
* The "sample" action now supports "ingress" and "egress" options.
* The "ct" action now supports the TFTP ALG where support is available.
* New actions "clone" and "ct_clear".
+ * The "meter" action is now supported in the userspace datapath.
- ovs-ofctl:
* 'bundle' command now supports packet-out messages.
* New syntax for 'ovs-ofctl packet-out' command, which uses the