-Post-v2.6.0
+Post-v2.7.0
---------------------
+ - ovs-ofctl:
+ * ovs-ofctl can now accept and display port names in place of numbers. By
+ default it always accepts names and in interactive use it displays them;
+ use --names or --no-names to override. See ovs-ofctl(8) for details.
+ * "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
+ - New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
+ - Tunnels:
+ * Added support to set packet mark for tunnel endpoint using
+ `egress_pkt_mark` OVSDB option.
+ * When using Linux kernel datapath tunnels may be created using rtnetlink.
+ This will allow us to take advantage of new tunnel features without
+ having to make changes to the vport modules.
+ - EMC insertion probability is reduced to 1% and is configurable via
+ the new 'other_config:emc-insert-inv-prob' option.
+ - DPDK:
+ * DPDK log messages redirected to OVS logging subsystem.
+ Log level can be changed in a usual OVS way using
+ 'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
+ still can be configured via extra arguments for DPDK EAL.
+ * dpdkvhostuser ports are marked as deprecated. They will be removed
+ in an upcoming release.
+ * Support for DPDK v17.05.1.
+ - IPFIX now provides additional counters:
+ * Total counters since metering process startup.
+ * Per-flow TCP flag counters.
+ * Multicast, broadcast, and unicast counters.
+ - New support for multiple VLANs (802.1ad or "QinQ"), including a new
+ "dot1q-tunnel" port VLAN mode.
+ - In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ - Userspace Datapath:
+ * Added NAT support for userspace datapath.
+ - OVN:
+ * New built-in DNS support.
+ * IPAM for IPv4 can now exclude user-defined addresses from assignment.
+ * IPAM can now assign IPv6 addresses.
+ * Make the DHCPv4 router setting optional.
+ * Gratuitous ARP for NAT addresses on a distributed logical router.
+ * Allow ovn-controller SSL configuration to be obtained from vswitchd
+ database.
+ * ovn-trace now has basic support for tracing distributed firewalls.
+ * In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ * "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
+ to logical flows.
+ * Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
+ * Multiple chassis may now be specified for L3 gateways. When more than
+ one chassis is specified, OVN will manage high availability for that
+ gateway.
+ * Add support for ACL logging.
+ * ovn-northd now has native support for active-standby high availability.
+ - Tracing with ofproto/trace now traces through recirculation.
+ - OVSDB:
+ * New support for role-based access control (see ovsdb-server(1)).
+ - New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
+ - OpenFlow:
+ * All features required by OpenFlow 1.4 are now implemented, so
+ ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
+ OpenFlow 1.0 to 1.3).
+ * Increased support for OpenFlow 1.6 (draft).
+ * Bundles now support hashing by just nw_src or nw_dst.
+ * The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
+ * The port status bit OFPPS_LIVE now reflects link aliveness.
+ * OpenFlow 1.5 packet-out is now supported.
+ * Support for OpenFlow 1.5 field packet_type and packet-type-aware
+ pipeline (PTAP).
+ * Added generic encap and decap actions (EXT-382).
+ First supported use case is encap/decap for Ethernet.
+ - Fedora Packaging:
+ * OVN services are no longer restarted automatically after upgrade.
+ - Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+ - L3 tunneling:
+ * Use new tunnel port option "packet_type" to configure L2 vs. L3.
+ * In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
+ payload.
+ * New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
+ * New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
+ - The BFD detection multiplier is now user-configurable.
+ - Add experimental support for hardware offloading
+ * HW offloading is disabled by default.
+ * HW offloading is done through the TC interface.
+ - IPv6 link local addresses are now supported on Linux. Use % to designate
+ the scope device.
+
+v2.7.0 - 21 Feb 2017
+---------------------
+ - Utilities and daemons that support SSL now allow protocols and
+ ciphers to be configured with --ssl-protocols and --ssl-ciphers.
+ - OVN:
+ * QoS is now implemented via egress shaping rather than ingress policing.
+ * DSCP marking is now supported, via the new northbound QoS table.
+ * IPAM now supports fixed MAC addresses.
+ * Support for source IP address based routing.
+ * ovn-trace:
+ - New --ovs option to also print OpenFlow flows.
+ - put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
+ * Support for managing SSL and remote connection configuration in
+ northbound and southbound databases.
+ * TCP connections to northbound and southbound databases are no
+ longer enabled by default and must be explicitly configured.
+ See documentation for ovn-sbctl/ovn-nbctl "set-connection"
+ command or the ovn-ctl "--db-sb-create-insecure-remote" and
+ "--db-nb-create-insecure-remote" command-line options for
+ information regarding remote connection configuration.
+ * New appctl "inject-pkt" command in ovn-controller that allows
+ packets to be injected into the connected OVS instance.
+ * Distributed logical routers may now be connected directly to
+ logical switches with localnet ports, by specifying a
+ "redirect-chassis" on the distributed gateway port of the
+ logical router. NAT rules may be specified directly on the
+ distributed logical router, and are handled either centrally on
+ the "redirect-chassis", or in many cases are handled locally on
+ the hypervisor where the corresponding logical port resides.
+ Gratuitous ARP for NAT addresses on a distributed logical
+ router is not yet supported, but will be added in a future
+ version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
- OpenFlow:
* OFPT_PACKET_OUT messages are now supported in bundles.
+ * A new "selection_method=dp_hash" type for OpenFlow select group
+ bucket selection that uses the datapath computed 5-tuple hash
+ without making datapath flows match the 5-tuple fields, which
+ is useful for more efficient load balancing, for example. This
+ uses the Netronome extension to OpenFlow 1.5+ that allows
+ control over the OpenFlow select groups selection method. See
+ "selection_method" and related options in ovs-ofctl(8) for
+ details.
+ * The "sample" action now supports "ingress" and "egress" options.
+ * The "ct" action now supports the TFTP ALG where support is available.
+ * New actions "clone" and "ct_clear".
+ * The "meter" action is now supported in the userspace datapath.
- ovs-ofctl:
* 'bundle' command now supports packet-out messages.
* New syntax for 'ovs-ofctl packet-out' command, which uses the
release.
* New unixctl "ofctl/packet-out" command, which can be used to
instruct a flow monitor to issue OpenFlow packet-out messages.
+ - ovsdb-server:
+ * Remote connections can now be made read-only (see ovsdb-server(1)).
+ - Tunnels:
+ * TLV mappings for protocols such as Geneve are now segregated on
+ a per-OpenFlow bridge basis rather than globally. (The interface
+ has not changed.)
+ * Removed support for IPsec tunnels.
+ - DPDK:
+ * New option 'n_rxq_desc' and 'n_txq_desc' fields for DPDK interfaces
+ which set the number of rx and tx descriptors to use for the given port.
+ * Support for DPDK v16.11.
+ * Support for rx checksum offload. Refer DPDK HOWTO for details.
+ * Port Hotplug is now supported.
+ * DPDK physical ports can now have arbitrary names. The PCI address of
+ the device must be set using the 'dpdk-devargs' option. Compatibility
+ with the old dpdk<portid> naming scheme is broken, and as such a
+ device will not be available for use until a valid dpdk-devargs is
+ specified.
+ * Virtual DPDK Poll Mode Driver (vdev PMD) support.
+ * Removed experimental tag.
+ - Fedora packaging:
+ * A package upgrade does not automatically restart OVS service.
+ - ovs-vswitchd/ovs-vsctl:
+ * Ports now have a "protected" flag. Protected ports can not forward
+ frames to other protected ports. Unprotected ports can receive and
+ forward frames to protected and other unprotected ports.
+ - ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl:
+ * Database commands now accept integer ranges, e.g. "set port
+ eth0 trunks=1-10" to enable trunking VLANs 1 to 10.
-v2.6.0 - xx xxx xxxx
+v2.6.0 - 27 Sep 2016
---------------------
- First supported release of OVN. See ovn-architecture(7) for more
details.
already expected to work properly in cases where the switch can
not buffer packets, so this change should not affect existing
users.
+ * New OpenFlow extension NXT_CT_FLUSH_ZONE to flush conntrack zones.
- Improved OpenFlow version compatibility for actions:
* New OpenFlow extension to support the "group" action in OpenFlow 1.0.
* OpenFlow 1.0 "enqueue" action now properly translated to OpenFlow 1.1+.
* Jumbo frame support
* Remove dpdkvhostcuse port type.
* OVS client mode for vHost and vHost reconnect (Requires QEMU 2.7)
+ * 'dpdkvhostuserclient' port type.
- Increase number of registers to 16.
- ovs-benchmark: This utility has been removed due to lack of use and
bitrot.
* Flow based tunnel match and action can be used for IPv6 address using
tun_ipv6_src, tun_ipv6_dst fields.
* Added support for IPv6 tunnels, for details checkout FAQ.
+ * Deprecated support for IPsec tunnels ports.
- A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port and
watch with tcpdump
- Introduce --no-self-confinement flag that allows daemons to work with
- Add 'mtu_request' column to the Interface table. It can be used to
configure the MTU of the ports.
+Known issues:
+ - Using openvswitch module in conjunction with upstream Linux tunnels:
+ * When using the openvswitch module distributed with OVS against kernel
+ versions 4.4 to 4.6, the openvswitch module cannot be loaded or used at
+ the same time as "ip_gre".
+ - Conntrack FTP ALGs: When using the openvswitch module distributed with
+ OVS, particular Linux distribution kernels versions may provide diminished
+ functionality. This typically affects active FTP data connections when
+ using "actions=ct(alg=ftp),..." in flow tables. Specifically:
+ * Centos 7.1 kernels (3.10.0-2xx) kernels are unable to correctly set
+ up expectations for FTP data connections in multiple zones,
+ eg "actions=ct(zone=1,alg=ftp),ct(zone=2,alg=ftp),...". Executing the
+ "ct" action for subsequent data connections may fail to determine that
+ the data connection is "related" to an existing connection.
+ * Centos 7.2 kernels (3.10.0-3xx) kernels may not establish FTP ALG state
+ correctly for NATed connections. As a result, flows that perform NAT,
+ eg "actions=ct(nat,ftp=alg,table=1),..." may fail to NAT the packet,
+ and will populate the "ct_state=inv" bit in the flow.
+
v2.5.0 - 26 Feb 2016
---------------------