-Post-v2.6.0
+Post-v2.8.0
+--------------------
+ - Nothing yet.
+
+v2.8.0 - xx xxx xxxx
+---------------------
+ - ovs-ofctl:
+ * ovs-ofctl can now accept and display port names in place of numbers. By
+ default it always accepts names and in interactive use it displays them;
+ use --names or --no-names to override. See ovs-ofctl(8) for details.
+ * "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
+ - New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
+ - Tunnels:
+ * Added support to set packet mark for tunnel endpoint using
+ `egress_pkt_mark` OVSDB option.
+ * When using Linux kernel datapath tunnels may be created using rtnetlink.
+ This will allow us to take advantage of new tunnel features without
+ having to make changes to the vport modules.
+ - EMC insertion probability is reduced to 1% and is configurable via
+ the new 'other_config:emc-insert-inv-prob' option.
+ - DPDK:
+ * DPDK log messages redirected to OVS logging subsystem.
+ Log level can be changed in a usual OVS way using
+ 'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
+ still can be configured via extra arguments for DPDK EAL.
+ * dpdkvhostuser ports are marked as deprecated. They will be removed
+ in an upcoming release.
+ * Support for DPDK v17.05.1.
+ - IPFIX now provides additional counters:
+ * Total counters since metering process startup.
+ * Per-flow TCP flag counters.
+ * Multicast, broadcast, and unicast counters.
+ - New support for multiple VLANs (802.1ad or "QinQ"), including a new
+ "dot1q-tunnel" port VLAN mode.
+ - In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ - Userspace Datapath:
+ * Added NAT support for userspace datapath.
+ * Added FTP and TFTP support with NAT for userspace datapath.
+ * Added NSH (Network Service Header) support for userspace datapath.
+ - OVN:
+ * New built-in DNS support.
+ * IPAM for IPv4 can now exclude user-defined addresses from assignment.
+ * IPAM can now assign IPv6 addresses.
+ * Make the DHCPv4 router setting optional.
+ * Gratuitous ARP for NAT addresses on a distributed logical router.
+ * Allow ovn-controller SSL configuration to be obtained from vswitchd
+ database.
+ * ovn-trace now has basic support for tracing distributed firewalls.
+ * In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ * "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
+ to logical flows.
+ * Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
+ * Multiple chassis may now be specified for L3 gateways. When more than
+ one chassis is specified, OVN will manage high availability for that
+ gateway.
+ * Add support for ACL logging.
+ * ovn-northd now has native support for active-standby high availability.
+ - Tracing with ofproto/trace now traces through recirculation.
+ - OVSDB:
+ * New support for role-based access control (see ovsdb-server(1)).
+ - New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
+ - OpenFlow:
+ * All features required by OpenFlow 1.4 are now implemented, so
+ ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
+ OpenFlow 1.0 to 1.3).
+ * Increased support for OpenFlow 1.6 (draft).
+ * Bundles now support hashing by just nw_src or nw_dst.
+ * The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
+ * The port status bit OFPPS_LIVE now reflects link aliveness.
+ * OpenFlow 1.5 packet-out is now supported.
+ * Support for OpenFlow 1.5 field packet_type and packet-type-aware
+ pipeline (PTAP).
+ * Added generic encap and decap actions (EXT-382).
+ First supported use case is encap/decap for Ethernet.
+ * Added NSH (Network Service Header) support in userspace
+ Used generic encap and decap actions to implement encapsulation and
+ decapsulation of NSH header.
+ IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
+ * Conntrack state is only available to the processing path that
+ follows the "recirc_table" argument of the ct() action. Starting
+ in OVS 2.8, this state is now cleared for the current processing
+ path whenever ct() is called.
+ - Fedora Packaging:
+ * OVN services are no longer restarted automatically after upgrade.
+ * ovs-vswitchd and ovsdb-server run as non-root users by default.
+ - Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+ - L3 tunneling:
+ * Use new tunnel port option "packet_type" to configure L2 vs. L3.
+ * In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
+ payload.
+ * New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
+ * New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
+ - The BFD detection multiplier is now user-configurable.
+ - Add experimental support for hardware offloading
+ * HW offloading is disabled by default.
+ * HW offloading is done through the TC interface.
+ - IPv6 link local addresses are now supported on Linux. Use % to designate
+ the scope device.
+
+v2.7.0 - 21 Feb 2017
---------------------
- Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
* DSCP marking is now supported, via the new northbound QoS table.
* IPAM now supports fixed MAC addresses.
* Support for source IP address based routing.
- * ovn-trace can now trace put_dhcp_opts and put_dhcp_optsv6 actions.
+ * ovn-trace:
+ - New --ovs option to also print OpenFlow flows.
+ - put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
* Support for managing SSL and remote connection configuration in
- northbound database.
+ northbound and southbound databases.
+ * TCP connections to northbound and southbound databases are no
+ longer enabled by default and must be explicitly configured.
+ See documentation for ovn-sbctl/ovn-nbctl "set-connection"
+ command or the ovn-ctl "--db-sb-create-insecure-remote" and
+ "--db-nb-create-insecure-remote" command-line options for
+ information regarding remote connection configuration.
+ * New appctl "inject-pkt" command in ovn-controller that allows
+ packets to be injected into the connected OVS instance.
+ * Distributed logical routers may now be connected directly to
+ logical switches with localnet ports, by specifying a
+ "redirect-chassis" on the distributed gateway port of the
+ logical router. NAT rules may be specified directly on the
+ distributed logical router, and are handled either centrally on
+ the "redirect-chassis", or in many cases are handled locally on
+ the hypervisor where the corresponding logical port resides.
+ Gratuitous ARP for NAT addresses on a distributed logical
+ router is not yet supported, but will be added in a future
+ version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
"selection_method" and related options in ovs-ofctl(8) for
details.
* The "sample" action now supports "ingress" and "egress" options.
+ * The "ct" action now supports the TFTP ALG where support is available.
+ * New actions "clone" and "ct_clear".
+ * The "meter" action is now supported in the userspace datapath.
- ovs-ofctl:
* 'bundle' command now supports packet-out messages.
* New syntax for 'ovs-ofctl packet-out' command, which uses the
* New option 'n_rxq_desc' and 'n_txq_desc' fields for DPDK interfaces
which set the number of rx and tx descriptors to use for the given port.
* Support for DPDK v16.11.
+ * Support for rx checksum offload. Refer DPDK HOWTO for details.
+ * Port Hotplug is now supported.
+ * DPDK physical ports can now have arbitrary names. The PCI address of
+ the device must be set using the 'dpdk-devargs' option. Compatibility
+ with the old dpdk<portid> naming scheme is broken, and as such a
+ device will not be available for use until a valid dpdk-devargs is
+ specified.
+ * Virtual DPDK Poll Mode Driver (vdev PMD) support.
+ * Removed experimental tag.
- Fedora packaging:
* A package upgrade does not automatically restart OVS service.
- ovs-vswitchd/ovs-vsctl:
* Ports now have a "protected" flag. Protected ports can not forward
frames to other protected ports. Unprotected ports can receive and
forward frames to protected and other unprotected ports.
+ - ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl:
+ * Database commands now accept integer ranges, e.g. "set port
+ eth0 trunks=1-10" to enable trunking VLANs 1 to 10.
v2.6.0 - 27 Sep 2016
---------------------