-Post-v2.6.0
+Post-v2.8.0
+--------------------
+ - Nothing yet.
+
+v2.8.0 - xx xxx xxxx
+---------------------
+ - ovs-ofctl:
+ * ovs-ofctl can now accept and display port names in place of numbers. By
+ default it always accepts names and in interactive use it displays them;
+ use --names or --no-names to override. See ovs-ofctl(8) for details.
+ * "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
+ - New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
+ - Tunnels:
+ * Added support to set packet mark for tunnel endpoint using
+ `egress_pkt_mark` OVSDB option.
+ * When using Linux kernel datapath tunnels may be created using rtnetlink.
+ This will allow us to take advantage of new tunnel features without
+ having to make changes to the vport modules.
+ - EMC insertion probability is reduced to 1% and is configurable via
+ the new 'other_config:emc-insert-inv-prob' option.
+ - DPDK:
+ * DPDK log messages redirected to OVS logging subsystem.
+ Log level can be changed in a usual OVS way using
+ 'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
+ still can be configured via extra arguments for DPDK EAL.
+ * dpdkvhostuser ports are marked as deprecated. They will be removed
+ in an upcoming release.
+ * Support for DPDK v17.05.1.
+ - IPFIX now provides additional counters:
+ * Total counters since metering process startup.
+ * Per-flow TCP flag counters.
+ * Multicast, broadcast, and unicast counters.
+ - New support for multiple VLANs (802.1ad or "QinQ"), including a new
+ "dot1q-tunnel" port VLAN mode.
+ - In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ - Userspace Datapath:
+ * Added NAT support for userspace datapath.
+ * Added FTP and TFTP support with NAT for userspace datapath.
+ * Added NSH (Network Service Header) support for userspace datapath.
+ - OVN:
+ * New built-in DNS support.
+ * IPAM for IPv4 can now exclude user-defined addresses from assignment.
+ * IPAM can now assign IPv6 addresses.
+ * Make the DHCPv4 router setting optional.
+ * Gratuitous ARP for NAT addresses on a distributed logical router.
+ * Allow ovn-controller SSL configuration to be obtained from vswitchd
+ database.
+ * ovn-trace now has basic support for tracing distributed firewalls.
+ * In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
+ abbreviated to 4 hex digits.
+ * "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
+ to logical flows.
+ * Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
+ * Multiple chassis may now be specified for L3 gateways. When more than
+ one chassis is specified, OVN will manage high availability for that
+ gateway.
+ * Add support for ACL logging.
+ * ovn-northd now has native support for active-standby high availability.
+ - Tracing with ofproto/trace now traces through recirculation.
+ - OVSDB:
+ * New support for role-based access control (see ovsdb-server(1)).
+ - New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
+ - OpenFlow:
+ * All features required by OpenFlow 1.4 are now implemented, so
+ ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
+ OpenFlow 1.0 to 1.3).
+ * Increased support for OpenFlow 1.6 (draft).
+ * Bundles now support hashing by just nw_src or nw_dst.
+ * The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
+ * The port status bit OFPPS_LIVE now reflects link aliveness.
+ * OpenFlow 1.5 packet-out is now supported.
+ * Support for OpenFlow 1.5 field packet_type and packet-type-aware
+ pipeline (PTAP).
+ * Added generic encap and decap actions (EXT-382).
+ First supported use case is encap/decap for Ethernet.
+ * Added NSH (Network Service Header) support in userspace
+ Used generic encap and decap actions to implement encapsulation and
+ decapsulation of NSH header.
+ IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
+ * Conntrack state is only available to the processing path that
+ follows the "recirc_table" argument of the ct() action. Starting
+ in OVS 2.8, this state is now cleared for the current processing
+ path whenever ct() is called.
+ - Fedora Packaging:
+ * OVN services are no longer restarted automatically after upgrade.
+ * ovs-vswitchd and ovsdb-server run as non-root users by default.
+ - Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+ - L3 tunneling:
+ * Use new tunnel port option "packet_type" to configure L2 vs. L3.
+ * In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
+ payload.
+ * New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
+ * New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
+ - The BFD detection multiplier is now user-configurable.
+ - Add experimental support for hardware offloading
+ * HW offloading is disabled by default.
+ * HW offloading is done through the TC interface.
+ - IPv6 link local addresses are now supported on Linux. Use % to designate
+ the scope device.
+
+v2.7.0 - 21 Feb 2017
---------------------
+ - Utilities and daemons that support SSL now allow protocols and
+ ciphers to be configured with --ssl-protocols and --ssl-ciphers.
- OVN:
* QoS is now implemented via egress shaping rather than ingress policing.
+ * DSCP marking is now supported, via the new northbound QoS table.
+ * IPAM now supports fixed MAC addresses.
+ * Support for source IP address based routing.
+ * ovn-trace:
+ - New --ovs option to also print OpenFlow flows.
+ - put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
+ * Support for managing SSL and remote connection configuration in
+ northbound and southbound databases.
+ * TCP connections to northbound and southbound databases are no
+ longer enabled by default and must be explicitly configured.
+ See documentation for ovn-sbctl/ovn-nbctl "set-connection"
+ command or the ovn-ctl "--db-sb-create-insecure-remote" and
+ "--db-nb-create-insecure-remote" command-line options for
+ information regarding remote connection configuration.
+ * New appctl "inject-pkt" command in ovn-controller that allows
+ packets to be injected into the connected OVS instance.
+ * Distributed logical routers may now be connected directly to
+ logical switches with localnet ports, by specifying a
+ "redirect-chassis" on the distributed gateway port of the
+ logical router. NAT rules may be specified directly on the
+ distributed logical router, and are handled either centrally on
+ the "redirect-chassis", or in many cases are handled locally on
+ the hypervisor where the corresponding logical port resides.
+ Gratuitous ARP for NAT addresses on a distributed logical
+ router is not yet supported, but will be added in a future
+ version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
+ * The "sample" action now supports "ingress" and "egress" options.
+ * The "ct" action now supports the TFTP ALG where support is available.
+ * New actions "clone" and "ct_clear".
+ * The "meter" action is now supported in the userspace datapath.
- ovs-ofctl:
* 'bundle' command now supports packet-out messages.
* New syntax for 'ovs-ofctl packet-out' command, which uses the
release.
* New unixctl "ofctl/packet-out" command, which can be used to
instruct a flow monitor to issue OpenFlow packet-out messages.
+ - ovsdb-server:
+ * Remote connections can now be made read-only (see ovsdb-server(1)).
- Tunnels:
* TLV mappings for protocols such as Geneve are now segregated on
a per-OpenFlow bridge basis rather than globally. (The interface
- DPDK:
* New option 'n_rxq_desc' and 'n_txq_desc' fields for DPDK interfaces
which set the number of rx and tx descriptors to use for the given port.
+ * Support for DPDK v16.11.
+ * Support for rx checksum offload. Refer DPDK HOWTO for details.
+ * Port Hotplug is now supported.
+ * DPDK physical ports can now have arbitrary names. The PCI address of
+ the device must be set using the 'dpdk-devargs' option. Compatibility
+ with the old dpdk<portid> naming scheme is broken, and as such a
+ device will not be available for use until a valid dpdk-devargs is
+ specified.
+ * Virtual DPDK Poll Mode Driver (vdev PMD) support.
+ * Removed experimental tag.
+ - Fedora packaging:
+ * A package upgrade does not automatically restart OVS service.
+ - ovs-vswitchd/ovs-vsctl:
+ * Ports now have a "protected" flag. Protected ports can not forward
+ frames to other protected ports. Unprotected ports can receive and
+ forward frames to protected and other unprotected ports.
+ - ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl:
+ * Database commands now accept integer ranges, e.g. "set port
+ eth0 trunks=1-10" to enable trunking VLANs 1 to 10.
-v2.6.0 - xx xxx xxxx
+v2.6.0 - 27 Sep 2016
---------------------
- First supported release of OVN. See ovn-architecture(7) for more
details.