開発中バージョンのリリースノート

26.0.0.0b2-98

新機能

  • For OVN, you can now select which port binding activation strategy to use for migrated ports, by setting the new configuration option [ovn]ovn_live_migration_activation_strategy. If set to an empty string, no activation strategy will be used, and the destination port binding will be immediately activated after creation without waiting for migration to complete.

  • Added a new API extension uplink_status_propagation_updatable. Now the port attribute propagate_uplink_status` can be updated once the port is created. The backend (ML2/SR-IOV) will receive the update and update the VF state.

  • Since eventlet 0.39.0, a new environment variable EVENTLET_MONKEYPATCH=1 can be defined to get patching as early as possible in Python startup.

  • HA routers can now run "conntrackd" in addition to "keepalived" to synchronize connection tracking states across router instances. This ensures that established connections survive a HA router failover. L3 agent hosts must have the "conntrackd" binary installed.

    Conntrackd support is not enabled by default and can be enabled by setting the ha_conntrackd_enabled option to true.

  • Since OVN 23.06.0 the QoS enforcement for maximum bandwidth and minimum bandwidth rules on Logical_Switch_Ports connected to Logical_Switch with localnet ports (that means ports connected to provider type networks) is done in this localnet port connected to the physical bridge, via TC commands. To meet that goal it is needed to define the maximum bandwidth and minimum bandwidth rules in the Logical_Switch_Port options dictionary field, using the keys qos_min_rate, qos_max_rate and qos_burst.

  • Now if the configuration option [ovn]ovn_emit_need_to_frag is set, OVN will always set the "gateway_mtu" option in the gateway Logical_Router_Port. The value defined will be the lowest MTU of all networks connected to this router.

アップグレード時の注意

  • A limit on the number of tags per resource has been added. In case when there are any resources with more than 50 tags created, it will not be possible to create or modify existing tags for such resource until some of them are deleted.

  • Now it is mandatory to define the start-time=%t variable in the uWSGI configuration file. It will provide the unix time in seconds, gathered at instance startup. This value is the same for all workers and is persistent if the uWSGI process restarts any of them.

  • Neutron can read the environment variable EVENTLET_MONKEYPATCH=1 in order to not monkey patch the system libraries. If this environment variable is set and the eventlet version is lower, the process won't be patched.

  • The linuxbridge ML2 driver is removed. Users are advised to migrate to a different supported driver (OVS or, preferably, OVN) before upgrade.

  • Names of the actions related to the tags attribute for various resources in the API policy rules have changed. Old names like "<action>_<resource_plural_name>_tags", for example, "update_networks_tags" are changed to the new pattern "<action>_<resource_singular>:tags", for example, "update_network:tags"

廃止予定の機能

  • Old names of the API policy actions related to the tags attribute for various resources with pattern like "<action>_<resource_plural_name>_tags" are now deprecated. If there are custom rules defined for those actions in the Neutron policy file, please update them to the new pattern which is "<action>_<resource_singular>:tags".

バグ修正

  • Fix bug 2091410 which could cause potential Denial of Service by adding a lot of tags to a single resource, like, for example network. Now there is a limit of 50 tags for every resource.

  • Fix connection issue to allowed address pair address that is located behind a distributed virtual router by adding a missing flow. For more information, see bug 2093248.

  • For OVN DPDK ports, live migration activation strategy that expects a RARP frame sent by QEMU is no longer used. This is because for DPDK ports, QEMU does not send a RARP frame, which affects the time to recover network connectivity for DPDK ports after live migration is complete. Note that because of the change, some low number of duplicate packets from these ports may be observed during live migration.

  • Subnet policies have been updated to allow other users to operate on them. Network owners and readers can now retrieve the subnet and project members can now update and delete the subnet. For more information, see bug 2038646.

  • An issue when arp entry in DVR router for allowed address pairs (AAP) is configured for parent port MAC address even when AAP has different MAC address. Ensure we use MAC address from AAP if it is set and fallback to parent port mac address.

その他の注意点

  • The network_segment_ranges registers are now initialized based on the Neutron API start time. The type driver class cleans up the database for those registers not matching the network type and the "created_at" timestamp and uses the process-safe method NetworkSegmentRange.new_default to create the new registers.

  • The Neutron API using the WSGI module requires a new configuration parameter: [uwsgi]start-time=%t. The uWSGI process will populate this value when executed, defining the start time of the Neutron API. This value will be used by Neutron ML2/OVN to create the OVN hash ring registers per worker.

26.0.0.0b1

新機能

  • Add support for the address-group in the OVN mechanism driver.

  • Since Epoxy (2025.1) release, the Neutron quota engine always checks the current resource usage before updating the quota limits. Only when the CLI "--force" parameter is passed, this check is skipped. That aligns the Neutron quota engine behaviour with other projects.

アップグレード時の注意

  • PostgreSQL is no longer supported. You are advised to migrate to a supported database backend (one of MySQL derivatives).

  • The ovn_emit_need_to_frag option for OVN is now enabled by default. This may result in performance issues on older kernels (older than 5.2). If you are still using an old kernel, you may consider setting it to False.

  • The allow_stateless_action_supported configuration option for OVN is removed. The stateful-security-group API is now unconditionally enabled. Please upgrade OVN to 21.06.0 or a later version.

  • The migration tool for TripleO deployments has been removed, because TripleO project has been retired.

廃止予定の機能

  • The ovn_emit_need_to_frag option is now deprecated for removal. The config option will removed in the 2026.1 release.

  • The Neutron quota commands now always check the resource limits. The CLI parameter "--check-limits" is no longer needed, as this is the default behaviour.

バグ修正

  • Add special treatment for the keyword any in the security group rule API protocol field to match what is documented in the api-ref itself. It is already supported in the client, where any is simply changed to None, so do the same in the API itself. For more information, see bug 2074056.

  • Liberal TCP connection tracking is now enabled in SNAT namespaces, (sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1).

    In some cases, when a TCP connection that is NAT-ed ends up re-transmitting, a packet could be outside what the Linux kernel connection tracking considers part of the valid TCP window. When this happens, a TCP Reset (RST) is triggered, terminating the connection on the sender side, while leaving the receiver side (the Neutron port attached VM) hanging.

    Since a number of firewall vendors typically turn this on by default to avoid unnecessary resets, we now do it in the Neutron router as well.

    See bug 1804327 for more information.

  • Fixes an issue when associating floating IPs to OVN load balancers. See LP#2068644 for more details.