mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 01:51:26 +00:00
Code Issues Releases Wiki Activity
ovs/NEWS
Ilya Maximets f8d457ea28 Prepare for post-3.6.0 (3.6.90). 
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2025-07-16 17:46:31 +02:00

2174 lines
112 KiB
Plaintext
Raw Blame History

Post-v3.6.0
--------------------
v3.6.0 - xx xxx xxxx
--------------------
- Bonding:
* Bond rebalancing log messages of INFO log level are highly reduced: they
are now printed once in rebalance run. Previous detailed log messages
have been moved to the DBG log level.
- DPDK:
* New debug appctl command 'dpdk/get-memzone-stats'.
* Removed upper limit for the number of rx/tx descriptors (n_r/txq_desc).
* OVS validated with DPDK 24.11.2.
- OVSDB-IDL:
* New functions <db>_<table>_<column>_server_type() that allow checking
the server-side type of a particular column. Can be used for checking
type constraints when the server schema is older or newer than that of
the client.
- ovs-ctl:
* Added a new option, --oom-score=<score>, to set the daemons' Linux
Out-Of-Memory (OOM) killer score.
* Added a new option, --ulimit-core=<LIMIT>, to set the daemon's ulimit
core file size.
- ovs-appctl:
* Added JSON output support to the 'ovs/route/show' command.
- ovs-vsctl:
* Now exits with error code 160 (ERROR_BAD_ARGUMENTS) on Windows and
65 (EX_DATAERR) on other platforms if it fails while waiting for
ovs-vswitchd to finish reconfiguring itself after a successful
database transaction. E.g., when ovs-vswitchd fails to add a new
port or a bridge.
* Added '--filter' option to the 'show' command.
- SSL/TLS:
* Support for deprecated TLSv1 and TLSv1.1 protocols on OpenFlow and
database connections is now removed.
- Tunnels:
* Support for previously deprecated LISP and STT tunnel port types
is now removed.
- ovs-tcpdump:
* Update the --mirror-to option, adding support for specifying an
existing port as a mirror interface.
- Added support for running tests from 'check-kernel' and 'check-offloads'
system test targets under retis by setting OVS_TEST_WITH_RETIS=yes.
See the 'Testing' section of the documentation for more details.
- Updated documentation to remove most documentation of kernel module
that was previously part of the OVS distribution. It was removed from
the OVS distribution in the 3.0 release and is no longer present in
any supported versions of OVS. The remaining documentation of this
kernel module relates to topics for older releases of OVS.
v3.5.0 - 17 Feb 2025
--------------------
- The limit on the number of fields for address prefix tracking in flow
tables increased from 3 to 4. For example, it is now possible to
specify both IPv4 and IPv6 address fields at the same time:
$ ovs-vsctl set Bridge br0 flow_tables:123=@N -- \
--id=@N create Flow_Table \
name=table123 prefixes=nw_dst,nw_src,ipv6_dst,ipv6_src
- Address prefix tracking is now enabled by default for both IPv4 and IPv6
address fields: nw_dst, nw_src, ipv6_dst and ipv6_src.
This allows to significantly reduce amount of datapath flows generated
from mixed IPv4+IPv6 flow tables.
- SSL/TLS:
* TLSv1 and TLSv1.1 protocols are deprecated and disabled by default
on OpenFlow and database connections. Use --ssl-protocols to turn
them back on. Support will be fully removed in the next release.
* OpenSSL 1.1.1 or newer is now required for SSL/TLS support.
* The protocol list in --ssl-protocols or corresponding database column
now supports specifying simple protocol ranges like:
- "TLSv1-TLSv1.2" to enable all protocols between TLSv1 and TLSv1.2.
- "TLSv1.2+" to enable protocol TLSv1.2 and later.
The value must be a list of protocols or exactly one protocol range.
* Added explicit support for TLSv1.3. It can now be enabled via
--ssl-protocols (TLSv1.3 was supported in earlier versions only when
this option was not set). TLS ciphersuites for TLSv1.3 and later can
be configured via --ssl-ciphersuites (--ssl-ciphers only applies to
TLSv1.2 and earlier).
* ovs-pki now generates 3072-bit keys by default.
- Userspace datapath:
* The default zone limit, if set, is now inherited by any zone
that does not have a specific value defined, rather than being
treated as a global value, aligning the behavior with that of
the kernel datapath.
* Extended the support for TSO software fallback to include support for
VXLAN, Geneve, and GRE tunneled packets.
- Linux TC offload:
* Add support for matching tunnel flags if the kernel supports it.
* Add support for the "Don't Fragment" (DF) flag in the encap action,
if the kernel supports it.
- Python:
* Added tool called "ovs-flowviz" capable of parsing OpenFlow
and datapath flow dumps and displaying them in several different
formats.
* Dropped support for Python < 3.7.
- DPDK:
* Add support for DPDK 24.11.1.
* Add hardware offload support for matching ICMPv6 protocol
(experimental).
- Tunnels:
* LISP and STT tunnel port types are deprecated and will be removed in
the next release.
- IPsec:
* New option '--root-ipsec-conf' for ovs-monitor-ipsec with Libreswan
to allow cases where '--ipsec-conf' is not the main ipsec.conf, but
included from it. The value should be the path to the main ipsec.conf.
* New option '--use-default-crypto' for ovs-monitor-ipsec with Libreswan
to make it not configure any crypto options (ike/esp) for connections.
Most useful in combination with '--root-ipsec-conf' where system-wide
crypto-policy is included from the root ipsec.conf.
* New option '--ovs-monitor-ipsec-options' for 'ovs-ctl start-ovs-ipsec'
to pass above new options to ovs-monitor-ipsec.
v3.4.0 - 15 Aug 2024
--------------------
- Option '--mlockall' now only locks memory pages on fault, if possible.
This also makes it compatible with vHost Post-copy Live Migration.
- ovs-appctl:
* Added new option [-f|--format] to choose the output format, e.g. 'json'
or 'text' (by default).
* Added new option [--pretty] to print JSON output in a readable fashion.
* 'dpif/show' and 'list-commands' now support output in JSON format.
* Added 'ofproto/detrace' command that outputs the set of OpenFlow rules
and groups that contributed to the creation of a specific datapath flow.
- ovs-vsctl:
* Added a new filter column in the Mirror table which can be used to
apply filters to mirror ports.
- ovs-tcpdump:
* Added command line parameter --filter to enable filtering the packets
that are captured by tcpdump.
- Userspace datapath:
* Conntrack now supports 'random' flag for selecting ports in a range
while natting and 'persistent' flag for selection of the IP address
from a range.
* IPv6 UDP tunnel encapsulation including Geneve and VXLAN will now
honour the csum option. Configuring the interface with
"options:csum=false" now has the same effect as the udp6zerocsumtx
option has with Linux kernel UDP tunnels.
- The primary development branch has been renamed from 'master' to 'main'.
The OVS tree remains hosted on GitHub.
https://github.com/openvswitch/ovs.git
- DPDK:
* OVS validated with DPDK 23.11.1.
* Link status changes are now handled via interrupt mode if the DPDK
driver supports it. It is possible to revert to polling mode by setting
per interface 'options:dpdk-lsc-interrupt' to 'false'.
- Python:
* Added custom transaction support to the Idl via add_op().
* Added support for different output formats like 'json' to Python's
unixctl classes.
- Tunnels:
* Previously the kernel datapath did not enable UDP checksums by default
in IPv6 tunnels. This behaviour is non-standard, differs from the
Linux kernel, and as also different than the userspace datapath. Now
these tunnels will calculate checksums by default and that behaviour can
be changed with "options:csum=false" just as with the userspace
datapath.
- Local sampling is introduced. It reuses the OpenFlow sample action and
allows samples to be emitted locally (instead of via IPFIX) in a
datapath-specific manner. The Linux kernel datapath is the first to
support this feature by using the new datapath 'psample' action. See
'local-group-id' column in the Flow_Sample_Collector_Set table.
- A new configuration knob 'other-config:explicit-sampled-drops' in the
Open_vSwitch table controls whether an explicit drop action shall be
added at the end of datapath flows whose last action is an
observability-driven sample action.
- OpenFlow:
* A new version of the 'sample' action (NXAST_SAMPLE4) is introduced
that allows use of subfields in 'obs_point_id' and 'obs_domain_id'.
v3.3.0 - 16 Feb 2024
--------------------
- OVSDB:
* Support pre-vote mechanism in RAFT that protects the cluster against
disruptive servers (section 9.6 of the original RAFT paper). Upgrading
from older version is supported but it may trigger more leader elections
during the process, and error logs complaining unrecognized fields may
be observed on old nodes.
* New command line option --config-file that allows a fine control over
remotes and database configuration, including setting options for
connection methods for relays and active-backup replication.
For more details see ovsdb-server(1) and ovsdb(7).
* Make use of cooperative multitasking to improve maintenance of RAFT
cluster during long running processing such as online schema conversion.
- OpenFlow:
* NXT_CT_FLUSH extension is updated to support flushing connections
based on mark and labels. 'ct-flush' command of ovs-ofctl updated
to support these new arguments accordingly.
- ovs-appctl:
* 'ofproto/trace' now reports OpenFlow rules that make up a conjunctive
flow match.
* Output of 'dpctl/show' command no longer shows interface configuration
status, only values of the actual configuration options, a.k.a.
'requested' configuration. The interface configuration status,
a.k.a. 'configured' values, can be found in the 'status' column of
the Interface table, i.e. with 'ovs-vsctl get interface <..> status'.
Reported names adjusted accordingly.
* Added support for removal of default CT zone limit, e.g.
"ovs-appctl dpctl/ct-del-limits default".
* 'dpctl/flush-conntrack' is now capable of flushing connections based
on mark and labels.
* 'mdb/show': support for multicast snooping to show the protocol
responsible for adding/updating the entry.
- ovs-vsctl:
* New commands 'set-zone-limit', 'del-zone-limit' and 'list-zone-limits'
to manage the maximum number of connections in conntrack zones via
a new 'limit' column in the 'CT_Zone' database table and
'ct_zone_default_limit' column in the 'Datapath' table.
- Userspace datapath:
* Added support for Generic Segmentation Offloading for the cases where
TSO is enabled but not supported by an egress interface (except for
tunnel interfaces).
* 'pmd-sleep-max' is updated to also accept pmd-thread-core:sleep-max.
The existing behaviour is maintained and a non key:value pair value
will be applied to all other PMD thread cores.'pmd-sleep-show' is
updated to show the maximum sleep for each PMD thread core.
* The userspace conntrack module no longer requires the user to specify
connection helpers in all flow rules. Instead, the helper specified
during connection commit will be used by default.
- DPDK:
* Add support for DPDK 23.11.
v3.2.0 - 17 Aug 2023
--------------------
- OVSDB:
* Changed format in which ovsdb schema conversion operations are stored in
clustered database files. Such operations are now allowed to contain
the bare schema (without data). This allows to significantly improve
the schema conversion performance.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one, if
conversion operation is present. For the cluster service model follow
upgrade instructions in 'Upgrading from version 3.1 and earlier to 3.2
and later' section of ovsdb(7).
* When ovsdb-server is running in relay mode, the probe interval is
now configurable via 'ovsdb-server/set-relay-source-probe-interval'
unixctl command.
- IPFIX template and statistics intervals can now be configured through two
new options in the IPFIX table: 'template_interval' and 'stats_interval'.
- Linux kernel datapath:
* OVS now collects per-interface upcall statistics that can be obtained
via 'ovs-appctl dpctl/show -s' or the interface's statistics column
in OVSDB. Available with upstream kernel 6.2+.
- OVS route table in userspace now takes into account preferred source
address from cached kernel routes.
- ovs-appctl:
* Add support for selecting the source address with the
'ovs-appctl ovs/route/add' command.
* New commands "dpctl/{ct-get-sweep-interval,ct-set-sweep-interval}" that
allow to get and set, for the userspace datapath, the sweep interval
for the conntrack garbage collector.
* New commands "dpctl/dump-conntrack-exp" that allows to dump
conntrack's expectations for the userspace datapath.
- ovs-ctl:
* Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask
value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002
in order to create OVSDB sockets with access mode of 0770.
- QoS:
* Added new configuration option 'jitter' for a linux-netem QoS type.
* 'linux-htb' QoS type now supports rates higher than 34 Gbps.
- Ingress Policing:
* Ingress policing byte rates can now be configured higher than 34 Gbps.
- DPDK:
* ovs-vswitchd will keep the CAP_SYS_RAWIO capability when started
with the --hw-rawio-access command line option. This allows the
process extra privileges when mapping physical interconnect memory.
* New experimental "rx-steering=rss+<protocol>" option to redirect
certain protocols (for now, only LACP) to a dedicated hardware queue
using the rte_flow API.
- SRv6 Tunnel Protocol
* Added support for userspace datapath (only).
- Userspace datapath:
* Connection tracking now supports extraction of SCTP L4 information.
* Implementation of OpenFlow meters is now lockless allowing for better
multi-thread scalability.
* IP and L4 checksum offload support is now enabled by default for
interfaces that support it. See the 'status' column in the 'interface'
table to check the status.
* 'pmd-maxsleep' other_config was renamed to 'pmd-sleep-max'.
'pmd-maxsleep' is deprecated and will be removed in a future release.
* 'ovs-appctl dpif-netdev/pmd-sleep-show' command was added to get the
max sleep configuration of PMD thread cores.
* Removed experimental tag from PMD load based sleeping.
- Linux TC offload:
* Add support for offloading VXLAN tunnels with the GBP extensions.
- Python
* Added async DNS support.
* Dropped support for Python < 3.6.
v3.1.0 - 16 Feb 2023
--------------------
- ovs-vswitchd now detects changes in CPU affinity and adjusts the number
of handler and revalidator threads if necessary.
- AF_XDP:
* Added support for building with libxdp and libbpf >= 0.7.
* Support for AF_XDP is now enabled by default if all dependencies are
available at the build time. Use --disable-afxdp to disable.
Use --enable-afxdp to fail the build if dependencies are not present.
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
- OVSDB-IDL:
* Add the support to specify the persistent uuid for row insert in both
C and Python IDLs.
- Windows:
* Conntrack IPv6 fragment support.
- DPDK:
* Add support for DPDK 22.11.1.
- For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
10 Gbps link speed by default in case the actual link speed cannot be
determined. Previously it was 10 Mbps. Values can still be overridden
by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
- OpenFlow:
* New OpenFlow extension NXT_CT_FLUSH to flush connections matching
the specified fields.
- ovs-ctl:
* New option '--dump-hugepages' to include hugepages in core dumps. This
can assist with postmortem analysis involving DPDK, but may also produce
significantly larger core dump files.
- ovs-dpctl and 'ovs-appctl dpctl/' commands:
* 'flush-conntrack' is now capable of handling partial 5-tuple,
with additional optional parameter to specify the reply direction.
- ovs-ofctl:
* New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
5-tuple) for both directions.
- Support for travis-ci.org based continuous integration builds has been
dropped.
- Userspace datapath:
* Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
the pmd usage of an Rx queue over a configurable time period.
* Add new experimental PMD load based sleeping feature. PMD threads can
request to sleep up to a user configured 'pmd-maxsleep' value under
low load conditions.
v3.0.0 - 15 Aug 2022
--------------------
- libopenvswitch API change:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
- OVSDB:
* 'relay' service model now supports transaction history, i.e. honors the
'last-txn-id' field in 'monitor_cond_since' requests from clients.
* New unixctl command 'ovsdb-server/tlog-set DB:TABLE on|off".
If turned on, ovsdb-server will log (at level INFO and rate limited)
all operations that are committed to table TABLE in the DB database.
* New Local_Config schema added to support Connections (--remote)
configuration in a clustered databse independently for each server.
E.g. for listening on unique addresses. See the ovsdb.local-config.5
manpage for schema details.
* Returning unused memory to the OS after the database compaction is now
enabled by default. Use 'ovsdb-server/memory-trim-on-compaction off'
unixctl command to disable.
* Most of the work for the automatic database compaction in clustered
mode has been moved to a separate thread to avoid blocking the process.
- OVSDB-IDL:
* New monitor mode flag, OVSDB_IDL_WRITE_CHANGED_ONLY, allowing
applications to relax atomicity requirements when dealing with
columns whose value has been rewritten (but not changed).
- OpenFlow:
* Extended Flow Monitoring support for all supported OpenFlow versions:
OpenFlow versions 1.0-1.2 with Nicira Extensions
OpenFlow versions 1.3 with Open Network Foundation extension
OpenFlow versions 1.4+, as defined in the OpenFlow specification
- Python:
* Added a new flow parsing library ovs.flow capable of parsing
both OpenFlow and datapath flows.
- IPsec:
* Added support for custom per-tunnel options via 'options:ipsec_*' knobs.
See Documentation/tutorials/ipsec.rst for details.
- Windows:
* Conntrack support for TCPv6, UDPv6, ICMPv6, FTPv6.
* IPv6 Geneve tunnel support.
- DPDK:
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
* Delay creating or reusing a mempool for vhost ports until the VM
is started. A failure to create a mempool will now be logged only
when the VM is started.
* New configuration knob 'other_config:shared-mempool-config' to set MTU
that shared mempool mbuf size is based on. This allows interfaces with
different MTU sizes to share mempools.
- Userspace datapath:
* Improved multi-thread scalability of the userspace connection tracking.
* 'dpif-netdev/subtable-lookup-prio-get' appctl command renamed to
'dpif-netdev/subtable-lookup-info-get' to better reflect its purpose.
The old variant is kept for backward compatibility.
* Add actions auto-validator function to compare different actions
implementations against default implementation.
* Add command line option to switch between different actions
implementations available at run time.
* Add build time configure command to enable auto-validator as default
actions implementation at build time.
* Add AVX512 implementation of actions.
- Debian packaging updated to be on par with package source in Debian/Ubuntu.
* Provided an openvswitch-switch-dpdk package that integrates with the
dpdk package in the distributions so that end users can opt into a
DPDK-enabled Open vSwitch binary.
* Provided systemd service files.
* Provided openvswitch-source package for reproducible integrated build of
for example OVN.
* Shared library and subsequently libopenvswitch and libopenvswitch-dev
binary packages are no longer built.
- Linux TC offload:
* Add support for offloading meters via tc police.
* Add support for offloading the check_pkt_len action.
- New configuration knob 'other_config:all-members-active' for
balance-slb bonds.
- Previously deprecated Linux kernel module is now fully removed from
the OVS source tree. The version provided with the Linux kernel
should be used instead.
- XenServer: Support for integration with XenServer has been removed due to
lack of maintenance and bitrot.
v2.17.0 - 17 Feb 2022
---------------------
- Userspace datapath:
* Optimized flow lookups for datapath flows with simple match criteria.
See 'Simple Match Lookup' in Documentation/topics/dpdk/bridge.rst.
* New per-interface configuration knob 'other_config:tx-steering'. If set
to 'hash', enables hash-based Tx packet steering mode to utilize all the
Tx queues of the interface regardles of the number of PMD threads.
* Removed experimental tag for PMD Auto Load Balance.
* New configuration knob 'other_config:n-offload-threads' to change the
number of HW offloading threads.
- DPDK:
* EAL argument --socket-mem is no longer configured by default upon
start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified,
DPDK defaults will be used.
* EAL argument --socket-limit no longer takes on the value of --socket-mem
by default. 'other_config:dpdk-socket-limit' can be set equal to
the 'other_config:dpdk-socket-mem' to preserve the legacy memory
limiting behavior.
* EAL argument --in-memory is applied by default if supported.
* Add hardware offload support for matching IPv4/IPv6 frag types
(experimental).
* Add hardware offload support for GRE flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add support for DPDK 21.11.
* Forbid use of DPDK multiprocess feature.
* Add support for running threads on cores >= RTE_MAX_LCORE.
- Python:
* For SSL support, the use of the pyOpenSSL library has been replaced
with the native 'ssl' module.
- OVSDB:
* Python library for OVSDB clients now also supports faster
resynchronization with a clustered database after a brief disconnection,
i.e. 'monitor_cond_since' monitoring method.
* Major improvement in the performance of the OVSDB server. See the
"OVSDB: Performance and Scale Journey '21" talk of OVS+OVN Conf'21.
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands 'cache-get-size' and 'cache-set-size' that allows to
get or configure linux kernel datapath cache sizes.
- ovs-ofctl dump-flows no longer prints "igmp". Instead the flag
"ip,nw_proto=2" is used.
- ovs-appctl:
* New command tnl/neigh/aging to read/write the neigh aging time.
- OpenFlow:
* Default selection method for select groups with up to 256 buckets is
now dp_hash. Previously this was limited to 64 buckets. This change
is mainly for the benefit of OVN load balancing configurations.
* Encap & Decap action support for MPLS packet type.
- Ingress policing on Linux now uses 'matchall' classifier instead of
'basic', if available.
- Add User Statically-Defined Tracing (USDT) probe framework support.
v2.16.0 - 16 Aug 2021
---------------------
- Removed support for 1024-bit Diffie-Hellman key exchange, which is now
considered unsafe.
- Ingress Policing:
* Rate limiting configuration now supports setting packet-per-second
limits in addition to the previously configurable byte rate settings.
This is not supported in the userspace datapath yet.
- OVSDB:
* Introduced new database service model - "relay". Targeted to scale out
read-mostly access (ovn-controller) to existing databases.
For more information: ovsdb(7) and Documentation/topics/ovsdb-relay.rst
* New command line options --record/--replay for ovsdb-server and
ovsdb-client to record and replay all the incoming transactions,
monitors, etc. More datails in Documentation/topics/record-replay.rst.
* The Python Idl class now has a cooperative_yield() method that can be
overridden by an application that uses eventlet / gevent / asyncio with
the desired yield method (e.g. {eventlet,gevent,asyncio}.sleep(0)) to
prevent the application from being blocked for a long time while
processing database updates.
- In ovs-vsctl and vtep-ctl, the "find" command now accept new
operators {in} and {not-in}.
- Userspace datapath:
* Auto load balancing of PMDs now partially supports cross-NUMA polling
cases, e.g if all PMD threads are running on the same NUMA node.
* Userspace datapath now supports up to 2^18 meters.
* Added support for systems with non-contiguous NUMA nodes and core ids.
* Added all-zero IP SNAT handling to conntrack. In case of collision,
using ct(src=0.0.0.0), the source port will be replaced with another
non-colliding port in the ephemeral range (1024, 65535).
* Refactor lib/dpif-netdev.c to multiple header files.
* Add avx512 implementation of dpif which can process non recirculated
packets. It supports partial HWOL, EMC, SMC and DPCLS lookups.
* Add commands to get and set the dpif implementations.
* Add a partial HWOL PMD statistic counting hits similar to existing
EMC/SMC/DPCLS stats.
* Enable AVX512 optimized DPCLS to search subtables with larger miniflows.
* Add more specialized DPCLS subtables to cover common rules, enhancing
the lookup performance.
* Enable the AVX512 DPCLS implementation to use VPOPCNT instruction if the
CPU supports it. This enhances performance by using the native vpopcount
instructions, instead of the emulated version of vpopcount.
* Add command line option to switch between MFEX function pointers.
* Add miniflow extract auto-validator function to compare different
miniflow extract implementations against default implementation.
* Add study function to miniflow function table which studies packet
and automatically chooses the best miniflow implementation for that
traffic.
* Add build time configure command to enable auto-validatior as default
miniflow implementation at build time.
* Cache results for CPU ISA checks, reduces overhead on repeated lookups.
* Add AVX512 based optimized miniflow extract function for traffic type
IPv4/UDP, IPv4/TCP, Vlan/IPv4/UDP and Vlan/Ipv4/TCP.
* Added new 'group' option to pmd-rxq-assign. This will assign rxq to pmds
purely based on rxq and pmd load.
* Add new 'pmd-rxq-isolate' option that can be set to 'false' in order
that pmd cores which are pinned with rxqs using 'pmd-rxq-affinity'
are available for assigning other non-pinned rxqs.
- ovs-ctl:
* New option '--no-record-hostname' to disable hostname configuration
in ovsdb on startup.
* New command 'record-hostname-if-not-set' to update hostname in ovsdb.
- DPDK:
* OVS validated with DPDK 20.11.1. It is recommended to use this version
until further releases.
* New debug appctl command 'dpdk/get-malloc-stats'.
* Add hardware offload support for tunnel pop action (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add hardware offload support for VXLAN flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* EAL options --socket-mem and --socket-limit to have default values
removed with 2.17 release. Logging added to alert users.
- ovsdb-tool:
* New option '--election-timer' to the 'create-cluster' command to set the
leader election timer during cluster creation.
- OVS now reports the datapath capability 'ct_zero_snat', which reflects
whether the SNAT with all-zero IP address is supported.
See ovs-vswitchd.conf.db(5) for details.
- ovs-appctl:
* Added ability to add and delete static mac entries using:
'ovs-appctl fdb/add <bridge> <port> <vlan> <mac>'
'ovs-appctl fdb/del <bridge> <vlan> <mac>'
- Linux datapath:
* ovs-vswitchd will configure the kernel module using per-cpu dispatch
mode (if available). This changes the way upcalls are delivered to user
space in order to resolve a number of issues with per-vport dispatch.
* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
the current dispatch mode for each datapath.
v2.15.0 - 15 Feb 2021
---------------------
- OVSDB:
* Changed format in which ovsdb transactions are stored in database files.
Now each transaction contains diff of data instead of the whole new
value of a column.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one.
For cluster and active-backup service models follow upgrade instructions
in 'Upgrading from version 2.14 and earlier to 2.15 and later' section
of ovsdb(7).
* New unixctl command 'ovsdb-server/get-db-storage-status' to show the
status of the storage that's backing a database.
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
If turned on, ovsdb-server will try to reclaim all the unused memory
after every DB compaction back to OS. Disabled by default.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
Once threshold reached, connection is dropped (and re-established).
Use the 'cluster/set-backlog-threshold' command to change limits.
- DPDK:
* Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
- Userspace datapath:
* Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which
restricts a flow dump to a single PMD thread if set.
* New 'options:dpdk-vf-mac' field for DPDK interface of VF ports,
that allows configuring the MAC address of a VF representor.
* Add generic IP protocol support to conntrack. With this change, all
none UDP, TCP, and ICMP traffic will be treated as general L3
traffic, i.e. using 3 tupples.
* Add parameters 'pmd-auto-lb-load-threshold' and
'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance
behaviour.
- The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
- Linux datapath:
* Support for kernel versions up to 5.8.x.
- Terminology:
* The terms "master" and "slave" have been replaced by "primary" and
"secondary", respectively, for OpenFlow connection roles.
* The term "slave" has been replaced by "member", for bonds, LACP, and
OpenFlow bundle actions.
- Support for GitHub Actions based continuous integration builds has been
added.
- Bareudp Tunnel
* Bareudp device support is present in linux kernel from version 5.7
* Kernel bareudp device is not backported to ovs tree.
* Userspace datapath support is not added
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands '{add,mod,del}-flows' where added, which allow adding,
deleting, or modifying flows based on information read from a file.
- IPsec:
* Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
tearing down IPsec tunnels.
* Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
without restarting ipsec daemon.
- Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18
v2.14.0 - 17 Aug 2020
---------------------
- ovs-vswitchd no longer deletes datapath flows on exit by default.
- OpenFlow:
* The OpenFlow ofp_desc/serial_num may now be configured by setting the
value of other-config:dp-sn in the Bridge table.
* Added support to watch CONTROLLER port status in fast failover group.
* New action "delete_field".
- DPDK:
* Deprecated DPDK pdump packet capture support removed.
* Deprecated DPDK ring ports (dpdkr) are no longer supported.
* Add hardware offload support for VLAN Push/Pop actions (experimental).
* Add hardware offload support for matching IPv6 protocol (experimental).
* Add hardware offload support for set of IPv6 src/dst/ttl
and tunnel push-output actions (experimental).
* OVS validated with DPDK 19.11.2, due to the inclusion of fixes for
CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725 and
CVE-2020-10726, this DPDK version is strongly recommended to be used.
* New 'ovs-appctl dpdk/log-list' and 'ovs-appctl dpdk/log-set' commands
to list and change log levels in DPDK components.
* Vhost-user Dequeue zero-copy support is deprecated and will be removed
in the next release.
- Linux datapath:
* Support for kernel versions up to 5.5.x.
- AF_XDP:
* New netdev class 'afxdp-nonpmd' for netdev-afxdp to save CPU cycles
by enabling interrupt mode.
- Userspace datapath:
* Removed artificial datapath flow limit that was 65536.
Now number of datapath flows is fully controlled by revalidators and the
'other_config:flow-limit' knob.
* Add support for conntrack zone-based timeout policy.
* New configuration knob 'other_config:lb-output-action' for bond ports
that enables new datapath action 'lb_output' to avoid recirculation
in balance-tcp mode. Disabled by default.
* Add runtime CPU ISA detection to allow optimized ISA functions
* Add support for dynamically changing DPCLS subtable lookup functions
* Add ISA optimized DPCLS lookup function using AVX512
- New configuration knob 'other_config:bond-primary' for AB bonds
that specifies interface will be the preferred port if it is active.
- Tunnels: TC Flower offload
* Tunnel Local endpoint address masked match are supported.
* Tunnel Romte endpoint address masked match are supported.
- GTP-U Tunnel Protocol
* Add two new fields: tun_gtpu_flags, tun_gtpu_msgtype.
* Only support for userspace datapath.
v2.13.0 - 14 Feb 2020
---------------------
- OVN:
* OVN has been removed from this repository. It now exists as a
separate project. You can find it at
https://github.com/ovn-org/ovn.git
- Userspace datapath:
* Add option to enable, disable and query TCP sequence checking in
conntrack.
* Add support for conntrack zone limits.
* Command "ovs-appctl dpctl/dump-flows" refactored to show subtable
miniflow bits for userspace datapath.
- AF_XDP:
* New option 'use-need-wakeup' for netdev-afxdp to control enabling
of corresponding 'need_wakeup' flag in AF_XDP rings. Enabled by default
if supported by libbpf.
* 'xdpmode' option for netdev-afxdp renamed to 'xdp-mode'.
Modes also updated. New values:
native-with-zerocopy - former DRV
native - new one, DRV without zero-copy
generic - former SKB
best-effort [default] - new one, chooses the best available from
3 above modes
- DPDK:
* DPDK pdump packet capture support disabled by default. New configure
option '--enable-dpdk-pdump' to enable it.
* DPDK pdump support is deprecated and will be removed in next releases.
* DPDK ring ports (dpdkr) are deprecated and will be removed in next
releases.
* Add support for DPDK 19.11.
* Add hardware offload support for output, drop, set of MAC, IPv4 and
TCP/UDP ports actions (experimental).
* Add experimental support for TSO.
- RSTP:
* The rstp_statistics column in Port table will only be updated every
stats-update-interval configured in Open_vSwitch table.
- OVSDB:
* When ovsdb-server is running in backup mode, the default value of probe
interval is increased to 60 seconds for the connection to the
replication server. This value is configurable with the unixctl
command - ovsdb-server/set-active-ovsdb-server-probe-interval.
* ovsdb-server: New OVSDB extension to allow clients to specify row UUIDs.
- 'ovs-appctl dpctl/dump-flows' can now show offloaded=partial for
partially offloaded flows, dp:dpdk for fully offloaded by dpdk, and
type filter supports new filters: "dpdk" and "partially-offloaded".
- Add new argument '--offload-stats' for command
'ovs-appctl bridge/dump-flows',
so it can display offloaded packets statistics.
v2.12.0 - 03 Sep 2019
---------------------
- DPDK:
* New option 'other_config:dpdk-socket-limit' to limit amount of
hugepage memory that can be used by DPDK.
* Add support for vHost Post-copy Live Migration (experimental).
* OVS validated with DPDK 18.11.2 which is the new minimal supported
version.
* DPDK 18.11.1 and lower is no longer supported.
* New option 'tx-retries-max' to set the maximum amount of vhost tx
retries that can be made.
- OpenFlow:
* All features required by OpenFlow 1.5 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.5 by default (in addition to
OpenFlow 1.0 to 1.4).
* Removed support for OpenFlow 1.6 (draft), which ONF abandoned.
* New action "check_pkt_larger".
* Support for OpenFlow 1.5 "meter" action.
- Userspace datapath:
* ICMPv6 ND enhancements: support for match and set ND options type
and reserved fields.
* Add v4/v6 fragmentation support for conntrack.
* New ovs-appctl "dpctl/ipf-set-enabled" and "dpctl/ipf-set-disabled"
commands for userspace datapath conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-set-min-frag" command for userspace
datapath conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-set-max-nfrags" command for userspace datapath
conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-get-status" command for userspace datapath
conntrack fragmentation support.
* New action "check_pkt_len".
* Port configuration with "other-config:priority-tags" now has a mode
that retains the 802.1Q header even if VLAN and priority are both zero.
* 'ovs-appctl exit' now implies cleanup of non-internal ports in userspace
datapath regardless of '--cleanup' option. Use '--cleanup' to remove
internal ports too.
* Removed experimental tag for SMC cache.
* Datapath classifer code refactored to enable function pointers to select
the lookup implementation at runtime. This enables specialization of
specific subtables based on the miniflow attributes, enhancing the
performance of the subtable search.
* Add Linux AF_XDP support through a new experimental netdev type "afxdp".
- OVSDB:
* OVSDB clients can now resynchronize with clustered servers much more
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
* Support to convert from cluster database to standalone database is now
available when clustered is down and cannot be revived using ovsdb-tool
. Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
* IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
- add the capability to specify a static IPv4 and/or IPv6 address and
get the L2 one allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IPv4 addr> <IPv6 addr>"
* Added the HA chassis group support.
* Added 'external' logical port support.
* Added Policy-based routing(PBR) support to create permit/deny/reroute
policies on the logical router. New table(Logical_Router_Policy) added in
OVN-NB schema. New "ovn-nbctl" commands to add/delete/list PBR policies.
* Support for Transport Zones, a way to separate chassis into
logical groups which results in tunnels only been formed between
members of the same transport zone(s).
* Support for IGMP Snooping and IGMP Querier.
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
- Linux datapath:
* Support for the kernel versions 4.19.x and 4.20.x.
* Support for the kernel version 5.0.x.
* Add support for conntrack zone-based timeout policy.
- 'ovs-dpctl dump-flows' is no longer suitable for dumping offloaded flows.
'ovs-appctl dpctl/dump-flows' should be used instead.
- Add L2 GRE tunnel over IPv6 support.
v2.11.0 - 19 Feb 2019
---------------------
- OpenFlow:
* OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
- ovs-ofctl:
* "mod-table" command can now change OpenFlow table names.
- ovn:
* OVN-SB schema changed: duplicated IP with same Encapsulation type
is not allowed any more. Please refer to
Documentation/intro/install/ovn-upgrades.rst for the instructions
in case there are problems encountered when upgrading from an earlier
version.
* New support for IPSEC encrypted tunnels between hypervisors.
* ovn-ctl: allow passing user:group ids to the OVN daemons.
* IPAM/MACAM:
- add the capability to dynamically assign just L2 addresses
- add the capability to specify a static ip address and get the L2 one
allocated dynamically using the following syntax:
ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
- DPDK:
* Add support for DPDK 18.11
* Add support for port representors.
- Userspace datapath:
* Add option for simple round-robin based Rxq to PMD assignment.
It can be set with pmd-rxq-assign.
* Add support for Auto load balancing of PMDs (experimental)
* Added new per-port configurable option to manage EMC:
'other_config:emc-enable'.
- Add 'symmetric_l3' hash function.
- OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
- ovs-vswitchd:
* New configuration option "offload-rebalance", that enables dynamic
rebalancing of offloaded flows.
- The environment variable OVS_SYSLOG_METHOD, if set, is now used
as the default syslog method.
- The environment variable OVS_CTL_TIMEOUT, if set, is now used
as the default timeout for control utilities.
- The environment variable OVS_RESOLV_CONF, if set, is now used
as the DNS server configuration file.
- RHEL packaging:
* OVN packages are split from OVS packages. A new spec
file - ovn-fedora.spec.in is added to generate OVN packages.
- Linux datapath:
* Support for the kernel versions 4.16.x, 4.17.x, and 4.18.x.
v2.10.0 - 18 Aug 2018
---------------------
- ovs-vswitchd and utilities now support DNS names in OpenFlow and
OVSDB remotes.
- ovs-vswitchd:
* New options --l7 and --l7-len to "ofproto/trace" command.
* Previous versions gave OpenFlow tables default names of the form
"table#". These are not helpful names for the purpose of accepting
and displaying table names, so now tables by default have no names.
* The "null" interface type, deprecated since 2013, has been removed.
* Add minimum network namespace support for Linux.
* New command "lacp/show-stats"
- ovs-ofctl:
* ovs-ofctl now accepts and display table names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
- ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
- ovs-dpctl:
* New commands "ct-set-limits", "ct-del-limits", and "ct-get-limits".
- OpenFlow:
* OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
* OpenFlow 1.5 extensible statistics (OXS) now implemented.
* New OpenFlow 1.0 extensions for group support.
* Default selection method for select groups is now dp_hash with improved
accuracy.
- Linux datapath
* Add support for compiling OVS with the latest Linux 4.14 kernel.
* Added support for meters.
* Add support for conntrack zone limit.
- ovn:
* Implemented icmp4/icmp6/tcp_reset actions in order to drop the packet
and reply with a RST for TCP or ICMPv4/ICMPv6 unreachable message for
other IPv4/IPv6-based protocols whenever a reject ACL rule is hit.
* ACL match conditions can now match on Port_Groups as well as address
sets that are automatically generated by Port_Groups. ACLs can be
applied directly to Port_Groups as well.
* ovn-nbctl can now run as a daemon (long-lived, background process).
See ovn-nbctl(8) for details.
- DPDK:
* New 'check-dpdk' Makefile target to run a new system testsuite.
See Testing topic for the details.
* Add LSC interrupt support for DPDK physical devices.
* Allow init to fail and record DPDK status/version in OVS database.
* Add experimental flow hardware offload support
* Support both shared and per port mempools for DPDK devices.
- Userspace datapath:
* Commands ovs-appctl dpif-netdev/pmd-*-show can now work on a single PMD
* Detailed PMD performance metrics available with new command
ovs-appctl dpif-netdev/pmd-perf-show
* Supervision of PMD performance metrics and logging of suspicious
iterations
* Add signature match cache (SMC) as experimental feature. When turned on,
it improves throughput when traffic has many more flows than EMC size.
- ERSPAN:
* Implemented ERSPAN protocol (draft-foschiano-erspan-00.txt) for
both kernel datapath and userspace datapath.
* Added port-based and flow-based ERSPAN tunnel port support, added
OpenFlow rules matching ERSPAN fields. See ovs-fields(7).
- ovs-pki
* ovs-pki now generates x.509 version 3 certificate. The new format adds
subjectAltName field and sets its value the same as common name (CN).
v2.9.0 - 19 Feb 2018
--------------------
- NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
* Add ttl field.
* Add a new action dec_nsh_ttl.
* Enable NSH support in kernel datapath.
- OVSDB has new, experimental support for database clustering:
* New high-level documentation in ovsdb(7).
* New file format documentation for developers in ovsdb(5).
* Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
* ovsdb-server now supports online schema conversion via
"ovsdb-client convert".
* ovsdb-server now always hosts a built-in database named _Server. See
ovsdb-server(5) for more details.
* ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
and "wait" commands. New --timeout option.
* ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
"db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
"schema-name", "compare-versions", and "check-cluster" commands.
* ovsdb-server: New ovs-appctl commands for managing clusters.
* ovs-sandbox: New support for clustered databases.
- ovs-vsctl and other commands that display data in tables now support a
--max-column-width option to limit column width.
- No longer slow-path traffic that sends to a controller. Applications,
such as OVN ACL logging, want to send a copy of a packet to a
controller while leaving the actual packet forwarding in the datapath.
- OVN:
* The "requested-chassis" option for a logical switch port now accepts a
chassis "hostname" in addition to a chassis "name".
* IPv6
- Added support to send IPv6 Router Advertisement packets in response to
the IPv6 Router Solicitation packets from the VIF ports.
- Added support to generate Neighbor Solicitation packets using the OVN
action 'nd_ns' to resolve unknown next hop MAC addresses for the
IPv6 packets.
* Add support for QoS bandwidth limit with DPDK.
* ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
* ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
- OpenFlow:
* ct_clear action is now backed by kernel datapath. Support is probed for
when OVS starts.
- Linux kernel 4.13
* Add support for compiling OVS with the latest Linux 4.13 kernel
- ovs-dpctl and related ovs-appctl commands:
* "flush-conntrack" now accept a 5-tuple to delete a specific
connection tracking entry.
* New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
for userspace datapath.
- No longer send packets to the Linux TAP device if it's DOWN unless it is
in another networking namespace.
- DPDK:
* Add support for DPDK v17.11
* Add support for vHost IOMMU
* New debug appctl command 'netdev-dpdk/get-mempool-info'.
* All the netdev-dpdk appctl commands described in ovs-vswitchd man page.
* Custom statistics:
- DPDK physical ports now return custom set of "dropped", "error" and
"management" statistics.
- ovs-ofctl dump-ports command now prints new of set custom statistics
if available (for OpenFlow 1.4+).
* Switch from round-robin allocation of rxq to pmd assignments to a
utilization-based allocation.
* New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
pmd assignments.
* Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
* Add support for vHost dequeue zero copy (experimental).
- Userspace datapath:
* Output packet batching support.
- vswitchd:
* Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
* Configuring a controller, or unconfiguring all controllers, now deletes
all groups and meters (as well as all flows).
- New --enable-sparse configure option enables "sparse" checking by default.
- Added additional information to vhost-user status.
v2.8.0 - 31 Aug 2017
--------------------
- ovs-ofctl:
* ovs-ofctl can now accept and display port names in place of numbers. By
default it always accepts names and in interactive use it displays them;
use --names or --no-names to override. See ovs-ofctl(8) for details.
* "ovs-ofctl dump-flows" now accepts --no-stats to omit flow statistics.
- New ovs-dpctl command "ct-stats-show" to show connection tracking stats.
- Tunnels:
* Added support to set packet mark for tunnel endpoint using
`egress_pkt_mark` OVSDB option.
* When using Linux kernel datapath tunnels may be created using rtnetlink.
This will allow us to take advantage of new tunnel features without
having to make changes to the vport modules.
- EMC insertion probability is reduced to 1% and is configurable via
the new 'other_config:emc-insert-inv-prob' option.
- DPDK:
* DPDK log messages redirected to OVS logging subsystem.
Log level can be changed in a usual OVS way using
'ovs-appctl vlog' commands for 'dpdk' module. Lower bound
still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed
in an upcoming release.
* Support for DPDK v17.05.1.
- IPFIX now provides additional counters:
* Total counters since metering process startup.
* Per-flow TCP flag counters.
* Multicast, broadcast, and unicast counters.
- New support for multiple VLANs (802.1ad or "QinQ"), including a new
"dot1q-tunnel" port VLAN mode.
- In ovn-vsctl and vtep-ctl, record UUIDs in commands may now be
abbreviated to 4 hex digits.
- Userspace Datapath:
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
- OVN:
* New built-in DNS support.
* IPAM for IPv4 can now exclude user-defined addresses from assignment.
* IPAM can now assign IPv6 addresses.
* Make the DHCPv4 router setting optional.
* Gratuitous ARP for NAT addresses on a distributed logical router.
* Allow ovn-controller SSL configuration to be obtained from vswitchd
database.
* ovn-trace now has basic support for tracing distributed firewalls.
* In ovn-nbctl and ovn-sbctl, record UUIDs in commands may now be
abbreviated to 4 hex digits.
* "ovn-sbctl lflow-list" can now print OpenFlow flows that correspond
to logical flows.
* Now uses OVSDB RBAC support to reduce impact of compromised hypervisors.
* Multiple chassis may now be specified for L3 gateways. When more than
one chassis is specified, OVN will manage high availability for that
gateway.
* Add support for ACL logging.
* ovn-northd now has native support for active-standby high availability.
- Tracing with ofproto/trace now traces through recirculation.
- OVSDB:
* New support for role-based access control (see ovsdb-server(1)).
- New commands 'stp/show' and 'rstp/show' (see ovs-vswitchd(8)).
- OpenFlow:
* All features required by OpenFlow 1.4 are now implemented, so
ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to
OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The "learn" action now supports a "limit" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware
pipeline (PTAP).
* Added generic encap and decap actions (EXT-382).
First supported use case is encap/decap for Ethernet.
* Added NSH (Network Service Header) support in userspace
Used generic encap and decap actions to implement encapsulation and
decapsulation of NSH header.
IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
* Conntrack state is only available to the processing path that
follows the "recirc_table" argument of the ct() action. Starting
in OVS 2.8, this state is now cleared for the current processing
path whenever ct() is called.
- Fedora Packaging:
* OVN services are no longer restarted automatically after upgrade.
* ovs-vswitchd and ovsdb-server run as non-root users by default.
- Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
- L3 tunneling:
* Use new tunnel port option "packet_type" to configure L2 vs. L3.
* In conjunction with PTAP tunnel ports can handle a mix of L2 and L3
payload.
* New vxlan tunnel extension "gpe" to support VXLAN-GPE tunnels.
* New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
- The BFD detection multiplier is now user-configurable.
- Add experimental support for hardware offloading
* HW offloading is disabled by default.
* HW offloading is done through the TC interface.
- IPv6 link local addresses are now supported on Linux. Use % to designate
the scope device.
v2.7.0 - 21 Feb 2017
---------------------
- Utilities and daemons that support SSL now allow protocols and
ciphers to be configured with --ssl-protocols and --ssl-ciphers.
- OVN:
* QoS is now implemented via egress shaping rather than ingress policing.
* DSCP marking is now supported, via the new northbound QoS table.
* IPAM now supports fixed MAC addresses.
* Support for source IP address based routing.
* ovn-trace:
- New --ovs option to also print OpenFlow flows.
- put_dhcp_opts and put_dhcp_optsv6 actions may now be traced.
* Support for managing SSL and remote connection configuration in
northbound and southbound databases.
* TCP connections to northbound and southbound databases are no
longer enabled by default and must be explicitly configured.
See documentation for ovn-sbctl/ovn-nbctl "set-connection"
command or the ovn-ctl "--db-sb-create-insecure-remote" and
"--db-nb-create-insecure-remote" command-line options for
information regarding remote connection configuration.
* New appctl "inject-pkt" command in ovn-controller that allows
packets to be injected into the connected OVS instance.
* Distributed logical routers may now be connected directly to
logical switches with localnet ports, by specifying a
"redirect-chassis" on the distributed gateway port of the
logical router. NAT rules may be specified directly on the
distributed logical router, and are handled either centrally on
the "redirect-chassis", or in many cases are handled locally on
the hypervisor where the corresponding logical port resides.
Gratuitous ARP for NAT addresses on a distributed logical
router is not yet supported, but will be added in a future
version.
- Fixed regression in table stats maintenance introduced in OVS
2.3.0, wherein the number of OpenFlow table hits and misses was
not accurate.
- OpenFlow:
* OFPT_PACKET_OUT messages are now supported in bundles.
* A new "selection_method=dp_hash" type for OpenFlow select group
bucket selection that uses the datapath computed 5-tuple hash
without making datapath flows match the 5-tuple fields, which
is useful for more efficient load balancing, for example. This
uses the Netronome extension to OpenFlow 1.5+ that allows
control over the OpenFlow select groups selection method. See
"selection_method" and related options in ovs-ofctl(8) for
details.
* The "sample" action now supports "ingress" and "egress" options.
* The "ct" action now supports the TFTP ALG where support is available.
* New actions "clone" and "ct_clear".
* The "meter" action is now supported in the userspace datapath.
- ovs-ofctl:
* 'bundle' command now supports packet-out messages.
* New syntax for 'ovs-ofctl packet-out' command, which uses the
same string parser as the 'bundle' command. The old 'packet-out'
syntax is deprecated and will be removed in a later OVS
release.
* New unixctl "ofctl/packet-out" command, which can be used to
instruct a flow monitor to issue OpenFlow packet-out messages.
- ovsdb-server:
* Remote connections can now be made read-only (see ovsdb-server(1)).
- Tunnels:
* TLV mappings for protocols such as Geneve are now segregated on
a per-OpenFlow bridge basis rather than globally. (The interface
has not changed.)
* Removed support for IPsec tunnels.
- DPDK:
* New option 'n_rxq_desc' and 'n_txq_desc' fields for DPDK interfaces
which set the number of rx and tx descriptors to use for the given port.
* Support for DPDK v16.11.
* Support for rx checksum offload. Refer DPDK HOWTO for details.
* Port Hotplug is now supported.
* DPDK physical ports can now have arbitrary names. The PCI address of
the device must be set using the 'dpdk-devargs' option. Compatibility
with the old dpdk<portid> naming scheme is broken, and as such a
device will not be available for use until a valid dpdk-devargs is
specified.
* Virtual DPDK Poll Mode Driver (vdev PMD) support.
* Removed experimental tag.
- Fedora packaging:
* A package upgrade does not automatically restart OVS service.
- ovs-vswitchd/ovs-vsctl:
* Ports now have a "protected" flag. Protected ports can not forward
frames to other protected ports. Unprotected ports can receive and
forward frames to protected and other unprotected ports.
- ovs-vsctl, ovn-nbctl, ovn-sbctl, vtep-ctl:
* Database commands now accept integer ranges, e.g. "set port
eth0 trunks=1-10" to enable trunking VLANs 1 to 10.
v2.6.0 - 27 Sep 2016
---------------------
- First supported release of OVN. See ovn-architecture(7) for more
details.
- ovsdb-server:
* New "monitor_cond" "monitor_cond_update" and "update2" extensions to
RFC 7047.
- OpenFlow:
* OpenFlow 1.3+ bundles now expire after 10 seconds since the
last time the bundle was either opened, modified, or closed.
* OpenFlow 1.3 Extension 230, adding OpenFlow Bundles support, is
now implemented.
* OpenFlow 1.3+ bundles are now supported for group mods as well as
flow mods and port mods. Both 'atomic' and 'ordered' bundle
flags are supported for group mods as well as flow mods.
* Internal OpenFlow rule representation for load and set-field
actions is now much more memory efficient. For a complex flow
table this can reduce rule memory consumption by 40%.
* Bundles are now much more memory efficient than in OVS 2.5.
Together with memory efficiency improvements in OpenFlow rule
representation, the peak OVS resident memory use during a
bundle commit for large complex set of flow mods can be only
25% of that in OVS 2.5 (4x lower).
* OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY.
* OpenFlow 1.4+ OFPMP_QUEUE_DESC is now supported.
* OpenFlow 1.4+ OFPT_TABLE_STATUS is now supported.
* New property-based packet-in message format NXT_PACKET_IN2 with support
for arbitrary user-provided data and for serializing flow table
traversal into a continuation for later resumption.
* New extension message NXT_SET_ASYNC_CONFIG2 to allow OpenFlow 1.4-like
control over asynchronous messages in earlier versions of OpenFlow.
* New OpenFlow extension NXM_NX_MPLS_TTL to provide access to MPLS TTL.
* New output option, output(port=N,max_len=M), to allow truncating a
packet to size M bytes when outputting to port N.
* New command OFPGC_ADD_OR_MOD for OFPT_GROUP_MOD message that adds a
new group or modifies an existing groups
* The optional OpenFlow packet buffering feature is deprecated in
this release, and will be removed in the next OVS release
(2.7). After the change OVS always sends the 'buffer_id' as
0xffffffff in packet-in messages and will send an error
response if any other value of this field is included in
packet-out and flow mod sent by a controller. Controllers are
already expected to work properly in cases where the switch can
not buffer packets, so this change should not affect existing
users.
* New OpenFlow extension NXT_CT_FLUSH_ZONE to flush conntrack zones.
- Improved OpenFlow version compatibility for actions:
* New OpenFlow extension to support the "group" action in OpenFlow 1.0.
* OpenFlow 1.0 "enqueue" action now properly translated to OpenFlow 1.1+.
* OpenFlow 1.1 "mod_nw_ecn" and OpenFlow 1.1+ "mod_nw_ttl" actions now
properly translated to OpenFlow 1.0.
- ovs-ofctl:
* queue-get-config command now allows a queue ID to be specified.
* '--bundle' option can now be used with OpenFlow 1.3 and with group mods.
* New "bundle" command allows executing a mixture of flow and group mods
as a single atomic transaction.
* New option "--color" to produce colorized output for some commands.
* New option '--may-create' to use OFPGC_ADD_OR_MOD in mod-group command.
- IPFIX:
* New "sampling_port" option for "sample" action to allow sampling
ingress and egress tunnel metadata with IPFIX.
* New ovs-ofctl commands "dump-ipfix-bridge" and "dump-ipfix-flow" to
dump bridge IPFIX statistics and flow based IPFIX statistics.
* New setting other-config:virtual_obs_id to add an arbitrary string
to IPFIX records.
- Linux:
* OVS Linux datapath now implements Conntrack NAT action with all
supported Linux kernels.
* Support for truncate action.
* New QoS type "linux-noop" that prevents Open vSwitch from trying to
manage QoS for a given port (useful when other software manages QoS).
- DPDK:
* New option "n_rxq" for PMD interfaces.
Old 'other_config:n-dpdk-rxqs' is no longer supported.
Not supported by vHost interfaces. For them number of rx and tx queues
is applied from connected virtio device.
* New 'other_config:pmd-rxq-affinity' field for PMD interfaces, that
allows to pin port's rx queues to desired cores.
* New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq
assignment.
* Type of log messages from PMD threads changed from INFO to DBG.
* QoS functionality with sample egress-policer implementation.
* The mechanism for configuring DPDK has changed to use database
* Sensible defaults have been introduced for many of the required
configuration options
* DB entries have been added for many of the DPDK EAL command line
arguments. Additional arguments can be passed via the dpdk-extra
entry.
* Add ingress policing functionality.
* PMD threads servicing vHost User ports can now come from the NUMA
node that device memory is located on if CONFIG_RTE_LIBRTE_VHOST_NUMA
is enabled in DPDK.
* Basic connection tracking for the userspace datapath (no ALG,
fragmentation or NAT support yet)
* Support for DPDK 16.07
* Optional support for DPDK pdump enabled.
* Jumbo frame support
* Remove dpdkvhostcuse port type.
* OVS client mode for vHost and vHost reconnect (Requires QEMU 2.7)
* 'dpdkvhostuserclient' port type.
- Increase number of registers to 16.
- ovs-benchmark: This utility has been removed due to lack of use and
bitrot.
- ovs-appctl:
* New "vlog/close" command.
- ovs-ctl:
* Added the ability to selectively start the forwarding and database
functions (ovs-vswitchd and ovsdb-server, respectively).
- ovsdb-server:
* Remove max number of sessions limit, to enable connection scaling
testing.
- python:
* Added support for Python 3.4+ in addition to existing support
for 2.7+.
- SELinux:
* Introduced SELinux policy package.
- Datapath Linux kernel compatibility.
* Dropped support for kernel older than 3.10.
* Removed VLAN splinters feature.
* Datapath supports kernel upto 4.7.
- Tunnels:
* Flow based tunnel match and action can be used for IPv6 address using
tun_ipv6_src, tun_ipv6_dst fields.
* Added support for IPv6 tunnels, for details checkout FAQ.
* Deprecated support for IPsec tunnels ports.
- A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port and
watch with tcpdump
- Introduce --no-self-confinement flag that allows daemons to work with
sockets outside their run directory.
- ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because
SHA-1 is no longer secure and some operating systems have started to
disable it in OpenSSL.
- Add 'mtu_request' column to the Interface table. It can be used to
configure the MTU of the ports.
Known issues:
- Using openvswitch module in conjunction with upstream Linux tunnels:
* When using the openvswitch module distributed with OVS against kernel
versions 4.4 to 4.6, the openvswitch module cannot be loaded or used at
the same time as "ip_gre".
- Conntrack FTP ALGs: When using the openvswitch module distributed with
OVS, particular Linux distribution kernels versions may provide diminished
functionality. This typically affects active FTP data connections when
using "actions=ct(alg=ftp),..." in flow tables. Specifically:
* Centos 7.1 kernels (3.10.0-2xx) kernels are unable to correctly set
up expectations for FTP data connections in multiple zones,
eg "actions=ct(zone=1,alg=ftp),ct(zone=2,alg=ftp),...". Executing the
"ct" action for subsequent data connections may fail to determine that
the data connection is "related" to an existing connection.
* Centos 7.2 kernels (3.10.0-3xx) kernels may not establish FTP ALG state
correctly for NATed connections. As a result, flows that perform NAT,
eg "actions=ct(nat,ftp=alg,table=1),..." may fail to NAT the packet,
and will populate the "ct_state=inv" bit in the flow.
v2.5.0 - 26 Feb 2016
---------------------
- Dropped support for Python older than version 2.7. As a consequence,
using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which
have Python 2.4) requires first installing Python 2.7.
- OpenFlow:
* Group chaining (where one OpenFlow group triggers another) is
now supported.
* OpenFlow 1.4+ "importance" is now considered for flow eviction.
* OpenFlow 1.4+ OFPTC_EVICTION is now implemented.
* OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented.
* OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented.
* Allow modifying the ICMPv4/ICMPv6 type and code fields.
* OpenFlow 1.4+ OFPT_SET_ASYNC_CONFIG and OFPT_GET_ASYNC_CONFIG are
now implemented.
- ovs-ofctl:
* New "out_group" keyword for OpenFlow 1.1+ matching on output group.
- Tunnels:
* Geneve tunnels can now match and set options and the OAM bit.
* The nonstandard GRE64 tunnel extension has been dropped.
- Support Multicast Listener Discovery (MLDv1 and MLDv2).
- Add 'symmetric_l3l4' and 'symmetric_l3l4+udp' hash functions.
- sFlow agent now reports tunnel and MPLS structures.
- New 'check-system-userspace', 'check-kmod' and 'check-kernel' Makefile
targets to run a new system testsuite. These tests can be run inside
a Vagrant box. See INSTALL.md for details
- Mark --syslog-target argument as deprecated. It will be removed in
the next OVS release.
- Added --user option to all daemons
- Add support for connection tracking through the new "ct" action
and "ct_state"/"ct_zone"/"ct_mark"/"ct_label" match fields. Only
available on Linux kernels with the connection tracking module loaded.
- Add experimental version of OVN. OVN, the Open Virtual Network, is a
system to support virtual network abstraction. OVN complements the
existing capabilities of OVS to add native support for virtual network
abstractions, such as virtual L2 and L3 overlays and security groups.
- RHEL packaging:
* DPDK ports may now be created via network scripts (see README.RHEL).
- DPDK:
* Requires DPDK 2.2
* Added multiqueue support to vhost-user
* Note: QEMU 2.5+ required for multiqueue support
v2.4.0 - 20 Aug 2015
---------------------
- Flow table modifications are now atomic, meaning that each packet
now sees a coherent version of the OpenFlow pipeline. For
example, if a controller removes all flows with a single OpenFlow
"flow_mod", no packet sees an intermediate version of the OpenFlow
pipeline where only some of the flows have been deleted.
- Added support for SFQ, FQ_CoDel and CoDel qdiscs.
- Add bash command-line completion support for ovs-vsctl Please check
utilities/ovs-command-compgen.INSTALL.md for how to use.
- The MAC learning feature now includes per-port fairness to mitigate
MAC flooding attacks.
- New support for a "conjunctive match" OpenFlow extension, which
allows constructing OpenFlow matches of the form "field1 in
{a,b,c...} AND field2 in {d,e,f...}" and generalizations. For details,
see documentation for the "conjunction" action in ovs-ofctl(8).
- Add bash command-line completion support for ovs-appctl/ovs-dpctl/
ovs-ofctl/ovsdb-tool commands. Please check
utilities/ovs-command-compgen.INSTALL.md for how to use.
- The "learn" action supports a new flag "delete_learned" that causes
the learned flows to be deleted when the flow with the "learn" action
is deleted.
- Basic support for the Geneve tunneling protocol. It is not yet
possible to generate or match options. This is planned for a future
release. The protocol is documented at
http://tools.ietf.org/html/draft-gross-geneve-00
- The OVS database now reports controller rate limiting statistics.
- sflow now exports information about LACP-based bonds, port names, and
OpenFlow port numbers, as well as datapath performance counters.
- ovs-dpctl functionality is now available for datapaths integrated
into ovs-vswitchd, via ovs-appctl. Some existing ovs-appctl
commands are now redundant and will be removed in a future
release. See ovs-vswitchd(8) for details.
- OpenFlow:
* OpenFlow 1.4 bundles are now supported for flow mods and port
mods. For flow mods, both 'atomic' and 'ordered' bundle flags
are trivially supported, as all bundled messages are executed
in the order they were added and all flow table modifications
are now atomic to the datapath. Port mods may not appear in
atomic bundles, as port status modifications are not atomic.
* IPv6 flow label and neighbor discovery fields are now modifiable.
* OpenFlow 1.5 extended registers are now supported.
* The OpenFlow 1.5 actset_output field is now supported.
* OpenFlow 1.5 Copy-Field action is now supported.
* OpenFlow 1.5 masked Set-Field action is now supported.
* OpenFlow 1.3+ table features requests are now supported (read-only).
* Nicira extension "move" actions may now be included in action sets.
* "resubmit" actions may now be included in action sets. The resubmit
is executed last, and only if the action set has no "output" or "group"
action.
* OpenFlow 1.4+ flow "importance" is now maintained in the flow table.
* A new Netronome extension to OpenFlow 1.5+ allows control over the
fields hashed for OpenFlow select groups. See "selection_method" and
related options in ovs-ofctl(8) for details.
- ovs-ofctl has a new '--bundle' option that makes the flow mod commands
('add-flow', 'add-flows', 'mod-flows', 'del-flows', and 'replace-flows')
use an OpenFlow 1.4 bundle to operate the modifications as a single
atomic transaction. If any of the flow mods in a transaction fail, none
of them are executed. All flow mods in a bundle appear to datapath
lookups simultaneously.
- ovs-ofctl 'add-flow' and 'add-flows' commands now accept arbitrary flow
mods as an input by allowing the flow specification to start with an
explicit 'add', 'modify', 'modify_strict', 'delete', or 'delete_strict'
keyword. A missing keyword is treated as 'add', so this is fully
backwards compatible. With the new '--bundle' option all the flow mods
are executed as a single atomic transaction using an OpenFlow 1.4 bundle.
- ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because
MD5 is no longer secure and some operating systems have started to disable
it in OpenSSL.
- ovsdb-server: New OVSDB protocol extension allows inequality tests on
"optional scalar" columns. See ovsdb-server(1) for details.
- ovs-vsctl now permits immutable columns in a new row to be modified in
the same transaction that creates the row.
- test-controller has been renamed ovs-testcontroller at request of users
who find it useful for testing basic OpenFlow setups. It is still not
a necessary or desirable part of most Open vSwitch deployments.
- Support for travis-ci.org based continuous integration builds has been
added. Build failures are reported to build@openvswitch.org. See INSTALL.md
file for additional details.
- Support for the Rapid Spanning Tree Protocol (IEEE 802.1D-2004).
The implementation has been tested successfully against the Ixia Automated
Network Validation Library (ANVL).
- Stats are no longer updated on fake bond interface.
- Keep active bond interface selection across OVS restart.
- A simple wrapper script, 'ovs-docker', to integrate OVS with Docker
containers. If and when there is a native integration of Open vSwitch
with Docker, the wrapper script will be retired.
- Added support for DPDK Tunneling. VXLAN, GRE, and Geneve are supported
protocols. This is generic tunneling mechanism for userspace datapath.
- Support for multicast snooping (IGMPv1, IGMPv2 and IGMPv3)
- Support for Linux kernels up to 4.0.x
- The documentation now use the term 'destination' to mean one of syslog,
console or file for vlog logging instead of the previously used term
'facility'.
- Support for VXLAN Group Policy extension
- Initial support for the IETF Auto-Attach SPBM draft standard. This
contains rudimentary support for the LLDP protocol as needed for
Auto-Attach.
- The default OpenFlow and OVSDB ports are now the IANA-assigned
numbers. OpenFlow is 6653 and OVSDB is 6640.
- Support for DPDK vHost.
- Support for outer UDP checksums in Geneve and VXLAN.
- The kernel vports with dependencies are no longer part of the overall
openvswitch.ko but built and loaded automatically as individual kernel
modules (vport-*.ko).
- Support for STT tunneling.
- ovs-sim: New developer tool for simulating multiple OVS instances.
See ovs-sim(1) for more information.
- Support to configure method (--syslog-method argument) that determines
how daemons will talk with syslog.
- Support for "ovs-appctl vlog/list-pattern" command that lets to query
logging message format for each destination.
v2.3.0 - 14 Aug 2014
---------------------
- OpenFlow 1.1, 1.2, and 1.3 are now enabled by default in
ovs-vswitchd.
- Linux kernel datapath now has an exact match cache optimizing the
flow matching process.
- Datapath flows now have partially wildcarded tranport port field
matches. This reduces userspace upcalls, but increases the
number of different masks in the datapath. The kernel datapath
exact match cache removes the overhead of matching the incoming
packets with the larger number of masks, but when paired with an
older kernel module, some workloads may perform worse with the
new userspace.
- Compatibility with autoconf 2.63 (previously >=2.64)
v2.2.0 - Internal Release
---------------------
- Internal ports are no longer brought up by default, because it
should be an administrator task to bring up devices as they are
configured properly.
- ovs-vsctl now reports when ovs-vswitchd fails to create a new port or
bridge.
- Port creation and configuration errors are now stored in a new error
column of the Interface table and included in 'ovs-vsctl show'.
- The "ovsdbmonitor" graphical tool has been removed, because it was
poorly maintained and not widely used.
- New "check-ryu" Makefile target for running Ryu tests for OpenFlow
controllers against Open vSwitch. See INSTALL.md for details.
- Added IPFIX support for SCTP flows and templates for ICMPv4/v6 flows.
- Upon the receipt of a SIGHUP signal, ovs-vswitchd no longer reopens its
log file (it will terminate instead). Please use 'ovs-appctl vlog/reopen'
instead.
- Support for Linux kernels up to 3.14. From Kernel 3.12 onwards OVS uses
tunnel API for GRE and VXLAN.
- Added DPDK support.
- Added support for custom vlog patterns in Python
v2.1.0 - 19 Mar 2014
---------------------
- Address prefix tracking support for flow tables. New columns
"prefixes" in OVS-DB table "Flow_Table" controls which packet
header fields are used for address prefix tracking. Prefix
tracking allows the classifier to skip rules with longer than
necessary prefixes, resulting in better wildcarding for datapath
flows. Default configuration is to not use any fields for prefix
tracking. However, if any flow tables contain both exact matches
and masked matches for IP address fields, OVS performance may be
increased by using this feature.
* As of now, the fields for which prefix lookup can be enabled
are: 'tun_id', 'tun_src', 'tun_dst', 'nw_src', 'nw_dst' (or
aliases 'ip_src' and 'ip_dst'), 'ipv6_src', and 'ipv6_dst'.
(Using this feature for 'tun_id' would only make sense if the
tunnel IDs have prefix structure similar to IP addresses.)
* There is a maximum number of fields that can be enabled for any
one flow table. Currently this limit is 3.
* Examples:
$ ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- \
--id=@N1 create Flow_Table name=table0
$ ovs-vsctl set Bridge br0 flow_tables:1=@N1 -- \
--id=@N1 create Flow_Table name=table1
$ ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
$ ovs-vsctl set Flow_Table table1 prefixes=[]
- TCP flags matching: OVS now supports matching of TCP flags. This
has an adverse performance impact when using OVS userspace 1.10
or older (no megaflows support) together with the new OVS kernel
module. It is recommended that the kernel and userspace modules
both are upgraded at the same time.
- The default OpenFlow and OVSDB ports will change to
IANA-assigned numbers in a future release. Consider updating
your installations to specify port numbers instead of using the
defaults.
- OpenFlow:
* The OpenFlow 1.1+ "Write-Actions" instruction is now supported.
* OVS limits the OpenFlow port numbers it assigns to port 32767 and
below, leaving port numbers above that range free for assignment
by the controller.
* ovs-vswitchd now honors changes to the "ofport_request" column
in the Interface table by changing the port's OpenFlow port
number.
* The Open vSwitch software switch now supports OpenFlow groups.
- ovs-vswitchd.conf.db.5 man page will contain graphviz/dot
diagram only if graphviz package was installed at the build time.
- Support for Linux kernels up to 3.11
- ovs-dpctl:
The "show" command also displays mega flow mask stats.
- ovs-ofctl:
* New command "ofp-parse-pcap" to dump OpenFlow from PCAP files.
- ovs-controller has been renamed test-controller. It is no longer
packaged or installed by default, because too many users assumed
incorrectly that ovs-controller was a necessary or desirable part
of an Open vSwitch deployment.
- Added vlog option to export to a UDP syslog sink.
- ovsdb-client:
* The "monitor" command can now monitor all tables in a database,
instead of being limited to a single table.
- The flow-eviction-threshold has been replaced by the flow-limit which is a
hard limit on the number of flows in the datapath. It defaults to 200,000
flows. OVS automatically adjusts this number depending on network
conditions.
- Added IPv6 support for active and passive socket communications.
v2.0.0 - 15 Oct 2013
---------------------
- The ovs-vswitchd process is no longer single-threaded. Multiple
threads are now used to handle flow set up and asynchronous
logging.
- OpenFlow:
* Experimental support for OpenFlow 1.1 (in addition to 1.2 and
1.3, which had experimental support in 1.10).
* Experimental protocol support for OpenFlow 1.1+ groups. This
does not yet include an implementation in the Open vSwitch
software switch.
* Experimental protocol support for OpenFlow 1.2+ meters. This
does not yet include an implementation in the Open vSwitch
software switch.
* New support for matching outer source and destination IP address
of tunneled packets, for tunnel ports configured with the newly
added "remote_ip=flow" and "local_ip=flow" options.
* Support for matching on metadata 'pkt_mark' for interacting with
other system components. On Linux this corresponds to the skb
mark.
* Support matching, rewriting SCTP ports
- The Interface table in the database has a new "ifindex" column to
report the interface's OS-assigned ifindex.
- New "check-oftest" Makefile target for running OFTest against Open
vSwitch. See README-OFTest for details.
- The flow eviction threshold has been moved to the Open_vSwitch table.
- Database names are now mandatory when specifying ovsdb-server options
through database paths (e.g. Private key option with the database name
should look like "--private-key=db:Open_vSwitch,SSL,private_key").
- Added ovs-dev.py, a utility script helpful for Open vSwitch developers.
- Support for Linux kernels up to 3.10
- ovs-ofctl:
* New "ofp-parse" for printing OpenFlow messages read from a file.
* New commands for OpenFlow 1.1+ groups.
- Added configurable flow caching support to IPFIX exporter.
- Dropped support for Linux pre-2.6.32.
- Log file timestamps and ovsdb commit timestamps are now reported
with millisecond resolution. (Previous versions only reported
whole seconds.)
v1.11.0 - 28 Aug 2013
---------------------
- Support for megaflows, which allows wildcarding in the kernel (and
any dpif implementation that supports wildcards). Depending on
the flow table and switch configuration, flow set up rates are
close to the Linux bridge.
- The "tutorial" directory contains a new tutorial for some advanced
Open vSwitch features.
- Stable bond mode has been removed.
- The autopath action has been removed.
- New support for the data encapsulation format of the LISP tunnel
protocol (RFC 6830). An external control plane or manual flow
setup is required for EID-to-RLOC mapping.
- OpenFlow:
* The "dec_mpls_ttl" and "set_mpls_ttl" actions from OpenFlow
1.1 and later are now implemented.
* New "stack" extension for use in actions, to push and pop from
NXM fields.
* The "load" and "set_field" actions can now modify the "in_port". (This
allows one to enable output to a flow's input port by setting the
in_port to some unused value, such as OFPP_NONE.)
- ovs-dpctl:
* New debugging commands "add-flow", "mod-flow", "del-flow".
* "dump-flows" now has a -m option to increase output verbosity.
- In dpif-based bridges, cache action translations, which can improve
flow set up performance by 80% with a complicated flow table.
- New syslog format, prefixed with "ovs|", to be easier to filter.
- RHEL: Removes the default firewall rule that allowed GRE traffic to
pass through. Any users that relied on this automatic firewall hole
will have to manually configure it. The ovs-ctl(8) manpage documents
the "enable-protocol" command that can be used as an alternative.
- New CFM demand mode which uses data traffic to indicate interface
liveness.
v1.10.0 - 01 May 2013
---------------------
- Bridge compatibility support has been removed. Any uses that
rely on ovs-brcompatd will have to stick with Open vSwitch 1.9.x
or adapt to native Open vSwitch support (e.g. use ovs-vsctl instead
of brctl).
- The maximum size of the MAC learning table is now configurable.
- With the Linux datapath, packets for new flows are now queued
separately on a per-port basis, so it should no longer be
possible for a large number of new flows arriving on one port to
prevent new flows from being processed on other ports.
- ovs-vsctl:
* Previously ovs-vsctl would retry connecting to the database forever,
causing it to hang if ovsdb-server was not running. Now, ovs-vsctl
only tries once by default (use --retry to try forever). This change
means that you may want to remove uses of --timeout to avoid hangs
in ovs-vsctl calls.
* Many "ovs-vsctl" database commands now accept an --if-exists option.
Please refer to the ovs-vsctl manpage for details.
- OpenFlow:
- Experimental support for newer versions of OpenFlow. See
the "What versions of OpenFlow does Open vSwitch support?"
question in the FAQ for more details.
- The OpenFlow "dp_desc" may now be configured by setting the
value of other-config:dp-desc in the Bridge table.
- It is possible to request the OpenFlow port number with the
"ofport_request" column in the Interface table.
- The NXM flow_removed message now reports the OpenFlow table ID
from which the flow was removed.
- Tunneling:
- New support for the VXLAN tunnel protocol (see the IETF draft here:
http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03).
- Tunneling requires the version of the kernel module paired with
Open vSwitch 1.9.0 or later.
- Inheritance of the Don't Fragment bit in IP tunnels (df_inherit)
is no longer supported.
- Path MTU discovery is no longer supported.
- CAPWAP tunneling support removed.
- Tunnels with multicast destination ports are no longer supported.
- ovs-dpctl:
- The "dump-flows" and "del-flows" no longer require an argument
if only one datapath exists.
- ovs-appctl:
- New "vlog/disable-rate-limit" and "vlog/enable-rate-limit"
commands available allow control over logging rate limits.
- New "dpif/dump-dps", "dpif/show", and "dpif/dump-flows" command
that mimic the equivalent ovs-dpctl commands.
- The ofproto library is now responsible for assigning OpenFlow port
numbers. An ofproto implementation should assign them when
port_construct() is called.
- All dpif-based bridges of a particular type share a common
datapath called "ovs-<type>", e.g. "ovs-system". The ovs-dpctl
commands will now return information on that shared datapath. To
get the equivalent bridge-specific information, use the new
"ovs-appctl dpif/*" commands.
- Backward-incompatible changes:
- Earlier Open vSwitch versions treated ANY as a wildcard in flow
syntax. OpenFlow 1.1 adds a port named ANY, which introduces a
conflict. ANY was rarely used in flow syntax, so we chose to
retire that meaning of ANY in favor of the OpenFlow 1.1 meaning.
- Patch ports no longer require kernel support, so they now work
with FreeBSD and the kernel module built into Linux 3.3 and later.
- New "sample" action.
v1.9.0 - 26 Feb 2013
------------------------
- Datapath:
- Support for ipv6 set action.
- SKB mark matching and setting.
- support for Linux kernels up to 3.8
- FreeBSD is now a supported platform, thanks to code contributions from
Gaetano Catalli, Ed Maste, and Giuseppe Lettieri.
- ovs-bugtool: New --ovs option to report only OVS related information.
- New %t and %T log escapes to identify the subprogram within a
cooperating group of processes or threads that emitted a log message.
The default log patterns now include this information.
- OpenFlow:
- Allow bitwise masking for SHA and THA fields in ARP, SLL and TLL
fields in IPv6 neighbor discovery messages, and IPv6 flow label.
- Adds support for writing to the metadata field for a flow.
- Tunneling:
- The tunneling code no longer assumes input and output keys are
symmetric. If they are not, PMTUD needs to be disabled for
tunneling to work. Note this only applies to flow-based keys.
- New support for a nonstandard form of GRE that supports a 64-bit key.
- Tunnel Path MTU Discovery default value was set to 'disabled'.
This feature is deprecated and will be removed soon.
- Tunnel header caching removed.
- ovs-ofctl:
- Commands and actions that accept port numbers now also accept keywords
that represent those ports (such as LOCAL, NONE, and ALL). This is
also the recommended way to specify these ports, for compatibility
with OpenFlow 1.1 and later (which use the OpenFlow 1.0 numbers
for these ports for different purposes).
- ovs-dpctl:
- Support requesting the port number with the "port_no" option in
the "add-if" command.
- ovs-pki: The "online PKI" features have been removed, along with
the ovs-pki-cgi program that facilitated it, because of some
alarmist insecurity claims. We do not believe that these claims
are true, but because we do not know of any users for this
feature it seems better on balance to remove it. (The ovs-pki-cgi
program was not included in distribution packaging.)
- ovsdb-server now enforces the immutability of immutable columns. This
was not enforced in earlier versions due to an oversight.
- The following features are now deprecated. They will be removed no
earlier than February 2013. Please email dev@openvswitch.org with
concerns.
- Bridge compatibility.
- Stable bond mode.
- The autopath action.
- Interface type "null".
- Numeric values for reserved ports (see "ovs-ofctl" note above).
- Tunnel Path MTU Discovery.
- CAPWAP tunnel support.
- The data in the RARP packets can now be matched in the same way as the
data in ARP packets.
v1.8.0 - 26 Feb 2013
------------------------
*** Internal only release ***
- New FAQ. Please send updates and additions!
- Authors of controllers, please read the new section titled "Action
Reproduction" in DESIGN, which describes an Open vSwitch change in
behavior in corner cases that may affect some controllers.
- ovs-l3ping:
- A new test utility that can create L3 tunnel between two Open
vSwitches and detect connectivity issues.
- ovs-ofctl:
- New --sort and --rsort options for "dump-flows" command.
- "mod-port" command can now control all OpenFlow config flags.
- OpenFlow:
- Allow general bitwise masking for IPv4 and IPv6 addresses in
IPv4, IPv6, and ARP packets. (Previously, only CIDR masks
were allowed.)
- Allow support for arbitrary Ethernet masks. (Previously, only
the multicast bit in the destination address could be individually
masked.)
- New field OXM_OF_METADATA, to align with OpenFlow 1.1.
- The OFPST_QUEUE request now reports an error if a specified port or
queue does not exist, or for requests for a specific queue on all
ports, if the specified queue does not exist on any port. (Previous
versions generally reported an empty set of results.)
- New "flow monitor" feature to allow controllers to be notified of
flow table changes as they happen.
- Additional protocols are not mirrored and dropped when forward-bpdu is
false. For a full list, see the ovs-vswitchd.conf.db man page.
- Open vSwitch now sends RARP packets in situations where it previously
sent a custom protocol, making it consistent with behavior of QEMU and
VMware.
- All Open vSwitch programs and log files now show timestamps in UTC,
instead the local timezone, by default.
v1.7.0 - 30 Jul 2012
------------------------
- kernel modules are renamed. openvswitch_mod.ko is now
openvswitch.ko and brcompat_mod.ko is now brcompat.ko.
- Increased the number of NXM registers to 8.
- Added ability to configure DSCP setting for manager and controller
connections. By default, these connections have a DSCP value of
Internetwork Control (0xc0).
- Added the granular link health statistics, 'cfm_health', to an
interface.
- OpenFlow:
- Added support to mask nd_target for ICMPv6 neighbor discovery flows.
- Added support for OpenFlow 1.3 port description (OFPMP_PORT_DESC)
multipart messages.
- ovs-ofctl:
- Added the "dump-ports-desc" command to retrieve port
information using the new port description multipart messages.
- ovs-test:
- Added support for spawning ovs-test server from the client.
- Now ovs-test is able to automatically create test bridges and ports.
- "ovs-dpctl dump-flows" now prints observed TCP flags in TCP flows.
- Tripled flow setup performance.
- The "coverage/log" command previously available through ovs-appctl
has been replaced by "coverage/show". The new command replies with
coverage counter values, instead of logging them.
v1.6.1 - 25 Jun 2012
------------------------
- Allow OFPP_CONTROLLER as the in_port for packet-out messages.
v1.6.0 - 24 Feb 2012
------------------------
*** Internal only release ***
- bonding
- LACP bonds no longer fall back to balance-slb when negotiations fail.
Instead they drop traffic.
- The default bond_mode changed from SLB to active-backup, to protect
unsuspecting users from the significant risks of SLB bonds (which are
documented in vswitchd/INTERNALS).
- Load balancing can be disabled by setting the bond-rebalance-interval
to zero.
- OpenFlow:
- Added support for bitwise matching on TCP and UDP ports.
See ovs-ofctl(8) for more information.
- NXM flow dumps now include times elapsed toward idle and hard
timeouts.
- Added an OpenFlow extension NXT_SET_ASYNC_CONFIG that allows
controllers more precise control over which OpenFlow messages they
receive asynchronously.
- New "fin_timeout" action.
- Added "fin_timeout" support to "learn" action.
- New Nicira action NXAST_CONTROLLER that offers additional features
over output to OFPP_CONTROLLER.
- When QoS settings for an interface do not configure a default queue
(queue 0), Open vSwitch now uses a default configuration for that
queue, instead of dropping all packets as in previous versions.
- Logging:
- Logging to console and file will have UTC timestamp as a default for
all the daemons. An example of the default format is
2012-01-27T16:35:17Z. ovs-appctl can be used to change the default
format as before.
- The syntax of commands and options to set log levels was simplified,
to make it easier to remember.
- New support for limiting the number of flows in an OpenFlow flow
table, with configurable policy for evicting flows upon
overflow. See the Flow_Table table in ovs-vswitch.conf.db(5)
for more information.
- New "enable-async-messages" column in the Controller table. If set to
false, OpenFlow connections to the controller will initially have all
asynchronous messages disabled, overriding normal OpenFlow behavior.
- ofproto-provider interface:
- "struct rule" has a new member "used" that ofproto implementations
should maintain by updating with ofproto_rule_update_used().
- ovsdb-client:
- The new option --timestamp causes the "monitor" command to print
a timestamp with every update.
- CFM module CCM broadcasts can now be tagged with an 802.1p priority.
v1.5.0 - 01 Jun 2012
------------------------
- OpenFlow:
- Added support for querying, modifying, and deleting flows
based on flow cookie when using NXM.
- Added new NXM_PACKET_IN format.
- Added new NXAST_DEC_TTL action.
- ovs-ofctl:
- Added daemonization support to the monitor and snoop commands.
- ovs-vsctl:
- The "find" command supports new set relational operators
{=}, {!=}, {<}, {>}, {<=}, and {>=}.
- ovsdb-tool now uses the typical database and schema installation
directories as defaults.
- The default MAC learning timeout has been increased from 60 seconds
to 300 seconds. The MAC learning timeout is now configurable.
v1.4.0 - 30 Jan 2012
------------------------
- Compatible with Open vSwitch kernel module included in Linux 3.3.
- New "VLAN splinters" feature to work around buggy device drivers
in old Linux versions. (This feature is deprecated. When
broken device drivers are no longer in widespread use, we will
delete this feature.) See ovs-vswitchd.conf.db(5) for more
information.
- OpenFlow:
- Added ability to match on IPv6 flow label through NXM.
- Added ability to match on ECN bits in IPv4 and IPv6 through NXM.
- Added ability to match on TTL in IPv4 and IPv6 through NXM.
- Added ability to modify ECN bits in IPv4.
- Added ability to modify TTL in IPv4.
- ovs-vswitchd:
- Don't require the "normal" action to use mirrors. Traffic will
now be properly mirrored for any flows, regardless of their
actions.
- Track packet and byte statistics sent on mirrors.
- The sFlow implementation can now usually infer the correct agent
device instead of having to be told explicitly.
- ovs-appctl:
- New "fdb/flush" command to flush bridge's MAC learning table.
- ovs-test:
- A new distributed testing tool that allows one to diagnose performance
and connectivity issues. This tool currently is not included in RH or
Xen packages.
- RHEL packaging now supports integration with Red Hat network scripts.
- bonding:
- Post 1.4.*, OVS will be changing the default bond mode from balance-slb
to active-backup. SLB bonds carry significant risks with them
(documented vswitchd/INTERNALS) which we want to prevent unsuspecting
users from running into. Users are advised to update any scripts or
configuration which may be negatively impacted by explicitly setting
the bond mode which they want to use.
v1.3.0 - 09 Dec 2011
------------------------
- OpenFlow:
- Added an OpenFlow extension which allows the "output" action to accept
NXM fields.
- Added an OpenFlow extension for flexible learning.
- Bumped number of NXM registers from four to five.
- ovs-appctl:
- New "version" command to determine version of running daemon.
- If no argument is provided for "cfm/show", displays detailed
information about all interfaces with CFM enabled.
- If no argument is provided for "lacp/show", displays detailed
information about all ports with LACP enabled.
- ovs-dpctl:
- New "set-if" command to modify a datapath port's configuration.
- ovs-vswitchd:
- The software switch now supports 255 OpenFlow tables, instead
of just one. By default, only table 0 is consulted, but the
new NXAST_RESUBMIT_TABLE action can look up in additional
tables. Tables 128 and above are reserved for use by the
switch itself; please use only tables 0 through 127.
- Add support for 802.1D spanning tree (STP).
- Fragment handling extensions:
- New OFPC_FRAG_NX_MATCH fragment handling mode, in which L4
fields are made available for matching in fragments with
offset 0.
- New NXM_NX_IP_FRAG match field for matching IP fragments (usable
via "ip_frag" in ovs-ofctl).
- New ovs-ofctl "get-frags" and "set-frags" commands to get and set
fragment handling policy.
- CAPWAP tunneling now supports an extension to transport a 64-bit key.
By default it remains compatible with the old version and other
standards-based implementations.
- Flow setups are now processed in a round-robin manner across ports
to prevent any single client from monopolizing the CPU and conducting
a denial of service attack.
- Added support for native VLAN tagging. A new "vlan_mode"
parameter can be set for "port". Possible values: "access",
"trunk", "native-tagged" and "native-untagged".
- test-openflowd has been removed. Please use ovs-vswitchd instead.
v1.2.0 - 03 Aug 2011
------------------------
- New "ofproto" abstraction layer to ease porting to hardware
switching ASICs.
- Packaging for Red Hat Enterprise Linux 5.6 and 6.0.
- Datapath support for Linux kernels up to 3.0.
- OpenFlow:
- New "bundle" and "bundle_load" action extensions.
- Database:
- Implement table unique constraints.
- Support cooperative locking between callers.
- ovs-dpctl:
- New "-s" option for "show" command prints packet and byte
counters for each port.
- ovs-ofctl:
- New "--readd" option for "replace-flows".
- ovs-vsctl:
- New "show" command to print an overview of configuration.
- New "comment" command to add remark that explains intentions.
- ovs-brcompatd has been rewritten to fix long-standing bugs.
- ovs-openflowd has been renamed test-openflowd and moved into the
tests directory. Its presence confused too many users. Please
use ovs-vswitchd instead.
- New ovs-benchmark utility to test flow setup performance.
- A new log level "off" has been added. Configuring a log facility
"off" prevents any messages from being logged to it. Previously,
"emer" was effectively "off" because no messages were ever logged at
level "emer". Now, errors that cause a process to exit are logged
at "emer" level.
- "configure" option --with-l26 has been renamed --with-linux, and
--with-l26-source has been renamed --with-linux-source. The old
names will be removed after the next release, so please update
your scripts.
- The "-2.6" suffix has been dropped from the datapath/linux-2.6 and
datapath/linux-2.6/compat-2.6 directories.
- Feature removals:
- Dropped support for "tun_id_from_cookie" OpenFlow extension.
Please use the extensible match extensions instead.
- Removed the Maintenance_Point and Monitor tables in an effort
to simplify 802.1ag configuration.
- Performance and scalability improvements
- Bug fixes
v1.1.0 - 05 Apr 2011
------------------------
- Ability to define policies over IPv6
- LACP
- 802.1ag CCM
- Support for extensible match extensions to OpenFlow
- QoS:
- Support for HFSC qdisc.
- Queue used by in-band control can now be configured.
- Kernel:
- Kernel<->userspace interface has been reworked and should be
close to a stable ABI now.
- "Port group" concept has been dropped.
- GRE over IPSEC tunnels
- Bonding:
- New active backup bonding mode.
- New L4 hashing support when LACP is enabled.
- Source MAC hash now includes VLAN field also.
- miimon support.
- Greatly improved handling of large flow tables
- ovs-dpctl:
- "show" command now prints full vport configuration.
- "dump-groups" command removed since kernel support for
port groups was dropped.
- ovs-vsctl:
- New commands for working with the new Managers table.
- "list" command enhanced with new formatting options and --columns
option.
- "get" command now accepts new --id option.
- New "find" command.
- ovs-ofctl:
- New "queue-stats" command for printing queue stats.
- New commands "replace-flows" and "diff-flows".
- Commands to add and remove flows can now read from files.
- New --flow-format option to enable or disable NXM.
- New --more option to increase OpenFlow message verbosity.
- Removed "tun-cookie" command, which is no longer useful.
- ovs-controller enhancements for testing various features.
- New ovs-vlan-test command for testing for Linux kernel driver VLAN
bugs. New ovs-vlan-bug-workaround command for enabling and
disabling a workaround for these driver bugs.
- OpenFlow support:
- "Resubmit" actions now update flow statistics.
- New "register" extension for use in matching and actions, via NXM.
- New "multipath" experimental action extension.
- New support for matching multicast Ethernet frames, via NXM.
- New extension for OpenFlow vendor error codes.
- New extension to set the QoS output queue without actually
sending to an output port.
- Open vSwitch now reports a single flow table, instead of
separate hash and wildcard tables. This better models the
current implementation.
- New experimental "note" action.
- New "ofproto/trace" ovs-appctl command and associated utilities
to ease debugging complex flow tables.
- Database:
- Schema documentation now includes an entity-relationship diagram.
- The database is now garbage collected. In most tables,
unreferenced rows will be deleted automatically.
- Many tables now include statistics updated periodically by
ovs-vswitchd or ovsdb-server.
- Every table now has an "external-ids" column for use by OVS
integrators.
- There is no default controller anymore. Each bridge must have its
controller individually specified.
- The "fail-mode" is now a property of a Bridge instead of a Controller.
- New versioning and checksum features.
- New Managers table and manager_options column in Open_vSwitch table
for specifying managers. The old "managers" column in the
Open_vSwitch table has been removed.
- Many "name" columns are now immutable.
- Feature removals:
- Dropped support for XenServer pre-5.6.100.
- Dropped support for Linux pre-2.6.18.
- Dropped controller discovery support.
- Dropped "ovs-ofctl status" and the OpenFlow extension that it used.
Statistics reporting in the database is a rough equivalent.
- Dropped the "corekeeper" package (now separate, at
http://openvswitch.org/cgi-bin/gitweb.cgi?p=corekeeper).
- Performance and scalability improvements
- Bug fixes
v1.1.0pre2 - 13 Sep 2010
------------------------
- Bug fixes
v1.1.0pre1 - 31 Aug 2010
------------------------
- OpenFlow 1.0 slicing (QoS) functionality
- Python bindings for configuration database (no write support)
- Performance and scalability improvements
- Bug fixes
v1.0.1 - 31 May 2010
--------------------
- New "patch" interface type
- Bug fixes
v1.0.0 - 15 May 2010
--------------------
- Configuration database with remote management
- OpenFlow 1.0
- GRE tunneling
- Support for XenServer 5.5 and 5.6
- Performance and scalability improvements
- Bug fixes
v0.99.2 - 18 Feb 2010
---------------------
- Bug fixes
v0.99.1 - 25 Jan 2010
---------------------
- Add support for sFlow(R)
- Make headers compatible with C++
- Bug fixes
v0.99.0 - 14 Jan 2010
---------------------
- User-space forwarding engine
- Bug fixes
v0.90.7 - 29 Nov 2009
---------------------
- Add support for NetFlow active timeouts
- Bug fixes
v0.90.6 - 6 Oct 2009
--------------------
- Bug fixes
v0.90.5 - 21 Sep 2009
---------------------
- Generalize in-band control to more diverse network setups
- Bug fixes
Reference in New Issue View Git Blame Copy Permalink