You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bump OVN to 25.03.0-73.el9fdp for OCP and 25.03.1-36.el9s for OKD
A list of relevant bug fixes and new core OVN features picked up by the bump:
Bug fixes:
==========
- logical-fields: Fix IPv6 dp flow explosion caused by ip6.mcast_rsvd. (#FDP-1557)
https://issues.redhat.com/browse/FDP-1557
- controller: Slightly optimize the runtime_data handler for sb_ro.
- Revert "northd: Don't skip the unSNAT stage for traffic towards VIPs."
- fixes HWOL for node port traffic with NVidia NICs
- controller: Install QoS rules even on 'system' ports. (#FDP-1472)
https://issues.redhat.com/browse/FDP-1472
- controller: Make sure we run engine_cleanup after thread destroy.
- northd: Sample_Collector.set_ids can actually be 32-bit values.
New Features:
=============
- Added support to choose selection methods - dp_hash or
hash (with specified hash fields) for ECMP routes
while choosing nexthop.
- Added support for Spine-Leaf topology of logical switches by adding
a new LSP type 'switch' that can directly connect two logical switches.
Supported for both distributed and transit switches.
- SSL/TLS:
* TLSv1 and TLSv1.1 protocols are deprecated and disabled by default
on OpenFlow and database connections. Use --ssl-protocols to turn
them back on. Support will be fully removed in the next release.
* OpenSSL 1.1.1 or newer is now required for SSL/TLS support.
* The protocol list in --ssl-protocols or corresponding database column
now supports specifying simple protocol ranges like:
- "TLSv1-TLSv1.2" to enable all protocols between TLSv1 and TLSv1.2.
- "TLSv1.2+" to enable protocol TLSv1.2 and later.
The value must be a list of protocols or exactly one protocol range.
* Added explicit support for TLSv1.3. It can now be enabled via
--ssl-protocols (TLSv1.3 was supported in earlier versions only when
this option was not set). TLS ciphersuites for TLSv1.3 and later can
be configured via --ssl-ciphersuites (--ssl-ciphers only applies to
TLSv1.2 and earlier).
- Add "arp-nd-max-timeout-sec" config option to vswitchd external-ids to
configure the interval (in seconds) between ovn-controller originated
ARP/ND packets used for tracking ECMP next hop MAC addresses.
- Auto flush ECMP symmetric reply connection states when an ECMP route is
removed by the CMS. This behavior is controlled by the
"ecmp_nexthop_monitor_enable" config option in the NB_Global table.
Disabled by default.
- Improved handling of IPv6 traffic by enabling address prefix tracking
in OVS for both IPv4 and IPv6 addresses, whenever possible, reducing
the amount of IPv6 datapath flows.
- Add concept of Transit Routers, users are now allowed to specify
options:requested-chassis for router ports; if the chassis is remote
then the router port will behave as a remote port.
- Added a new ACL option "persist-established" that allows for
established connections to bypass ACL matching. This way, if an ACL
match changes, traffic on the established connection can still pass.
- Logical router policies can now be arranged in chains. Using the new
"jump" action, combined with new "chain" and "jump_chain" columns,
allows for policies to be chained together.
- Dynamic Routing support (FRR BGP integration for unicast routing)
- Add "options:ct-commit-all" to LR, that enables commit of all traffic
to DNAT and SNAT zone when LR is stateful.
Co-authored-by: Dumitru Ceara <[email protected]>
Signed-off-by: Patryk Diak <[email protected]>
0 commit comments