Ovs

--------------------
- OVSDB:
* Changed format in which ovsdb schema conversion operations are stored in
clustered database files. Such operations are now allowed to contain
the bare schema (without data). This allows to significantly improve
the schema conversion performance.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one, if
conversion operation is present. For the cluster service model follow
upgrade instructions in 'Upgrading from version 3.1 and earlier to 3.2
and later' section of ovsdb(7).
* When ovsdb-server is running in relay mode, the probe interval is
now configurable via 'ovsdb-server/set-relay-source-probe-interval'
unixctl command.
- IPFIX template and statistics intervals can now be configured through two
new options in the IPFIX table: 'template_interval' and 'stats_interval'.
- Linux kernel datapath:
* OVS now collects per-interface upcall statistics that can be obtained
via 'ovs-appctl dpctl/show -s' or the interface's statistics column
in OVSDB. Available with upstream kernel 6.2+.
- OVS route table in userspace now takes into account preferred source
address from cached kernel routes.
- ovs-appctl:
* Add support for selecting the source address with the
'ovs-appctl ovs/route/add' command.
* New commands "dpctl/{ct-get-sweep-interval,ct-set-sweep-interval}" that
allow to get and set, for the userspace datapath, the sweep interval
for the conntrack garbage collector.
* New commands "dpctl/dump-conntrack-exp" that allows to dump
conntrack's expectations for the userspace datapath.
- ovs-ctl:
* Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask
value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002
in order to create OVSDB sockets with access mode of 0770.
- QoS:
* Added new configuration option 'jitter' for a linux-netem QoS type.
* 'linux-htb' QoS type now supports rates higher than 34 Gbps.
- Ingress Policing:
* Ingress policing byte rates can now be configured higher than 34 Gbps.
- DPDK:
* ovs-vswitchd will keep the CAP_SYS_RAWIO capability when started
with the --hw-rawio-access command line option. This allows the
process extra privileges when mapping physical interconnect memory.
* New experimental "rx-steering=rss+<protocol>" option to redirect
certain protocols (for now, only LACP) to a dedicated hardware queue
using the rte_flow API.
- SRv6 Tunnel Protocol
* Added support for userspace datapath (only).
- Userspace datapath:
* Connection tracking now supports extraction of SCTP L4 information.
* Implementation of OpenFlow meters is now lockless allowing for better
multi-thread scalability.
* IP and L4 checksum offload support is now enabled by default for
interfaces that support it. See the 'status' column in the 'interface'
table to check the status.
* 'pmd-maxsleep' other_config was renamed to 'pmd-sleep-max'.
'pmd-maxsleep' is deprecated and will be removed in a future release.
* 'ovs-appctl dpif-netdev/pmd-sleep-show' command was added to get the
max sleep configuration of PMD thread cores.
* Removed experimental tag from PMD load based sleeping.
- Linux TC offload:
* Add support for offloading VXLAN tunnels with the GBP extensions.
- Python
* Added async DNS support.
* Dropped support for Python < 3.6.

--------------------
- ovs-vswitchd now detects changes in CPU affinity and adjusts the number
of handler and revalidator threads if necessary.
- AF_XDP:
* Added support for building with libxdp and libbpf >= 0.7.
* Support for AF_XDP is now enabled by default if all dependencies are
available at the build time. Use --disable-afxdp to disable.
Use --enable-afxdp to fail the build if dependencies are not present.
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
- OVSDB-IDL:
* Add the support to specify the persistent uuid for row insert in both
C and Python IDLs.
- Windows:
* Conntrack IPv6 fragment support.
- DPDK:
* Add support for DPDK 22.11.1.
- For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
10 Gbps link speed by default in case the actual link speed cannot be
determined. Previously it was 10 Mbps. Values can still be overridden
by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
- OpenFlow:
* New OpenFlow extension NXT_CT_FLUSH to flush connections matching
the specified fields.
- ovs-ctl:
* New option '--dump-hugepages' to include hugepages in core dumps. This
can assist with postmortem analysis involving DPDK, but may also produce
significantly larger core dump files.
- ovs-dpctl and 'ovs-appctl dpctl/' commands:
* 'flush-conntrack' is now capable of handling partial 5-tuple,
with additional optional parameter to specify the reply direction.
- ovs-ofctl:
* New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
5-tuple) for both directions.
- Support for travis-ci.org based continuous integration builds has been
dropped.
- Userspace datapath:
* Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
the pmd usage of an Rx queue over a configurable time period.
* Add new experimental PMD load based sleeping feature. PMD threads can
request to sleep up to a user configured 'pmd-maxsleep' value under
low load conditions.

--------------------
- libopenvswitch API change:
* To fix the Undefined Behavior issue causing the compiler to incorrectly
optimize important parts of code, container iteration macros (e.g.,
LIST_FOR_EACH) have been re-implemented in a UB-safe way.
* Backwards compatibility has mostly been preserved, however the
user-provided pointer is now set to NULL after the loop (unless it
exited via "break;")
* Users of libopenvswitch will need to double-check the use of such loop
macros before compiling with a new version.
* Since the change is limited to the definitions within the headers, the
ABI is not affected.
- OVSDB:
* 'relay' service model now supports transaction history, i.e. honors the
'last-txn-id' field in 'monitor_cond_since' requests from clients.
* New unixctl command 'ovsdb-server/tlog-set DB:TABLE on|off".
If turned on, ovsdb-server will log (at level INFO and rate limited)
all operations that are committed to table TABLE in the DB database.
* New Local_Config schema added to support Connections (--remote)
configuration in a clustered databse independently for each server.
E.g. for listening on unique addresses. See the ovsdb.local-config.5
manpage for schema details.
* Returning unused memory to the OS after the database compaction is now
enabled by default. Use 'ovsdb-server/memory-trim-on-compaction off'
unixctl command to disable.
* Most of the work for the automatic database compaction in clustered
mode has been moved to a separate thread to avoid blocking the process.
- OVSDB-IDL:
* New monitor mode flag, OVSDB_IDL_WRITE_CHANGED_ONLY, allowing
applications to relax atomicity requirements when dealing with
columns whose value has been rewritten (but not changed).
- OpenFlow:
* Extended Flow Monitoring support for all supported OpenFlow versions:
OpenFlow versions 1.0-1.2 with Nicira Extensions
OpenFlow versions 1.3 with Open Network Foundation extension
OpenFlow versions 1.4+, as defined in the OpenFlow specification
- Python:
* Added a new flow parsing library ovs.flow capable of parsing
both OpenFlow and datapath flows.
- IPsec:
* Added support for custom per-tunnel options via 'options:ipsec_*' knobs.
See Documentation/tutorials/ipsec.rst for details.
- Windows:
* Conntrack support for TCPv6, UDPv6, ICMPv6, FTPv6.
* IPv6 Geneve tunnel support.
- DPDK:
* OVS validated with DPDK 21.11.1. It is recommended to use this version
until further releases.
* Delay creating or reusing a mempool for vhost ports until the VM
is started. A failure to create a mempool will now be logged only
when the VM is started.
* New configuration knob 'other_config:shared-mempool-config' to set MTU
that shared mempool mbuf size is based on. This allows interfaces with
different MTU sizes to share mempools.
- Userspace datapath:
* Improved multi-thread scalability of the userspace connection tracking.
* 'dpif-netdev/subtable-lookup-prio-get' appctl command renamed to
'dpif-netdev/subtable-lookup-info-get' to better reflect its purpose.
The old variant is kept for backward compatibility.
* Add actions auto-validator function to compare different actions
implementations against default implementation.
* Add command line option to switch between different actions
implementations available at run time.
* Add build time configure command to enable auto-validator as default
actions implementation at build time.
* Add AVX512 implementation of actions.
- Debian packaging updated to be on par with package source in Debian/Ubuntu.
* Provided an openvswitch-switch-dpdk package that integrates with the
dpdk package in the distributions so that end users can opt into a
DPDK-enabled Open vSwitch binary.
* Provided systemd service files.
* Provided openvswitch-source package for reproducible integrated build of
for example OVN.
* Shared library and subsequently libopenvswitch and libopenvswitch-dev
binary packages are no longer built.
- Linux TC offload:
* Add support for offloading meters via tc police.
* Add support for offloading the check_pkt_len action.
- New configuration knob 'other_config:all-members-active' for
balance-slb bonds.
- Previously deprecated Linux kernel module is now fully removed from
the OVS source tree. The version provided with the Linux kernel
should be used instead.
- XenServer: Support for integration with XenServer has been removed due to
lack of maintenance and bitrot.

---------------------
- Userspace datapath:
* Optimized flow lookups for datapath flows with simple match criteria.
See 'Simple Match Lookup' in Documentation/topics/dpdk/bridge.rst.
* New per-interface configuration knob 'other_config:tx-steering'. If set
to 'hash', enables hash-based Tx packet steering mode to utilize all the
Tx queues of the interface regardles of the number of PMD threads.
* Removed experimental tag for PMD Auto Load Balance.
* New configuration knob 'other_config:n-offload-threads' to change the
number of HW offloading threads.
- DPDK:
* EAL argument --socket-mem is no longer configured by default upon
start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified,
DPDK defaults will be used.
* EAL argument --socket-limit no longer takes on the value of --socket-mem
by default. 'other_config:dpdk-socket-limit' can be set equal to
the 'other_config:dpdk-socket-mem' to preserve the legacy memory
limiting behavior.
* EAL argument --in-memory is applied by default if supported.
* Add hardware offload support for matching IPv4/IPv6 frag types
(experimental).
* Add hardware offload support for GRE flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add support for DPDK 21.11.
* Forbid use of DPDK multiprocess feature.
* Add support for running threads on cores >= RTE_MAX_LCORE.
- Python:
* For SSL support, the use of the pyOpenSSL library has been replaced
with the native 'ssl' module.
- OVSDB:
* Python library for OVSDB clients now also supports faster
resynchronization with a clustered database after a brief disconnection,
i.e. 'monitor_cond_since' monitoring method.
* Major improvement in the performance of the OVSDB server. See the
"OVSDB: Performance and Scale Journey '21" talk of OVS+OVN Conf'21.
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands 'cache-get-size' and 'cache-set-size' that allows to
get or configure linux kernel datapath cache sizes.
- ovs-ofctl dump-flows no longer prints "igmp". Instead the flag
"ip,nw_proto=2" is used.
- ovs-appctl:
* New command tnl/neigh/aging to read/write the neigh aging time.
- OpenFlow:
* Default selection method for select groups with up to 256 buckets is
now dp_hash. Previously this was limited to 64 buckets. This change
is mainly for the benefit of OVN load balancing configurations.
* Encap & Decap action support for MPLS packet type.
- Ingress policing on Linux now uses 'matchall' classifier instead of
'basic', if available.
- Add User Statically-Defined Tracing (USDT) probe framework support.

---------------------
- Removed support for 1024-bit Diffie-Hellman key exchange, which is now
considered unsafe.
- Ingress Policing:
* Rate limiting configuration now supports setting packet-per-second
limits in addition to the previously configurable byte rate settings.
This is not supported in the userspace datapath yet.
- OVSDB:
* Introduced new database service model - "relay". Targeted to scale out
read-mostly access (ovn-controller) to existing databases.
For more information: ovsdb(7) and Documentation/topics/ovsdb-relay.rst
* New command line options --record/--replay for ovsdb-server and
ovsdb-client to record and replay all the incoming transactions,
monitors, etc. More datails in Documentation/topics/record-replay.rst.
* The Python Idl class now has a cooperative_yield() method that can be
overridden by an application that uses eventlet / gevent / asyncio with
the desired yield method (e.g. {eventlet,gevent,asyncio}.sleep(0)) to
prevent the application from being blocked for a long time while
processing database updates.
- In ovs-vsctl and vtep-ctl, the "find" command now accept new
operators {in} and {not-in}.
- Userspace datapath:
* Auto load balancing of PMDs now partially supports cross-NUMA polling
cases, e.g if all PMD threads are running on the same NUMA node.
* Userspace datapath now supports up to 2^18 meters.
* Added support for systems with non-contiguous NUMA nodes and core ids.
* Added all-zero IP SNAT handling to conntrack. In case of collision,
using ct(src=0.0.0.0), the source port will be replaced with another
non-colliding port in the ephemeral range (1024, 65535).
* Refactor lib/dpif-netdev.c to multiple header files.
* Add avx512 implementation of dpif which can process non recirculated
packets. It supports partial HWOL, EMC, SMC and DPCLS lookups.
* Add commands to get and set the dpif implementations.
* Add a partial HWOL PMD statistic counting hits similar to existing
EMC/SMC/DPCLS stats.
* Enable AVX512 optimized DPCLS to search subtables with larger miniflows.
* Add more specialized DPCLS subtables to cover common rules, enhancing
the lookup performance.
* Enable the AVX512 DPCLS implementation to use VPOPCNT instruction if the
CPU supports it. This enhances performance by using the native vpopcount
instructions, instead of the emulated version of vpopcount.
* Add command line option to switch between MFEX function pointers.
* Add miniflow extract auto-validator function to compare different
miniflow extract implementations against default implementation.
* Add study function to miniflow function table which studies packet
and automatically chooses the best miniflow implementation for that
traffic.
* Add build time configure command to enable auto-validatior as default
miniflow implementation at build time.
* Cache results for CPU ISA checks, reduces overhead on repeated lookups.
* Add AVX512 based optimized miniflow extract function for traffic type
IPv4/UDP, IPv4/TCP, Vlan/IPv4/UDP and Vlan/Ipv4/TCP.
* Added new 'group' option to pmd-rxq-assign. This will assign rxq to pmds
purely based on rxq and pmd load.
* Add new 'pmd-rxq-isolate' option that can be set to 'false' in order
that pmd cores which are pinned with rxqs using 'pmd-rxq-affinity'
are available for assigning other non-pinned rxqs.
- ovs-ctl:
* New option '--no-record-hostname' to disable hostname configuration
in ovsdb on startup.
* New command 'record-hostname-if-not-set' to update hostname in ovsdb.
- DPDK:
* OVS validated with DPDK 20.11.1. It is recommended to use this version
until further releases.
* New debug appctl command 'dpdk/get-malloc-stats'.
* Add hardware offload support for tunnel pop action (experimental).
Available only if DPDK experimental APIs enabled during the build.
* Add hardware offload support for VXLAN flows (experimental).
Available only if DPDK experimental APIs enabled during the build.
* EAL options --socket-mem and --socket-limit to have default values
removed with 2.17 release. Logging added to alert users.
- ovsdb-tool:
* New option '--election-timer' to the 'create-cluster' command to set the
leader election timer during cluster creation.
- OVS now reports the datapath capability 'ct_zero_snat', which reflects
whether the SNAT with all-zero IP address is supported.
See ovs-vswitchd.conf.db(5) for details.
- ovs-appctl:
* Added ability to add and delete static mac entries using:
'ovs-appctl fdb/add <bridge> <port> <vlan> <mac>'
'ovs-appctl fdb/del <bridge> <vlan> <mac>'
- Linux datapath:
* ovs-vswitchd will configure the kernel module using per-cpu dispatch
mode (if available). This changes the way upcalls are delivered to user
space in order to resolve a number of issues with per-vport dispatch.
* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
the current dispatch mode for each datapath.

---------------------
- OVSDB:
* Changed format in which ovsdb transactions are stored in database files.
Now each transaction contains diff of data instead of the whole new
value of a column.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one.
For cluster and active-backup service models follow upgrade instructions
in 'Upgrading from version 2.14 and earlier to 2.15 and later' section
of ovsdb(7).
* New unixctl command 'ovsdb-server/get-db-storage-status' to show the
status of the storage that's backing a database.
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
If turned on, ovsdb-server will try to reclaim all the unused memory
after every DB compaction back to OS. Disabled by default.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
Once threshold reached, connection is dropped (and re-established).
Use the 'cluster/set-backlog-threshold' command to change limits.
- DPDK:
* Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
- Userspace datapath:
* Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which
restricts a flow dump to a single PMD thread if set.
* New 'options:dpdk-vf-mac' field for DPDK interface of VF ports,
that allows configuring the MAC address of a VF representor.
* Add generic IP protocol support to conntrack. With this change, all
none UDP, TCP, and ICMP traffic will be treated as general L3
traffic, i.e. using 3 tupples.
* Add parameters 'pmd-auto-lb-load-threshold' and
'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance
behaviour.
- The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
- Linux datapath:
* Support for kernel versions up to 5.8.x.
- Terminology:
* The terms "master" and "slave" have been replaced by "primary" and
"secondary", respectively, for OpenFlow connection roles.
* The term "slave" has been replaced by "member", for bonds, LACP, and
OpenFlow bundle actions.
- Support for GitHub Actions based continuous integration builds has been
added.
- Bareudp Tunnel
* Bareudp device support is present in linux kernel from version 5.7
* Kernel bareudp device is not backported to ovs tree.
* Userspace datapath support is not added
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands '{add,mod,del}-flows' where added, which allow adding,
deleting, or modifying flows based on information read from a file.
- IPsec:
* Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
tearing down IPsec tunnels.
* Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
without restarting ipsec daemon.
- Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18