Current Series Release Notes

26.0.0.0b2-58

New Features

  • Added a new API extension uplink_status_propagation_updatable. Now the port attribute propagate_uplink_status` can be updated once the port is created. The backend (ML2/SR-IOV) will receive the update and update the VF state.

  • Since eventlet 0.39.0, a new environment variable EVENTLET_MONKEYPATCH=1 can be defined to get patching as early as possible in Python startup.

  • HA routers can now run “conntrackd” in addition to “keepalived” to synchronize connection tracking states accross router instances. This ensures that established connections survive a HA router failover. L3 agent hosts must have the “conntrackd” binary installed.

    Conntrackd support is not enabled by default and can be enabled by setting the ha_conntrackd_enabled option to true.

  • Since OVN 23.06.0 the QoS enforcement for maximum bandwidth and minimum bandwidth rules on Logical_Switch_Ports connected to Logical_Switch with localnet ports (that means ports connected to provider type networks) is done in this localnet port connected to the physical bridge, via TC commands. To meet that goal it is needed to define the maximum bandwidth and minimum bandwidth rules in the Logical_Switch_Port options dictionary field, using the keys qos_min_rate, qos_max_rate and qos_burst.

  • Now if the configuration option [ovn]ovn_emit_need_to_frag is set, OVN will always set the “gateway_mtu” option in the gateway Logical_Router_Port. The value defined will be the lowest MTU of all networks connected to this router.

Upgrade Notes

  • Neutron can read the environment variable EVENTLET_MONKEYPATCH=1 in order to not monkey patch the system libraries. If this environment variable is set and the eventlet version is lower, the process won’t be patched.

Bug Fixes

  • For OVN DPDK ports, live migration activation strategy that expects a RARP frame sent by QEMU is no longer used. This is because for DPDK ports, QEMU does not send a RARP frame, which affects the time to recover network connectivity for DPDK ports after live migration is complete. Note that because of the change, some low number of duplicate packets from these ports may be observed during live migration.

  • Subnet policies have been updated to allow other users to operate on them. Network owners and readers can now retrieve the subnet and project members can now update and delete the subnet. For more information, see bug 2038646.

  • An issue when arp entry in DVR router for allowed address pairs (AAP) is configured for parent port MAC address even when AAP has different MAC address. Ensure we use MAC address from AAP if it is set and fallback to parent port mac address.

Other Notes

  • The network_segment_ranges registers are now initialized based on the Neutron API start time. The type driver class cleans up the database for those registers not matching the network type and the “created_at” timestamp and uses the process-safe method NetworkSegmentRange.new_default to create the new registers.

  • The Neutron API using the WSGI module requires a new configuration parameter: [uwsgi]start-time=%t. The uWSGI process will populate this value when executed, defining the start time of the Neutron API. This value will be used by Neutron ML2/OVN to create the OVN hash ring registers per worker.

26.0.0.0b1

New Features

  • Add support for the address-group in the OVN mechanism driver.

  • Since Epoxy (2025.1) release, the Neutron quota engine always checks the current resource usage before updating the quota limits. Only when the CLI “–force” parameter is passed, this check is skipped. That aligns the Neutron quota engine behaviour with other projects.

Upgrade Notes

  • PostgreSQL is no longer supported. You are advised to migrate to a supported database backend (one of MySQL derivatives).

  • The ovn_emit_need_to_frag option for OVN is now enabled by default. This may result in performance issues on older kernels (older than 5.2). If you are still using an old kernel, you may consider setting it to False.

  • The allow_stateless_action_supported configuration option for OVN is removed. The stateful-security-group API is now unconditionally enabled. Please upgrade OVN to 21.06.0 or a later version.

  • The migration tool for TripleO deployments has been removed, because TripleO project has been retired.

Deprecation Notes

  • The ovn_emit_need_to_frag option is now deprecated for removal. The config option will removed in the 2026.1 release.

  • The Neutron quota commands now always check the resource limits. The CLI parameter “–check-limits” is no longer needed, as this is the default behaviour.

Bug Fixes

  • Add special treatment for the keyword any in the security group rule API protocol field to match what is documented in the api-ref itself. It is already supported in the client, where any is simply changed to None, so do the same in the API itself. For more information, see bug 2074056.

  • Liberal TCP connection tracking is now enabled in SNAT namespaces, (sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1).

    In some cases, when a TCP connection that is NAT-ed ends up re-transmitting, a packet could be outside what the Linux kernel connection tracking considers part of the valid TCP window. When this happens, a TCP Reset (RST) is triggered, terminating the connection on the sender side, while leaving the receiver side (the Neutron port attached VM) hanging.

    Since a number of firewall vendors typically turn this on by default to avoid unnecessary resets, we now do it in the Neutron router as well.

    See bug 1804327 for more information.

  • Fixes an issue when associating floating IPs to OVN load balancers. See LP#2068644 for more details.