settingsLogin | Registersettings

[openstack-announce] [release][neutron] neutron 8.0.0 release (mitaka)

0 votes

We are overjoyed to announce the release of:

neutron 8.0.0: OpenStack Networking

This release is part of the mitaka release series.

For more details, please see below.

8.0.0
^^^^^

The ML2 plug-in supports calculating the MTU for instances using
overlay networks by subtracting the overlay protocol overhead from the
value of 'pathmtu', ideally the physical (underlying) network MTU,
and providing the smaller value to instances via DHCP. Prior to
Mitaka, 'path
mtu' defaults to 0 which disables this feature. In
Mitaka, 'path_mtu' defaults to 1500, a typical MTU for physical
networks, to improve the "out of box" experience for typical
deployments.

The ML2 plug-in supports calculating the MTU for networks that are
realized as flat or VLAN networks, by consulting the 'segmentmtu'
option. Prior to Mitaka, 'segment
mtu' defaults to 0 which disables
this feature. This creates slightly confusing API results when
querying Neutron networks, since the plugins that support the MTU API
extension would return networks with the MTU equal to zero. Networks
with an MTU of zero make little sense, since nothing could ever be
transmitted. In Mitaka, 'segment_mtu' now defaults to 1500 which is
the standard MTU for Ethernet networks in order to improve the "out of
box" experience for typical deployments.

The LinuxBridge agent now supports QoS bandwidth limiting.

External networks can now be controlled using the RBAC framework that
was added in Liberty. This allows networks to be made available to
specific tenants (as opposed to all tenants) to be used as an external
gateway for routers and floating IPs.

DHCP and L3 Agent scheduling is availability zone aware.

The "get-me-a-network" feature simplifies the process for launching an
instance with basic network connectivity (via an externally connected
private tenant network).

Support integration with external DNS service.

Add popular IP protocols to the security group code. End-users can
specify protocol names instead of protocol numbers in both RESTful API
and python-neutronclient CLI.

ML2: ports can now recover from binding failed state.

RBAC support for QoS policies

Add description field to security group rules, networks, ports,
routers, floating IPs, and subnet pools.

Add tag mechanism for network resources

Timestamp fields are now added to neutron core resources.

Announcement of tenant prefixes and host routes for floating IP's via
BGP is supported

Allowed address pairs can now be cleared by passing None in addition
to an empty list. This is to make it possible to use the
--action=clear option with the neutron client. neutron port-update
--allowed-address-pairs action=clear

Core configuration files are automatically generated.

maxfixedipsperport has been deprecated and will be removed in the
Newton or Ocata cycle depending on when all identified usecases of the
options are satisfied via another quota system.

OFAgent is decomposed and deprecated in the Mitaka cycle.

Add new VNIC type for SR-IOV physical functions.

High Availability (HA) of SNAT service is supported for Distributed
Virtual Routers (DVRs).

An OVS agent configured to run in DVR mode will fail to start if it
cannot get proper DVR configuration values from the server on start-
up. The agent will no longer fallback to non-DVR mode, since it may
lead to inconsistency in the DVR-enabled cluster as the Neutron server
does not distinguish between DVR and non-DVR OVS agents.

Improve DVR's resiliency during Nova VM live migration events.

The Linuxbridge agent now supports l2 agent extensions.

Adding MacVtap ML2 driver and L2 Agent as new vswitch choice

Support for MTU selection and advertisement.

Neutron now provides network IP availability information.

Neutron is integrated with Guru Meditation Reports library.

oslo.messaging.notify.drivers entry points are deprecated

New Features


  • In Mitaka, the combination of 'pathmtu' defaulting to 1500 and
    'advertise
    mtu' defaulting to True provides a value of MTU
    accounting for any overlay protocol overhead on the network to
    instances using DHCP. For example, an instance attaching to a VXLAN
    network receives a 1450 MTU from DHCP accounting for 50 bytes of
    overhead from the VXLAN overlay protocol if using IPv4 endpoints.

  • In Mitaka, queries to the Networking API for network objects will
    now return network objects that contain a sane MTU value.

  • The LinuxBridge agent can now configure basic bandwidth limiting
    QoS rules set for ports and networks. It introduces two new config
    options for LinuxBridge agent. First is 'kernelhz' option which is
    value of host kernel HZ setting. It is necessary for proper
    calculation of minimum burst value in tbf qdisc setting. Second is
    'tbf
    latency' which is value of latency to be configured in tc-tbf
    setting. Details about this option can be found in tc-tbf manual
    (http://linux.die.net/man/8/tc-tbf).

  • External networks can now be controlled using the RBAC framework
    that was added in Liberty. This allows networks to be made available
    to specific tenants (as opposed to all tenants) to be used as an
    external gateway for routers and floating IPs. By default this
    feature will also allow regular tenants to make their networks
    available as external networks to other individual tenants (or even
    themselves), but they are prevented from using the wildcard to share
    to all tenants. This behavior can be adjusted via policy.json by the
    operator if desired.

  • A DHCP agent is assigned to an availability zone; the network will
    be hosted by the DHCP agent with availability zone specified by the
    user.

  • An L3 agent is assigned to an availability zone; the router will
    be hosted by the L3 agent with availability zone specified by the
    user. This supports the use of availability zones with HA routers.
    DVR isn't supported now because L3HA and DVR integration isn't
    finished.

  • Once Nova takes advantage of this feature, a user can launch an
    instance without explicitly provisioning network resources.

  • Floating IPs can have dnsname and dnsdomain attributes
    associated with them

  • Ports can have a dnsname attribute associated with them. The
    network where a port is created can have a dns
    domain associated
    with it

  • Floating IPs and ports will be published in an external DNS
    service if they have dnsname and dnsdomain attributes associated
    with them.

  • The reference driver integrates neutron with designate

  • Drivers for other DNSaaS can be implemented

  • Driver is configured in the default section of neutron.conf using
    parameter 'externaldnsdriver'

  • Ports that failed to bind when an L2 agent was offline can now
    recover after the agent is back online.

  • Neutron now supports sharing of QoS policies between a subset of
    tenants.

  • Security group rules, networks, ports, routers, floating IPs, and
    subnet pools may now contain an optional description which allows
    users to easily store details about entities.

  • Users can set tags on their network resources.

  • Networks can be filtered by tags. The supported filters are
    'tags', 'tags-any', 'not-tags' and 'not-tags-any'.

  • Add timestamp fields 'createdat', 'updatedat' into neutron core
    resources like network, subnet, port and subnetpool.

  • And support for querying these resources by changed-since, it will
    return the resources changed after the specfic time string like
    YYYY-MM-DDTHH:MM:SS

  • By default, the DHCP agent provides a network MTU value to
    instances using the corresponding DHCP option if core plugin
    calculates the value. For ML2 plugin, calculation mechanism is
    enabled by setting [ml2] path_mtu option to a value greater than
    zero.

  • Allow non-admin users to define "external" extra-routes.

  • Announcement of tenant subnets via BGP using centralized Neutron
    router gateway port as the next-hop

  • Announcement of floating IP host routes via BGP using the
    centralized Neutron router gateway port as the next-hop

  • Announcement of floating IP host routes via BGP using the floating
    IP agent gateway as the next-hop when the floating IP is associated
    through a distributed router

  • Neutron no longer includes static example configuration files.
    Instead, use tools/generateconfigfile_samples.sh to generate them.
    The files are generated with a .sample extension.

  • Add derived attributes to the network to tell users which address
    scopes the network is in.

  • The subnet API now includes a new usedefaultsubnetpool
    attribute. This attribute can be specified on creating a subnet in
    lieu of a subnetpoolid. The two are mutually exclusive. If it is
    specified as True, the default subnet pool for the requested
    ip
    version will be looked up and used. If no default exists, an
    error will be returned.

  • Neutron now supports creation of ports for exposing physical
    functions as network devices to guests.

  • High Availability support for SNAT services on Distributed Virtual
    Routers. Routers can now be created with the flags distributed=True
    and ha=True. The created routers will provide Distributed Virtual
    Routing as well as SNAT high availability on the l3 agents
    configured for dvr_snat mode.

  • Use the value of the network 'mtu' attribute for the MTU of
    virtual network interfaces such as veth pairs, patch ports, and tap
    devices involving a particular network.

  • Enable end-to-end support for arbitrary MTUs including jumbo
    frames between instances and provider networks by moving MTU
    disparities between flat or VLAN networks and overlay networks from
    layer-2 devices to layer-3 devices that support path MTU discovery
    (PMTUD).

  • The Linuxbridge agent can now be extended by 3rd parties using a
    pluggable mechanism.

  • Libvirt qemu/kvm instances can now be attached via MacVtap in
    bridge mode to a network. VLAN and FLAT attachments are supported.
    Other attachmentes than compute are not supported.

  • When advertise_mtu is set in the config, Neutron supports
    advertising the LinkMTU using Router Advertisements.

  • A new API endpoint /v2.0/network-ip-availabilities that allows an
    admin to quickly get counts of usedips and totalips for network(s)
    is available. New endpoint allows filtering by networkid,
    network
    name, tenantid, and ipversion. Response returns network
    and nested subnet data that includes used and total IPs.

  • SriovNicSwitchMechanismDriver driver now exposes a new VIF type
    'hostdev_physical' for ports with vnic type 'direct-physical' (used
    for SR-IOV PF passthrough). This will enable Nova to provision PFs
    as Neutron ports.

  • The RPC and notification queues have been separated into different
    queues. Specify the transporturl to be used for notifications
    within the [oslo
    messagingnotifications] section of the
    configuration file. If no transport
    url is specified in
    [oslomessagingnotifications], the transport_url used for RPC will
    be used.

  • Neutron services should respond to SIGUSR2 signal by dumping
    valuable debug information to standard error output.

  • New security groups firewall driver is introduced. It's based on
    OpenFlow using connection tracking.

  • Neutron can interact with keystone v3.

Known Issues


  • The combination of 'pathmtu' and 'advertisemtu' only adjusts the
    MTU for instances rather than all virtual network components between
    instances and provider/public networks. In particular, setting
    'path_mtu' to a value greater than 1500 can cause packet loss even
    if the physical network supports it. Also, the calculation does not
    consider additional overhead from IPv6 endpoints.

  • When using DVR, if a floating IP is associated to a fixed IP
    direct access to the fixed IP is not possible when traffic is sent
    from outside of a Neutron tenant network (north-south traffic).
    Traffic sent between tenant networks (east-west traffic) is not
    affected. When using a distributed router, the floating IP will mask
    the fixed IP making it inaccessible, even though the tenant subnet
    is being announced as accessible through the centralized SNAT
    router. In such a case, traffic sent to the instance should be
    directed to the floating IP. This is a limitation of the Neutron L3
    agent when using DVR and will be addressed in a future release.

  • Only creation of dvr/ha routers is currently supported. Upgrade
    from other types of routers to dvr/ha router is not supported on
    this release.

  • More synchronization between Nova and Neutron is needed to
    properly handle live migration failures on either side. For
    instance, if live migration is reverted or canceled, some dangling
    Neutron resources may be left on the destination host.

  • To ensure any kind of migration works between all compute nodes,
    make sure that the same physicalinterfacemappings is configured on
    each MacVtap compute node. Having different mappings could cause
    live migration to fail (if the configured physical network interface
    does not exist on the target host), or even worse, result in an
    instance placed on the wrong physical network (if the physical
    network interface exists on the target host, but is used by another
    physical network or not used at all by OpenStack). Such an instance
    does not have access to its configured networks anymore. It then has
    layer 2 connectivity to either another OpenStack network, or one of
    the hosts networks.

  • OVS firewall driver doesn't work well with other features using
    openflow.

Upgrade Notes


  • Operators using the ML2 plug-in with 'path_mtu' defaulting to 0
    may need to perform a database migration to update the MTU for
    existing networks and possibly disable existing workarounds for MTU
    problems such as increasing the physical network MTU to 1550.

  • Operators using the ML2 plug-in with existing data may need to
    perform a database migration to update the MTU for existing networks

  • Add popular IP protocols to security group code.

  • To disable, use [DEFAULT] advertise_mtu = False.

  • The router_id option is deprecated and will be removed in the 'N'
    cycle.

  • Does not change MTU for existing virtual network interfaces.

  • Actions that create virtual network interfaces on an existing
    network with the 'mtu' attribute containing a value greater than
    zero could cause issues for network traffic traversing existing and
    new virtual network interfaces.

  • The Hyper-V Neutron Agent has been fully decomposed from Neutron.
    The neutron.plugins.hyperv.agent.securitygroupsdriver.HyperVSecu
    rityGroupsDriver
    firewall driver has been deprecated and will be
    removed in the 'O' cycle. Update the neutronhypervagent.conf
    files on the Hyper-V nodes to use
    hyperv.neutron.securitygroupsdriver.HyperVSecurityGroupsDriver,
    which is the networking_hyperv security groups driver.

  • When using ML2 and the Linux Bridge agent, the default value for
    the ARP Responder under L2Population has changed. The responder is
    now disabled to improve compatibility with the allowed-address-pair
    extension and to match the default behavior of the ML2 OVS agent.
    The logical network will now utilize traditional flood and learn
    through the overlay. When upgrading, existing vxlan devices will
    retain their old setup and be unimpacted by changes to this flag. To
    apply this to older devices created with the Liberty agent, the
    vxlan device must be removed and then the Mitaka agent restarted.
    The agent will recreate the vxlan devices with the current settings
    upon restart. To maintain pre-Mitaka behavior, enable the
    arp_responder in the Linux Bridge agent VXLAN config file prior to
    starting the updated agent.

  • Neutron depends on keystoneauth instead of keystoneclient.

Deprecation Notes


  • The defaultsubnetpools option is now deprecated and will be
    removed in the Newton release. The same functionality is now
    provided by setting is_default attribute on subnetpools to True
    using the API or client.

  • The 'forcegatewayon_subnet' option is deprecated and will be
    removed in the 'Newton' cycle.

  • The 'networkdevicemtu' option is deprecated and will be removed
    in the 'Newton' cycle. Please use the system-wide segment_mtu
    setting which the agents will take into account when wiring VIFs.

  • maxfixedipsperport has been deprecated and will be removed in
    the Newton or Ocata cycle depending on when all identified usecases
    of the options are satisfied via another quota system. If you depend
    on this configuration option to stop tenants from consuming IP
    addresses, please leave a comment on the bug report
    (https://launchpad.net/bugs/1502356).

  • The 'segmentmtu' option of the ML2 configuration has been
    deprecated and replaced with the 'global
    physnetmtu' option in the
    main Neutron configuration. This option is meant to be used by all
    plugins for an operator to reference their physical network's MTU,
    regardless of the backend plugin. Plugins should access this config
    option via the 'get
    deploymentphysnetmtu' method added to
    neutron.plugins.common.utils to avoid being broken on any potential
    renames in the future.

Bug Fixes


  • Prior to Mitaka, the settings that control the frequency of router
    advertisements transmitted by the radvd daemon were not able to be
    adjusted. Larger deployments may wish to decrease the frequency in
    which radvd sends multicast traffic. The 'minrtradvinterval' and
    'max
    rtradvinterval' settings in the L3 agent configuration file
    map directly to the 'MinRtrAdvInterval' and 'MaxRtrAdvInterval' in
    the generated radvd.conf file. Consult the manpage for radvd.conf
    for more detailed information.

  • Fixes bug 1537734

  • Prior to Mitaka, name resolution in instances requires specifying
    DNS resolvers via the 'dnsmasqdnsservers' option in the DHCP agent
    configuration file or via neutron subnet options. In this case, the
    data plane must provide connectivity between instances and upstream
    DNS resolvers. Omitting both of these methods causes the dnsmasq
    service to offer the IP address on which it resides to instances for
    name resolution. However, the static dnsmasq '--no-resolv' process
    argument prevents name resolution via dnsmasq, leaving instances
    without name resolution. Mitaka introduces the
    'dnsmasqlocalresolv' option, default value False to preserve
    backward-compatibility, that enables the dnsmasq service to provide
    name resolution for instances via DNS resolvers on the host running
    the DHCP agent. In this case, the data plane must provide
    connectivity between the host and upstream DNS resolvers rather than
    between the instances and upstream DNS resolvers. Specifying DNS
    resolvers via the 'dnsmasqdnsservers' option in the DHCP agent
    configuration overrides the 'dnsmasqlocalresolv' option for all
    subnets using the DHCP agent.

  • Before Mitaka, when a default subnetpool was defined in the
    configuration, a request to create a subnet would fall back to using
    it if no specific subnet pool was specified. This behavior broke
    the semantics of subnet create calls in this scenario and is now
    considered an API bug. This bug has been fixed so that there is no
    automatic fallback with the presence of a default subnet pool.
    Workflows which depended on this new behavior will have to be
    modified to set the new usedefaultsubnetpool attribute when
    creating a subnet.

  • Create DVR router namespaces pro-actively on the destination node
    during live migration events. This helps minimize packet loss to
    floating IP traffic.

  • Explicitly configure MTU of virtual network interfaces rather than
    using default values or incorrect values that do not account for
    overlay protocol overhead.

  • The server will fail to start if any of the declared required
    extensions, as needed by core and service plugins, are not properly
    configured.

  • partially closes bug 1468803

  • The Linuxbridge agent now supports the ability to toggle the local
    ARP responder when L2Population is enabled. This ensures
    compatibility with the allowed-address-pairs extension. closes bug
    1445089

  • Fix SR-IOV agent macvtap assigned VF check when linux kernel <
    3.13

  • Loaded agent extensions of SR-IOV agent are now shown in agent
    state API.

Other Notes


  • Please read the OpenStack Networking Guide
    (http://docs.openstack.org/networking-
    guide/advconfigavailability_zone.html).

  • For overlay networks managed by ML2 core plugin, the calculation
    algorithm subtracts the overlay protocol overhead from the value of
    [ml2] path_mtu. The DHCP agent provides the resulting (smaller) MTU
    to instances using overlay networks.

  • The [DEFAULT] advertise_mtu option must contain a consistent value
    on all hosts running the DHCP agent.

  • Typical networks can use [ml2] path_mtu = 1500.

  • The Openflow Agent(OFAgent) mechanism driver is decomposed
    completely from neutron tree in the Mitaka. The OFAgent driver and
    its agent also are deprecated in favor of OpenvSwitch mechanism
    driver with "native" of_interface in the Mitaka and will be removed
    in the next release.

  • For details please read Blueprint mtu-selection-and-advertisement
    (https://specs.openstack.org/openstack/neutron-specs/specs/kilo/mtu-
    selection-and-advertisement.html).

  • OVS firewall driver requires OVS 2.5 version or higher with linux
    kernel 4.3 or higher. More info at OVS github page
    (https://github.com/openvswitch/ovs/blob/master/FAQ.md).

  • The oslo.messaging.notify.drivers entry points that were left in
    tree for backward compatibility with Icehouse are deprecated and
    will be removed after liberty-eol. Configure notifications using the
    oslo_messaging configuration options in neutron.conf.

Changes in neutron 8.0.0.0rc2..8.0.0


3213eb1 Support Routes==2.3
4283a7e Constraint requirements using mitaka upper-constraints.txt file
fc69097 Imported Translations from Zanata
41be555 Imported Translations from Zanata
b435ec5 Imported Translations from Zanata
bec65f6 api tests: Check correct extensions
99915fa Fix setting peer to bridge interfaces
4b86f17 Skip fullstack L3 HA test
4504a74 conn_testers: Bump timeout for ICMPv6 echo tests

Diffstat (except docs and test files)


neutron/api/extensions.py | 10 +-
neutron/locale/es/LCMESSAGES/neutron.po | 1701 +++++++++++++++++++-
neutron/locale/fr/LC
MESSAGES/neutron.po | 1286 ++++++++++++++-
neutron/locale/ja/LCMESSAGES/neutron.po | 161 +-
.../locale/ko
KR/LCMESSAGES/neutron-log-error.po | 1270 +++++++++++++++
.../locale/ko
KR/LCMESSAGES/neutron-log-info.po | 862 ++++++++++
.../ko
KR/LCMESSAGES/neutron-log-warning.po | 616 +++++++
neutron/locale/ko
KR/LCMESSAGES/neutron.po | 1577 +++++++++++++++++-
.../drivers/openvswitch/agent/ovs
neutronagent.py | 4 +-
.../api/admin/test
externalnetworkextension.py | 4 +-
.../api/admin/testsharednetworkextension.py | 4 +-
.../openvswitch/agent/test
ovsneutronagent.py | 16 +-
.../drivers/openvswitch/agent/testovstunnel.py | 4 +-
tox.ini | 2 +-
17 files changed, 7369 insertions(+), 171 deletions(-)


OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
asked Apr 7, 2016 in openstack-announce by no-reply_at_openstac (33,960 points)   2 14 33
...