1 Major Features
- 1.1 Release Deliverables
- 1.2 Experimental Deliverables
2 Target Environment
- 2.1 For Execution
- 2.2 For Development
3 Known Issues and Limitations
- 3.1 ODL OVSDB L3
- 3.2 Security Groups with Conntrack
- 3.3 Service Function Chaining
- 3.4 Known Bugs
4 Changes Since Previous Releases

Major Features

Beryllium marked the fourth release of the OVSDB NetVirt project. The release delivers increased code and testing coverage and improved network virtualization integration with OpenStack.

Release Deliverables

Code quality, stability and usability
Remove deprecated AD-SAL APIs
Netvirt updates for flow optimizations and config migration
ODL SFC and OPNFV SFC integration, application pipeline coexistence
Increased Neutron parity by adding Security Groups and Metadata support
Enhanced L3 DVR functionality
Hardware VTEP southbound support
Open_vSwitch southbound support for QoS and Queue
Clustering/HA/Persistence support
DPDK enhancements to the Southbound and NetVirt to support DPDK

Experimental Deliverables

Experimental support is added for the following features:

Clustering using the OpenFlow plugin-li plugin. The feature is odl-ovsdb-openstack-clusteraware.
Network Virtualization DLUX user interface. The feature is the odl-ovsdb-ui.

Target Environment

For Execution

Same as the usual JRE requirements for OpenDaylight

For Development

Same as the usual JDK and Maven requirements for OpenDaylight

Known Issues and Limitations

OpenStack SFC integration requires a workaround when used with the current NSH OVS implementation as described in VTEP Workaround for OpenStack Instantiated VMs.
The DLUX integration is considered an experimental feature. The feature works well but has not been extensively tested.
Full ODL OVSDB L3 functionality requires a minimum OVS version of 2.3.2. The version is required for ARP responder flows in table 20.
Stateful Security Groups support using conntrack requires a minimum OVS version of 2.5. Stateless Security Groups without conntrack is supported from OVS 2.3.2 and later.

ODL OVSDB L3

The L3 functionality is disabled by default. To enable the L3 functionality add ovsdb.l3.fwd.enabled=yes to the etc/custom.properties file.

Security Groups with Conntrack

Conntrack functionality is disabled by default. To enable the conntrack support add <conntrack-enabled>true</conntrack-enabled> to the etc/opendaylight/karaf/netvirt-impl-default-config.xml file.

Service Function Chaining

Some configuration is required due to application co-existence for the OpenFlow programming. The SFC project programs flow for the SFC overlay and NetVirt programs flow for the tenant overlay. Coexistence is achieved by each application owning a unique set of tables and providing a simple handoff between the tables.

First, configure NetVirt to use table 1 as it's starting table:

http://localhost:8181/restconf/config/netvirt-providers-config:netvirt-providers-config { "netvirt-providers-config": { "table-offset": 1 } }

Next, configure SFC to start at table 150 and configure the table handoff. The configuration starts SFC at table 150 and sets the handoff to table 11 which is the NetVirt SFC classification table.

http://localhost:8181/restconf/config/sfc-of-renderer:sfc-of-renderer-config { "sfc-of-renderer-config": { "sfc-of-app-egress-table-offset": 11, "sfc-of-table-offset": 150 } }

Known Bugs

Bug 5351 - Security group connection tracking flows are not getting inserted in OVS https://bugs.opendaylight.org/show_bug.cgi?id=5351 The solution was tested against OVS 2.4.9 and pre-release patches. There has been a change in the connection tracking state bit values in the official OVS 2.5 release. The workaround is to use the OVS 2.4.9 with pre-release patches or to use a later ODL build with the current fix: https://git.opendaylight.org/gerrit/#/c/34655/.

Changes Since Previous Releases

New APIs for supporting SFC integration and using NetVirt as the classifier:

http://localhost:8181/restconf/config/netvirt-providers-config:netvirt-providers-config { "netvirt-providers-config": { "table-offset": 1 } } http://localhost:8181/restconf/config/ietf-access-control-list:access-lists { "access-lists": { "acl": [ { "acl-name": "http-acl", "access-list-entries": { "ace": [ { "rule-name": "http-rule", "matches": { "destination-port-range": { "lower-port": "80", "upper-port": "80" }, "source-port-range": { "lower-port": "0", "upper-port": "0" }, "protocol": "6" }, "actions": { "netvirt-sfc-acl:sfc-name": "SFCNETVIRT" } } ] } } ] } }

Bugs Fixed in this Release

4924 Fixed IPs of dhcp_port are not updated when a new subnet is added to the network. 5278 Service Unavailable exception when associating a Neutron router with a tenant subnet. 5331 unable to read topology after recovering a failed controller in cluster 5040 LLDP Spoofing attack warning when using Openstack with ODL Cluster (both features) 4569 Ownership changed consistently without down any node 5038 Instances are not reachable in Openstack when ODL used as cluster (using OFPlugin He design) 5062 Creating Bridge in Cluster Mode returns 500 and throws exception in karaf log 5018 No Flow Entries are installed to br-int while trying the NetVirt Cluster (clusteraware) 3974 br-int is not getting created with lithium 0.3.0 snapshot 4277 Deleted Network flow entries retained in br-int,if network associated and disassociated from virutalrouter interface 4888 Ovsdb Southbound Clustering Inconsistent output for sudo ovs-vsctl list bridge br-int 4916 In OVSDB Single node clustering 2 switches registered with same manager there are two "OWNER" found in southbound, and with this two "OWNER" replication also happens 5134 Address exceptions when SG remote_group_id has both IPv4 and IPv6 addresses 5172 lldp: SchemaVersionMismatchException: The schema version used to access the table/column (7.8.0) does not match the required version (from 7.11.2 to 0.0.0) 4811 topic/netvirt-clustering branch: the Openstack Integration failing due to OpenFlowPlugin failures 5110 Pinging router on different network does not work 4892 Not getting Arp flows if there is no Router 5187 Remote security group insertion fails when port is not found in cache 5169 Retrieval of Bridge and Port fails from Operational Store in csit test 4904 Singleton Cluster is not happened 5149 Enhancement: Support LLDP on ovsdb interface 5161 In OVSDB 3 node cluster northbound remote ip address validation missing in configuration data store 4373 Released Floating IP (on compute node1 vm) is not reaching to external network, if reuse the floating IP to another VM ( VM hosted on compute node2 4374 On Release of Floating IP doesn’t detached port on openstack external network 4280 VM Floating IP Address unable to reach the External GW when L3 routing enabled. 5107 Flow tables mentioned in goto_table actions are not created 4132 Unable to ping gateway when using L3 DVR - Lithium 5131 Hard-coded base url in Ovsdb UI 5147 Wrong logging level for ConfigProperties not found with defaults 4794 IllegalArgumentException in operational delete: unable to connect ovs to plugin 4844 GatewayMacResolverService continues to try to resolve gateway after nodes have disconnected. 4769 Security group : default ip flows fails to delete intermittently 4643 Remote Security Group - Terminating an instance fails to remove the corresponding rules 4874 distributed arp in old l3 for ovsdb is not installing rules when it should 3052 race condition between northbound and southbound events 2173 Remaining OF 1.3 rules after full neutron resources removal 3097 Do not delete interfaces in PortHandler 5056 Beryllium RC0: Data did not pass validation 5065 Data did not pass validation 5066 ConflictingModificationAppliedException: Node was created by other transaction. 5069 ARP request from public gateway not answered 5007 Reenable SG IT 5039 External Interface errors in karaf log when using Openstack with ODL Cluster (odl-ovsdb-openstack) 4311 null pointer exceptions in ovsdb routemgr 4971 SG needs to be independent from which L3 stack is used in ovsdb netvirt 5013 SG exception when running openstack tempest: org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils.createICMPv4Match(MatchUtils.java:223)[283:org.opendaylight.ovsdb.openstack.net-virt-providers:1.1.4.SNAPSHOT] 4205 VM delete doesnot removed all related flows(i.e specific to VMs) 4997 Fix for ConnectionInfo parsing in showMdsal tool 4908 cannot create a bridge using northbound REST api with clustering. 4927 Rules added by MacResolverServices in br-ex are not removed if no arp responses make it back to br-ex 4913 flow rules for security group aren't populated on port creation 4912 NeutronL3Adapter: missing/reordered enabled check 4911 IllegalArgumentException in RoutingService.programRouterInterface 4881 org.opendaylight.ovsdb.openstack.netvirt.AbstractEventTest failure 4737 ovsdb can create vxlan port in OVS,but cant't delete it 4736 missing null pointer check of getFixedIPs() 4429 Sending non-canonical IPv4 prefix resulted in table 60 rules not getting added 4472 IllegalArgumentException in programIpRewriteExclusion 4416 Unreliable ERROR message as Unable to resolve Externalgateway Mac address,while unstacking one of compute node on openstack 4348 NoClassDefFoundError and ODL doesn't allowed to create network from openstack 4346 Restack/new compute node VM doesn’t communicated north-south traffic 4282 NPEs and inability to provision SFF in SFC project via GBP between SR1 and current stable lithium 4339 northbound depends on obsolete commons.northbound and sal 1519 SouthboundHandler: isUpdateOfInterest is too inclusive 4228 Externalgateway Mac address keeps on try to resolve,after cleared the GW on Openstack externalNetwork 1802 Karaf : InventoryListener Event replay code missing in Library on plugin bundle start 4067 LbaaS OF flows are not getting installed in the switch 2732 When large JSON responses are received by the switch in response to ODL queries, ODL's OVSDB interface becomes unusable. 2923 Need to define OVSDB Clustering/Data Persistence Behavior 2660 Network shared attribute should be allowed 905 ovsdbConfigService.getRows() returns mutable maps 913 Can't delete QOS from java api 1972 Flows failed to get programmed in a very random fashion 2132 Bad openflow rules removal when VM is deleted 2125 ODL shouldn't set the controller to every brige 2024 ovsdb throws exception, fails to try to program flows if ovs is running already at controller startup 1750 Add the missing apply-actions on outbound NAT table 1696 Ingress ACL table is dropping the LLDP traffic 1662 Typed Schema based Special handling is missing 1642 Northbound API fails to insert/delete rows if the parentTable/parentColumn json data is missing on the POST message 1357 Wrong status code sent if Node does not exist 4331 arp responder periodic timer should refresh node picked for packet-out 4920 MAC address for gateway can not be resolved, because external bridge is not connected to controller. 4029 org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter.handleNeutronPortEvent(NeutronL3Adapter.java:251)[271:org.opendaylight.ovsdb.openstack.net-virt:1.2.0.SNAPSHOT] 4579 Periodic ARP resolver is missing calls to NeutronL3Adapter::updateExternalRouterMac() 4265 NPE while programming Port Security ACL 4752 distributed arp in old l3 for ovsdb should not install rules for arp unless tenant network exists in the compute node 1844 Callback from neutron's router interface events should be handled via neutron port events 4611 NPE at org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services.IngressAclService.programPortSecurityGroup(IngressAclService.java:88) 4642 IP ingress rule is not seen after a VM is spawned with the default Security Group 4756 southbound fails to delete OvsdbNode from config and operational 4776 ovsdb netvirt needs to handle cases when network/subnet contains no tentant id 4733 NPE in SouthboundImpl 4735 NPE in SouthboundImpl 4734 NPE in GatewayMacResolverService 4718 NPE in NeutronSubnetChangeListener.java 4711 Compile errors when building openstack.net-virt 4704 compile error of missing symbol of getSubnets 4546 Southbound plugin throws java.lang.IllegalStateException while shutting down and loops forever 4463 IlligalArgumentException when deleting router port 4144 Periodic ARP resolver should use unicast MAC destination address whenever possible; instead of broadcast 3378 ovsdb netvirt needs help in getting mac for a given ip in br-ex 3989 Posting multiple OVSDB nodes with different node-id but same connection-info does not clean operational MD-SAL 4208 Unstack and restack existing same compute unable to communicate the existing network VM's 4014 pipeline flows not programmed on manually added br-int 3962 Event dispatcher found no handler for NorthboundEvent 4347 br-ex doesn’t listing any OF flows on compute node instance 4229 Stale OF entries retained in br-int flow table on openstack-controller side,when VM resides on unstacked compute node 3796 Config datastore empty on reconnect to ovsdb-node 4206 Network delete doesnot removed the Vxlan tunnel entries on ovs switch 4135 pipeline flows not programmed because controller address is not set on OVSDB node 4045 exception when ipv6 addressed port is received 4160 null pointer exception in SecurityServicesImpl.getDHCPServerPort() 4163 null pointer exception in NeutronL3Adapter.getExternalNetworkSubnet() 3545 Updates to termination point configuration for existing termination points broken 3909 SSLv3 should be disabled for ovsdb server

Migration from Previous Releases

Migration from previous releases has not been tested.

Compatibility with Previous Releases

Yes, compatible with previous releases.

Deprecated, End of Life, and/or Retired Features/APIs

The OVSDB Plugin compatibility layer and related ADSAL dependencies were deprecated in Lithium and removed in Beryllium.

OVSDB:Beryllium Release Notes

Contents