OVN 23.06 was initially released on 2 June, 2023. This version of OVN is currently supported for all bug fixes. Support for this version will end on 2 June, 2024.
v23.06.3 was released on 12 March, 2024.
Release Notes:
OVN v23.06.3 - 12 Mar 2024
--------------------------
- Bug fixes
- Add "garp-max-timeout-sec" config option to vswitchd external-ids to
cap the time between when ovn-controller sends gARP packets.
- Security: Fixed vulnerability CVE-2024-2182.
v23.06.2 was released on 15 September, 2023.
Release Notes:
OVN v23.06.2 - 15 Sep 2023
--------------------------
- Bug fixes
v23.06.1 was released on 29 August, 2023.
Release Notes:
OVN v23.06.1 - 29 Aug 2023
--------------------------
- Bug fixes
- ECMP routes use L4_SYM dp-hash by default if the datapath supports it.
Existing sessions might get re-hashed to a different ECMP path when
OVN detects the algorithm support in the datapath during an upgrade
or restart of ovn-controller.
- Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153.
v23.06.0 was released on 2 June, 2023.
Release Notes:
OVN v23.06.0 - 01 Jun 2023
--------------------------
- Enhance LSP.options:arp_proxy to support IPv6, configurable MAC
addresses and CIDRs.
- CT entries are not flushed by default anymore whenever a load balancer
backend is removed. A new, per-LB, option 'ct_flush' can be used to
restore the previous behavior. Disabled by default.
- Add support to configure OVSDB inactivity probe interval for ovn-ic and
ovn-controller-vtep.
- Add LS.other_config:broadcast-arps-to-all-routers. If false then arp
requests are only send to Logical Routers on that Logical Switch if the
target mac address matches. Arp requests matching no Logical Router will
only be forwarded to non-router ports. Default is true which keeps the
existing behaviour of flooding these arp requests to all attached Ports.
- Always allow IPv6 Router Discovery, Neighbor Discovery, and Multicast
Listener Discovery protocols, regardless of ACLs defined.
- Add IPv6 iPXE support introducing "bootfile_name" (59) and
"bootfile_name_alt" (254) options to ovn dhcpv6 server.
- Support using local OVS port as port-mirroring target, and also support
'both' directions for the 'filter' field.
- Increased ovn-{ic-,}{n,s}bctl default OVSDB inactivity probe interval from
5000 ms to 120000 ms to give the ability to connect to large databases
(mainly, OVN_Southbound). Also, for daemon mode it is possible to
configure inactivity probe interval via OVN_Northbound and OVN_Southbound
databases for ovn-nbctl and ovn-sbctl respectively. See man ovn-nb and
man ovn-sb for 'nbctl_probe_interval' and 'sbctl_probe_interval'
options for more details.
- Rework OVN egress QoS implementation in order to rely on OvS interface
instead of directly running tc from OVN. Get rid of traffic shaping on the
tunnel interfaces. Now for LSPs running on a LogicalSwitch with a localnet
port is possible to define QoS rules to apply to the local egress localnet
port. Please note now the QoS will be applied just to the local localnet
port and not to all localnet port marked with ovn-egress iface.
- Support for tiered ACLs has been added. This allows for ACLs to be layered
into separate tiers of priority. For more information, please see the
ovn-nb and ovn-northd manpages.
- Send ICMP Fragmentation Needed packets back to offending ports when
communicating with multichassis ports using frames that don't fit through a
tunnel. This is done only for logical switches that are attached to a
physical network via a localnet port, in which case multichassis ports may
have an effective MTU different from regular ports and hence may need this
mechanism to maintain connectivity with other peers in the network.