OVN 25.03 was initially released on 7 March, 2025. This version of OVN is currently supported for all bug fixes. Support for this version will end on 7 March, 2026.
v25.03.0 was released on 7 March, 2025.
Release Notes:
OVN v25.03.0 - 07 Mar 2025
--------------------------
- Added support to choose selection methods - dp_hash or
hash (with specified hash fields) for ECMP routes
while choosing nexthop.
- ovn-ic: Add support for route tag to prevent route learning.
- Support for STT tunnels in ovn-encap-type is deprecated and will be
removed in the next release.
- The LRP option 'centralize_routing' has been removed. The behavior is now
enabled in all cases where it is needed.
- ovn-nb: Changed schema of ovn-nb to make networks optional within Logical
Router Ports.
- Added support for Spine-Leaf topology of logical switches by adding
a new LSP type 'switch' that can directly connect two logical switches.
Supported for both distributed and transit switches.
- Bump python version required for building OVN to 3.7.
- SSL/TLS:
* TLSv1 and TLSv1.1 protocols are deprecated and disabled by default
on OpenFlow and database connections. Use --ssl-protocols to turn
them back on. Support will be fully removed in the next release.
* OpenSSL 1.1.1 or newer is now required for SSL/TLS support.
* The protocol list in --ssl-protocols or corresponding database column
now supports specifying simple protocol ranges like:
- "TLSv1-TLSv1.2" to enable all protocols between TLSv1 and TLSv1.2.
- "TLSv1.2+" to enable protocol TLSv1.2 and later.
The value must be a list of protocols or exactly one protocol range.
* Added explicit support for TLSv1.3. It can now be enabled via
--ssl-protocols (TLSv1.3 was supported in earlier versions only when
this option was not set). TLS ciphersuites for TLSv1.3 and later can
be configured via --ssl-ciphersuites (--ssl-ciphers only applies to
TLSv1.2 and earlier).
- Add "arp-nd-max-timeout-sec" config option to vswitchd external-ids to
configure the interval (in seconds) between ovn-controller originated
ARP/ND packets used for tracking ECMP next hop MAC addresses.
- Auto flush ECMP symmetric reply connection states when an ECMP route is
removed by the CMS. This behavior is controlled by the
"ecmp_nexthop_monitor_enable" config option in the NB_Global table.
Disabled by default.
- Improved handling of IPv6 traffic by enabling address prefix tracking
in OVS for both IPv4 and IPv6 addresses, whenever possible, reducing
the amount of IPv6 datapath flows.
- Add concept of Transit Routers, users are now allowed to specify
options:requested-chassis for router ports; if the chassis is remote
then the router port will behave as a remote port.
- Added a new ACL option "persist-established" that allows for
established connections to bypass ACL matching. This way, if an ACL
match changes, traffic on the established connection can still pass.
- Logical router policies can now be arranged in chains. Using the new
"jump" action, combined with new "chain" and "jump_chain" columns,
allows for policies to be chained together.
- Reduce the max number of local datapath to 1024 when OVN is using VXLAN
encapsulation type in OVN-interconnect mode.
- Added vxlan_mode parameter in IC_NB_GLOBAL option column to enable or
disable VXLAN encapsulation type in OVN-interconnect mode.
- Dynamic Routing:
* Add the option "dynamic-routing" to Logical Routers. If set to true
static and connected routes matching the filter below are shared to the
southbound "Advertised_Route" table for sharing outside of OVN.
The routes can further be configured by setting
`dynamic-routing-redistribute` on the LR or LRP. The LRP settings
overwrite the LR settings for all routes using this interface to
forward traffic on.
* Allow Logical Routers to dynamically learn routes from outside the
fabric. Routes entered into the "Learned_Route" table in the southbound
database will be learned by the respective LR. They are included in the
route table with a lower priority than static routes.
* Add the option value "connected-as-host" to the
"dynamic-routing-redistribute" LR and LRP option. If set then connected
routes are announced as individual host routes.
* Add the option "dynamic-routing-maintain-vrf" to LRPs. If set the
ovn-controller will create a vrf named "ovnvrf" + datapath id that
includes all advertised and learned routes.
The vrf name can be overwritten with the "dynamic-routing-vrf-name"
setting.
* Add the option "dynamic-routing-port-name" to LRPs. If set only routes
learned from a linux interfaces that is locally bound to the referenced
LSP will be learned. Additionally support local overwrites for arbitrary
interface names using "dynamic-routing-port-mapping".
* The logical router port options "routing-protocol-redirect" and
"routing-protocols" are now also usable on distributed gateway ports.
* Logical router port options "routing-protocol-redirect" and
"routing-protocols" are now considered stable. Their "experimental" tag
was removed.
- Add "options:ct-commit-all" to LR, that enables commit of all traffic
to DNAT and SNAT zone when LR is stateful.