OVN 25.09 was initially released on 5 September, 2025. This version of OVN is currently supported for all bug fixes. Support for this version will end on 5 September, 2026.
v25.09.0 was released on 5 September, 2025.
Release Notes:
OVN v25.09.0 - 05 Sep 2025
--------------------------
- STT tunnels are no longer supported in ovn-encap-type.
** WARNING ** Existing setups must be fully reconfigured to use Geneve
or VxLAN before upgrading. To avoid potential database conversion issues
all OVN databases should be manually compacted after the reconfiguration.
For instructions see:
https://docs.openvswitch.org/en/latest/ref/ovsdb.7/#compacting-databases
- Added support for "ovn-cleanup-on-exit" config option in Open_vSwitch
external-ids, this option allows to specify if ovn-controller should
perform cleanup when exiting. The "--restart" exit always has priority
to keep the backward compatibility.
- Add additional protocol support for options:activation-strategy. The new
supported protocols are gARP and NA. The option now supports a comma
separated to specify selected group of protocols.
- Add CoPP support for DHCP relay.
- SSL/TLS:
* Support for deprecated TLSv1 and TLSv1.1 protocols on OpenFlow and
database connections is now removed.
- Introduce exclude-router-ips-from-garp in logical_switch_port column
so that the router port IPs are not advertised in the GARPs.
- Added support for port mirroring in OVN overlay.
- Added "ic-route-filter-adv" and "ic-route-filter-learn" options to
the Logical_Router/Logical_Router_Port tables to allow users to
filter advertised/learned IC routes.
- Add a new logical switch option - enable-stateless-acl-lb with default
value of false. This option should be set to true for logical switches
with stateless ACL to work with load balancer.
- Added new ovn-nbctl command 'pg-get-ports' to get the ports assigned to
the port group.
- The ovn-controller option ovn-ofctrl-wait-before-clear is no longer
supported. It will be ignored if used. ovn-controller will
automatically care about proper delay before clearing lflow.
- Added "ic-route-adv-lb" and "ic-route-learn-lb" NB_Global:options to
to allow advertising load balancer VIPs through OVN-IC.
- Added a new ACL option "--all" to "acl-list" command. When set,
"acl-list" command will also list port groups ACLs associated with
each port of the target logical switch.
- Added support for running tests from the 'check-kernel' system test target
under retis by setting OVS_TEST_WITH_RETIS=yes. See the 'Testing' section
of the documentation for more details.
- Dynamic Routing:
* Add the option "dynamic-routing-redistribute-local-only" to Logical
Routers and Logical Router Ports which refines the way in which
chassis-specific Advertised_Routes (e.g., for NAT and LB IPs) are
advertised.
* Add the option "external-ids:ovn-evpn-vxlan-ports" for the
Open_vSwitch database. This option allows CMS to set list of UDP
destination ports that will be used to create the VXLAN tunnels.
* Add the option "external-ids:ovn-evpn-local-ip" for the
Open_vSwitch database. This option allows CMS to set IP address that
will be used as source for the EVPN traffic egressing through
the tunnel.
* Add the "other_config:dynamic-routing-vni" to Logical Switches. If set
to valid integer the LS is considered to be connected to EVPN L2 domain.
* Add the "other_config:dynamic-routing-fdb-prefer-local" to Logical
Switches. If set to "true" the LS will prefer SB FDB table for
FDB lookup. Default is false.
* Add the "other_config:dynamic-routing-redistribute" to Logical
Switches. The only accepted value at the moment is "fdb".
- ovn-sbctl:
* Added --filter option that allows filtering the command output. See
ovn-sbctl(8) for more details.