Jump to: navigation, search

OpenDaylight OVSDB:Beryllium Release Notes

Major Features

Beryllium marked the fourth release of the OVSDB NetVirt project. The release delivers increased code and testing coverage and improved network virtualization integration with OpenStack.

Release Deliverables

  • Code quality, stability and usability
  • Remove deprecated AD-SAL APIs
  • Netvirt updates for flow optimizations and config migration
  • ODL SFC and OPNFV SFC integration, application pipeline coexistence
  • Increased Neutron parity by adding Security Groups and Metadata support
  • Enhanced L3 DVR functionality
  • Hardware VTEP southbound support
  • Open_vSwitch southbound support for QoS and Queue
  • Clustering/HA/Persistence support
  • DPDK enhancements to the Southbound and NetVirt to support DPDK

Experimental Deliverables

Experimental support is added for the following features:

  • Clustering using the openflowplugin-li plugin. The feature is odl-ovsdb-openstack-clusteraware.
  • Network Virtualization DLUX user interface. The feature is the odl-ovsdb-ui.

Target Environment

For Execution

Same as the usual JRE requirements for OpenDaylight

For Development

Same as the usual JDK and Maven requirements for OpenDaylight

Known Issues and Limitations

  • OpenStack SFC integration requires a workaround when used with the current NSH OVS implementation as described in VTEP Workaround for OpenStack Instantiated VMs.
  • The DLUX integration is considered an experimental feature. The feature works well but has not been extensively tested.
  • Full ODL OVSDB L3 functionality requires a minimum OVS version of 2.3.2. The version is required for ARP responder flows in table 20.
  • Stateful Security Groups support using conntrack requires a minimum OVS version of 2.5. Stateless Security Groups without conntrack is supported from OVS 2.3.2 and later.

ODL OVSDB L3

The L3 functionality is disabled by default. To enable the L3 functionality add ovsdb.l3.fwd.enabled=yes to the etc/custom.properties file.

Security Groups with Conntrack

Conntrack functionality is disabled by default. To enable the conntrack support add <conntrack-enabled>true</conntrack-enabled> to the etc/opendaylight/karaf/netvirt-impl-default-config.xml file.

Service Function Chaining

Some configuration is required due to application co-existence for the OpenFlow programming. The SFC project programs flows for the SFC overlay and NetVirt programs flows for the tenant overlay. Coexistence is achieved by each application owning a unique set of tables and providing a simple handoff between the tables.

First configure NetVirt to use table 1 as it's starting table:

http://localhost:8181/restconf/config/netvirt-providers-config:netvirt-providers-config

{
    "netvirt-providers-config": {
        "table-offset": 1
    }
}

Next configure SFC to start at table 150 and configure the table handoff. The configuration starts SFC at table 150 and sets the handoff to table 11 which is the NetVirt SFC classification table.

http://localhost:8181/restconf/config/sfc-of-renderer:sfc-of-renderer-config

{
    "sfc-of-renderer-config": {
        "sfc-of-app-egress-table-offset": 11,
        "sfc-of-table-offset": 150
    }
}

Known Bugs

Bug 5351 - Security group connection tracking flows are not getting inserted in OVS https://bugs.opendaylight.org/show_bug.cgi?id=5351 The solution was tested against OVS 2.4.9 and pre-release patches. There has been a change in the connection tracking state bit values in the official OVS 2.5 release. The workaround is to use the OVS 2.4.9 with pre-release patches or to use a later ODL build with the current fix: https://git.opendaylight.org/gerrit/#/c/34655/.

Changes Since Previous Releases

New APIs for supporting SFC integration and using NetVirt as the classifier:

http://localhost:8181/restconf/config/netvirt-providers-config:netvirt-providers-config

{
    "netvirt-providers-config": {
        "table-offset": 1
    }
}

http://localhost:8181/restconf/config/ietf-access-control-list:access-lists
{
    "access-lists": {
        "acl": [
            {
                "acl-name": "http-acl",
                "access-list-entries": {
                    "ace": [
                        {
                            "rule-name": "http-rule",
                            "matches": {
                                "destination-port-range": {
                                    "lower-port": "80",
                                    "upper-port": "80"
                                },
                                "source-port-range": {
                                    "lower-port": "0",
                                    "upper-port": "0"
                                },
                                "protocol": "6"
                            },
                            "actions": {
                                "netvirt-sfc-acl:sfc-name": "SFCNETVIRT"
                            }
                        }
                    ]
                }
            }
        ]
    }
}

Bugs Fixed in this Release

4924	Fixed IPs of dhcp_port are not updated when a new subnet is added to the network.
5278	Service Unavailable exception when associating a Neutron router with a tenant subnet.
5331	unable to read topology after recovering a failed controller in cluster
5040	LLDP Spoofing  attack warning when using Openstack with ODL Cluster (both features)
4569	Ownership changed consistently without down any node
5038	Instances are not reachable in Openstack when ODL used as cluster (using OFPlugin He design)
5062	Creating Bridge in Cluster Mode returns 500 and throws exception in karaf log
5018	No Flow Entries are installed to br-int while trying the NetVirt Cluster (clusteraware)
3974	br-int is not getting created with lithium 0.3.0 snapshot
4277	Deleted Network flow entries retained in br-int,if network associated and disassociated from virutalrouter interface
4888	Ovsdb Southbound Clustering Inconsistent output for sudo ovs-vsctl list bridge br-int
4916	In OVSDB Single node clustering 2 switches registered with same manager there are two "OWNER" found in southbound, and with this two "OWNER" replication also happens
5134	Address exceptions when SG remote_group_id has both IPv4 and IPv6 addresses
5172	lldp: SchemaVersionMismatchException: The schema version used to access the table/column (7.8.0) does not match the required version (from 7.11.2 to 0.0.0)
4811	topic/netvirt-clustering branch: the Openstack Integration failing due to OpenFlowPlugin failures
5110	Pinging router on different network does not work
4892	Not getting Arp flows if there is no Router
5187	Remote security group insertion fails when port is not found in cache
5169	Retrieval of Bridge and Port fails from Operational Store in csit test
4904	Singleton Cluster is not happened
5149	Enhancement: Support LLDP on ovsdb interface
5161	In OVSDB 3 node cluster northbound remote ip address validation missing in configuration data store
4373	Released Floating IP (on compute node1 vm) is not reaching to external network, if reuse the floating IP to  another VM ( VM hosted on compute node2
4374	On Release of Floating IP doesn’t detached port on openstack external network
4280	VM Floating IP Address unable to reach the External GW when L3 routing enabled.
5107	Flow tables mentioned in goto_table actions are not created
4132	Unable to ping gateway when using L3 DVR - Lithium
5131	Hard-coded base url in Ovsdb UI
5147	Wrong logging level for ConfigProperties not found with defaults
4794	IllegalArgumentException in operational delete: unable to connect ovs to plugin
4844	GatewayMacResolverService continues to try to resolve gateway after nodes have disconnected.
4769	Security group : default ip flows fails to delete intermittently
4643	Remote Security Group - Terminating an instance fails to remove the corresponding rules
4874	distributed arp in old l3 for ovsdb is not installing rules when it should
3052	race condition between northbound and southbound events
2173	Remaining OF 1.3 rules after full neutron resources removal
3097	Do not delete interfaces in PortHandler
5056	Beryllium RC0: Data did not pass validation
5065	Data did not pass validation
5066	ConflictingModificationAppliedException: Node was created by other transaction.
5069	ARP request from public gateway not answered
5007	Reenable SG IT
5039	External Interface errors in karaf log when using Openstack with ODL Cluster (odl-ovsdb-openstack)
4311	null pointer exceptions in ovsdb routemgr
4971	SG needs to be independent from which L3 stack is used in ovsdb netvirt
5013	SG exception when running openstack tempest: org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils.createICMPv4Match(MatchUtils.java:223)[283:org.opendaylight.ovsdb.openstack.net-virt-providers:1.1.4.SNAPSHOT]
4205	VM delete doesnot removed all related flows(i.e specific to VMs)
4997	Fix for ConnectionInfo parsing in showMdsal tool
4908	cannot create a bridge using northbound REST api with clustering.
4927	Rules added by MacResolverServices in br-ex are not removed if no arp responses make it back to br-ex
4913	flow rules for security group aren't populated on port creation
4912	NeutronL3Adapter: missing/reordered enabled check
4911	IllegalArgumentException in RoutingService.programRouterInterface
4881	org.opendaylight.ovsdb.openstack.netvirt.AbstractEventTest failure
4737	ovsdb can create vxlan port in OVS,but cant't delete it
4736	missing null pointer check of getFixedIPs()
4429	Sending non-canonical IPv4 prefix resulted in table 60 rules not getting added
4472	IllegalArgumentException in programIpRewriteExclusion
4416	Unreliable ERROR message as Unable to resolve Externalgateway Mac address,while unstacking one of compute node on openstack
4348	NoClassDefFoundError and ODL doesn't allowed to create network from openstack
4346	Restack/new compute node VM doesn’t  communicated  north-south traffic
4282	NPEs and inability to provision SFF in SFC project via GBP between SR1 and current stable lithium
4339	northbound depends on obsolete commons.northbound and sal
1519	SouthboundHandler: isUpdateOfInterest is too inclusive
4228	Externalgateway Mac address keeps on try to resolve,after cleared the GW on Openstack externalNetwork
1802	Karaf : InventoryListener Event replay code missing in Library on plugin bundle start
4067	LbaaS OF flows are not getting installed in the switch
2732	When large JSON responses are received by the switch in response to ODL queries, ODL's OVSDB interface becomes unusable.
2923	Need to define OVSDB Clustering/Data Persistence Behavior
2660	Network shared attribute should be allowed
905	ovsdbConfigService.getRows() returns mutable maps
913	Can't delete QOS from java api
1972	Flows failed to get programmed in a very random fashion
2132	Bad openflow rules removal when VM is deleted
2125	ODL shouldn't set the controller to every brige
2024	ovsdb throws exception, fails to try to program flows if ovs is running already at controller startup
1750	Add the missing apply-actions on outbound NAT table
1696	Ingress ACL table is dropping the LLDP traffic
1662	Typed Schema based Special handling is missing
1642	Northbound API fails to insert/delete rows if the parentTable/parentColumn json data is missing on the POST message
1357	Wrong status code sent if Node does not exist
4331	arp responder periodic timer should refresh node picked for packet-out
4920	MAC address for gateway can not be resolved, because external bridge is not connected to controller.
4029	org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter.handleNeutronPortEvent(NeutronL3Adapter.java:251)[271:org.opendaylight.ovsdb.openstack.net-virt:1.2.0.SNAPSHOT]
4579	Periodic ARP resolver is missing calls to NeutronL3Adapter::updateExternalRouterMac()
4265	NPE while programming Port Security ACL
4752	distributed arp in old l3 for ovsdb should not install rules for arp unless tenant network exists in the compute node
1844	Callback from neutron's router interface events should be handled via neutron port events
4611	NPE at org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services.IngressAclService.programPortSecurityGroup(IngressAclService.java:88)
4642	IP ingress rule is not seen after a VM is spawned with the default Security Group
4756	southbound fails to delete OvsdbNode from config and operational
4776	ovsdb netvirt needs to handle cases when network/subnet contains no tentant id
4733	NPE in SouthboundImpl
4735	NPE in SouthboundImpl
4734	NPE in GatewayMacResolverService
4718	NPE in NeutronSubnetChangeListener.java
4711	Compile errors when building openstack.net-virt
4704	compile error of missing symbol of getSubnets
4546	Southbound plugin throws java.lang.IllegalStateException while shutting down and loops forever
4463	IlligalArgumentException when deleting router port
4144	Periodic ARP resolver should use unicast MAC destination address whenever possible; instead of broadcast
3378	ovsdb netvirt needs help in getting mac for a given ip in br-ex
3989	Posting multiple OVSDB nodes with different node-id but same connection-info does not clean operational MD-SAL
4208	Unstack and restack existing same compute unable to communicate the existing network VM's
4014	pipeline flows not programmed on manually added br-int
3962	Event dispatcher found no handler for NorthboundEvent
4347	br-ex doesn’t listing any OF flows on compute node instance
4229	Stale OF entries retained in br-int flow table on openstack-controller side,when VM resides on unstacked compute node
3796	Config datastore empty on reconnect to ovsdb-node
4206	Network delete doesnot removed the Vxlan tunnel entries on ovs switch
4135	pipeline flows not programmed because controller address is not set on OVSDB node
4045	exception when ipv6 addressed port is received
4160	null pointer exception in SecurityServicesImpl.getDHCPServerPort()
4163	null pointer exception in NeutronL3Adapter.getExternalNetworkSubnet()
3545	Updates to termination point configuration for existing termination points broken
3909	SSLv3 should be disabled for ovsdb server

Migration from Previous Releases

Migration from previous releases has not been tested.

Compatibility with Previous Releases

Yes, compatible with previous releases.

Deprecated, End of Lifed, and/or Retired Features/APIs

The OVSDB Plugin compatibility layer and related ADSAL dependencies were deprecated in Lithium and removed in Beryllium.