Release Notes: OpenSDN R21.05¶
Release Tag: R21.05
Available at hub.docker.com.
Support for Red Hat OpenShift 4.6¶
In the latest release of OpenSDN you can enable OpenSDN as the Container Network Interface (CNI) in environments using Red Hat OpenShift 4.6. Red Hat OpenShift is a platform. https://docs.opensdn.io/en/latest/opensdn-cloud-native-user-guide/how-to-install-opensdn-openshift46.rst
Ironic Support with Juju¶
OpenSDN now supports new charms for Ironic from OpenStack Train version 15.x.x.
Support for OpenStack Ussuri and Ubuntu Version 20.04¶
In this release of OpenSDN OpenStack Ussuri with Ubuntu version 18.04 (Bionic Beaver) and Ubuntu version 20.04 (Focal Fossa) are now supported. The installation process is the same as installing OpenSDN with OpenStack by Using Juju Charms.
Support for Red Hat OpenStack Platform Director 16.1¶
OpenSDN now supports integration with Red Hat OpenStack Platform Director (RHOSPd or OSPd) 16.1. Table 1 lists the OpenStack releases and the corresponding operating system and deployer versions supported by OpenSDN.
Table 1 : Supported Release Versions
OpenSDN Release
Operating System
OpenStack
Deployer
OpenSDN Release R21.05
RHEL 8.2
OSP16
OSPd16
Support for 4 Byte AS Number¶
OpenSDN now supports 4-byte or 32-bit Autonomous System (AS) numbers in BGP as specified in RFC 6793. The provision for 4-byte AS numbers is introduced to avoid exhaustion of AS numbers. You can now set an AS number in the range 1-4294967295. The default AS number is 64512.
To start using AS value in the 4-byte range:
Navigate to Infrastructure > Cluster> Advanced Options page.
The Global Config tab is displayed, which lists all system configuration information.
Click the Edit icon. The Edit System Configuration dialog box is displayed.
Select Enabled option button under 4 Byte ASN field. To disable 4-byte ASN range, select Disabled.
You can now assign 2-byte or 16-bit AS number in the range 1-65535. To assign 4-byte value in Route Target(s) field:
Navigate to Overlay > Virtual Networks > Edit Virtual Network page to edit existing virtual network. Navigate to Overlay > Virtual Networks > Create Virtual Network page to create a new virtual network.
2. Click Routing, Bridging and Policies. Route Target(s) field is displayed. Click +Add.
In the Route Target(s) section, you can now assign a 4-byte value in the range of 1-4,294,967,295 in the ASN field, when 4 Byte ASN is enabled in Global Config. If you assign the ASN field a 4-byte value, you must assign a 2-byte value in the range of 0-65,535 in the Target field. You can also assign a 2-byte value in the range of 1-65,535 in the ASN field, when 4 Byte ASN is disabled in Global Config. If you assign the ASN field a 2-byte value, you must assign a 4-byte value in the range of 0-4,294,967,295 in the Target field. You can also add suffix L or l (lower-case L) at the end of a value in the ASN field to assign the value in 4-byte range. Even if the value provided in the ASN field is in the range of 1-65,535, adding L or l (lower-case L) at the end of the value assigns it in 4-byte range. If you assign the ASN field a value in the 4-byte range, you must enter a value in the range of 0-65,535 in the Target field.
Encryption Support for Redis Traffic¶
OpenSDN now supports an SSL encrypted tunneling program called stunnel to secure Redis traffic. The stunnel is used to route traffic between Redis clients and servers. SSL encryption in the stunnel acts as a layer of security when OpenSDN analytics client processes connect to a Redis instance server. In prior releases connection requests sent from tf-analytics clients to Redis server sometimes posed security threats since Redis did not support encryption. The stunnel feature is supported only when OpenSDN is deployed with Red Hat OpenStack Platform (RHOSP).
Support for OpenSDN Deployment with Kubernetes Using Juju Charms¶
Starting in Release 21.05, you can deploy OpenSDN with Kubernetes by using Juju Charms. Juju helps you deploy, configure, and efficiently manage applications on private clouds and public clouds. A Charm is a module containing a collection of scripts and metadata and is used with Juju to deploy OpenSDN. Juju Charms helps reduce the complexity of deploying OpenSDN by providing a simple way to deploy, configure, scale, and manage OpenSDN operations. OpenSDN now supports the following charms:
contrail-kubernetes-master
contrail-kubernetes-node
Support for Netronome SmartNIC vRouter¶
OpenSDN now supports Netronome Agilio CX for OpenSDN deployment with Red Hat OpenStack Platform Director (RHOSPd) 13 environment. This feature will enable increased packets per second (PPS) capacity of OpenSDN vRouter datapath allowing applications to reach their full processing capacity. Additionally, it allows to reclaim CPU cores from OpenSDN vRouter off-loading permitting more VMs and VNFs to be deployed per server.
Support for OpenSDN with Kubernetes in Nested Mode by Using Juju Charms¶
OpenSDN now supports provisioning of a Kubernetes cluster inside an OpenStack cluster. OpenSDN Networking offers a nested control and data plane where a single control plane and a single network stack can manage and service both the OpenStack and Kubernetes clusters. In nested mode, a Kubernetes cluster is provisioned in virtual machines of an OpenStack cluster. The CNI plugin and the OpenSDN Kubernetes manager of the Kubernetes cluster interface directly with OpenSDN components that manage the OpenStack cluster. All Kubernetes features, functions and specifications are supported in nested mode. For more information, see Installing OpenSDN with Kubernetes in Nested Mode by Using Juju Charms. https://docs.opensdn.io/en/latest/opensdn-installation-and-upgrade-guide/juju-charms-nested-kubernetes.html
Encryption Support Between Analytics API Servers and Client Servers¶
OpenSDN now supports the connection between Analytics API servers and Client servers encrypted with SSL. The Clients servers connect to the Analytics API server through the REST API Port. In earlier releases, the connection between Analytics API server and the Clients servers was not encrypted, which could pose a security threat.
Enhanced Routing Policies to Support Modification of Secondary Routes in Virtual Networks¶
OpenSDN now supports virtual network routing policies automatically applied to secondary routes. This feature is especially useful as a mechanism to modify routes imported from MP-BGP, including routes that are imported from the MPLS network, using routing policies.
Support for Trunk Networking Between OpenSDN Networking and Neutron¶
OpenSDN now integrates with Neutron trunk port APIs, which enables trunk networking between OpenSDN and Neutron instances. Trunk networking uses trunk extension that is used to multiplex incoming and outgoing packets from multiple Neutron logical networks using a single Neutron logical port. A trunk extension is integrated in Neutron as a collection of Neutron logical ports. In the trunk extension that is implemented, OpenSDN introduces logical entities defined by OpenStack Trunk API to provide backend support for Neutron Trunk Port API. The Neutron Trunk Port object maps to OpenSDN Virtual Port Group (VPG) object, which was designed for handling non-LCM BMS workflow and multi-VLAN support.
Support for Increased vRouter Next Hop Limit and Monitoring Next Hop and MPLS Labels Usage¶
OpenSDN now supports an increased next hop value in the vRouter to 32 bits. By default, the vRouter creates 512K next hops and it supports up to 1 million next hops. You can also now configure a watermark limit in vRouter agent configuration file, which enables you to monitor the usage and availability of next hops and Multiprotocol Label Switching (MPLS) labels. In earlier releases, OpenSDN vRouter supported 16 bits next hop value, which enabled it to create a maximum of only 65,536 next hops.
Enhanced DPDK vRouter Performance Through Full CPU Partitioning and Isolation¶
OpenSDN now supports full CPU partitioning. CPU isolation is an RHEL method to partition and isolate the CPU cores on a compute node from the symmetric multiprocessing (SMP) balancing and scheduler algorithms. The full CPU isolation feature optimizes the performance of DPDK vRouter when deployed with the DPDK settings recommended for RHOSP. To enable full CPU partitioning and isolation, you need to configure tuned and isolcpus.
Inter Subcluster Route Filtering¶
OpenSDN now supports inter subcluster route filtering. With this release, a new extended community called origin-sub-cluster (similar to origin-vn) is added to all routes originating from a subcluster. The format of this new extended community is subcluster::. This new extended community is added by encoding the subcluster ID in the ID field within the extended community. The subcluster ID helps you determine the subcluster from which the route originated, and is unique for each subcluster.
Zero Impact Upgrade: Upgrading OpenSDN Networking Software without Rebooting Compute Nodes with Kernel-mode vRouters¶
OpenSDN now supports huge pages in environments where compute nodes are using kernel-mode vRouters and the environment is deployed using Red Hat Openstack or Juju. Huge page support for kernel-mode vRouters allows the Zero Impact Upgrade (ZIU) procedure to complete OpenSDN software upgrades without rebooting compute nodes.
https://docs.opensdn.io/en/latest/opensdn-installation-and-upgrade-guide/install-tf-rhosp-ziu.html
Zero Impact Upgrade: OpenSDN Networking Software Upgrades in Environments Deployed using Ansible¶
OpenSDN now supports the Zero Impact Upgrade (ZIU) procedure to upgrade OpenSDN Networking software in environments that are deployed using Ansible. For additional information, see How to Perform a Zero Impact OpenSDN Networking Upgrade using Ansible.
Support for Octavia as LBaaS¶
OpenSDN now supports Octavia as LBaaS. The Neutron LBaaS plugin is no longer available in OpenStack Train release. If you want to use legacy OpenSDN load balancer, you can use VNC or the OpenSDN Web UI.
https://docs.opensdn.io/en/latest/opensdn-installation-and-upgrade-guide/canonical-octavia.html
https://docs.opensdn.io/en/latest/opensdn-installation-and-upgrade-guide/rhosp-octavia.html
Support for Fast Routing Convergence¶
OpenSDN now supports fast convergence of the network in case of failures in the overlay tunnel endpoints. With the fast convergence feature, OpenSDN can detect and respond to failures in the gateway or vRouter and take corrective action faster, thereby reducing the convergence time. Convergence time is the time taken by the control plane to detect a failure and take corrective action. Faster convergence reduces the risk of silent packet drop in case of a failure in the network.
Configurable XMPP Timeout¶
OpenSDN now allows you to configure the XMPP timer value in the range 1 through 90 seconds. Reducing the timer to a lower value facilitates faster convergence in the network. Though you can configure a value as low as one (1), the recommended value is nine (9). A lower value for the timer is recommended only for smaller clusters.
VLAN Forwarding Disabled for DPDK vRouters Deployed on VLAN Interfaces¶
OpenSDN now has VLAN forwarding on interfaces disabled by default on DPDK vRouters that are deployed in a cluster. This optimizes the performance of DPDK enabled vRouters.
In releases prior VLAN forwarding interface is enabled by default, enabling packet forwarding between the host and the fabric. This resulted in increased load on vRouters affecting their performance.
To enable VLAN forwarding interface on vRouter, set the value for DPDK_ENABLE_VLAN_FWRD to True in contrail-settings.yaml. If VLAN forwarding interface is enabled, the following message is logged in the contrail-vrouter-dpdk container logs:
VLAN forwarding is enabled and causing performance impact on the system
Support for Viewing Details of a DPDK Enabled vRouter¶
OpenSDN now supports the dpdkinfo command which enables you to see the details of the internal data structures of a DPDK enabled vRouter. The dpdkinfo command enables you to view information related to bond interfaces, Link Aggregation Control Protocol (LACP), memory pool (mempool), Logical core (lcore), network interface card (NIC) and application. The dpdkinfo command reads the internal data structures and unstructured data from a DPDK enabled vRouter and displays the data on the console.
Packet Latency Improvements in the vRouter¶
OpenSDN now has significant vRouter packet latency improvements in DPDK deployments. The latency for 64B packets is measured to be around 120 microseconds (µs) in release 2008 as against 300-400 µs prior to release 2008. In historic DPDK deployments, the vRouter functions in a hybrid mode where it uses part pipelining mode and part run-to-completion mode for packet processing thereby ensuring good load balancing and also reasonable latency. However, from release 2008, you can switch the vRouter from hybrid to run-to-completion mode where the packets are processed in a single session with no load balancing thereby reducing latency overheads. To switch DPDK modes, you must set the DPDK_COMMAND_ADDTIONAL_ARGS+= “–vr_no_load_balance” parameter in the ifcfg-vhost0 file on the vRouter.
This feature has the following caveats:
The run-to-completion mode has inherent disadvantages such as if the virtual machine is unable to load balance, you might see bottlenecks using this mode.
The VNF must be enabled with multiqueue virtio. This is to ensure that the VNF performs load balancing in place of the vRouter.
Only MPLSoUDP and VXLAN encapsulation protocols are supported.
Support for Clearing vif Statistics Counters¶
OpenSDN now supports clearing of vif statistics counters for all interfaces by using the –clear command.
Contrail Tools Container¶
Contrail-tools container provides a centralized location for all the available tools and CLI commands in one place. OpenSDN now features the contrail-tools command which will be installed by default. contrail-tools command enables you to log in to the container and execute the tool. Additionally, the command will kill the container on exit.
https://docs.opensdn.io/en/latest/opensdn-monitoring-and-troubleshooting-guide/contrail-tools.html
Support for DPDK Release 19.11¶
OpenSDN vRouter now supports DPDK Release 19.11. To view the DPDK version, use the following commands:
[root@user ~]# contrail-tools
(contrail-tools)[root@user /]$ dpdkinfo -v
DPDK Version: DPDK 19.11.0
vRouter version: {"build-info": [{"build-time": "2020-09-17 00:44:40.135183", "build-hostname": "contrail-build-r2008-centos-121-generic-20200916063600.novalocal", "build-user": "contrail-builder", "build-version": "2008"}]
Sandump Tool¶
OpenSDN now features the Sandump tool, available in contrail-tools container. Sandump tool captures the Sandesh messages from netlink connection between the Agent and the vRouter (only DPDK mode) and, provides detailed interpretation of all the captured bytes.
https://docs.opensdn.io/en/latest/opensdn-monitoring-and-troubleshooting-guide/sandump-tool.html
Enablement Changes to Optional OpenSDN Analytics Modules¶
Starting with OpenSDN Release 2011, the optional TF Analytics modules—analytics alarm, analytics SNMP, and analytics database—must be enabled in the OOO (TripleO) Heat templates.
Support for Intel DDP in vRouter for Fortville NICS¶
The OpenSDN vRouter now supports Intel dynamic device personalization (DDP) technology, which enables faster processing of packets with MPLSoGRE encapsulation. The Intel DDP technology is supported only in Intel Fortville Series NICs.
Retaining the AS Path Attribute in a Service Chain¶
Starting with OpenSDN Release 21.05, you can configure the AS path to be retained in the routes re-originated from the destination VN to the source VN in a service chain. You also have the ability to enable or disable the path retention for selected service chains. You can enable or disable the Retain AS Path option while configuring the network policy in the Overlay > Network Policies > Create Network Policy page.
Support for vRouter Dynamic MAC Address/IP Address Learning and BFD Health Check for Workloads Starting with OpenSDN Release 2011, the OpenSDN vRouter dynamically learns the MAC address/IP address binding of the workloads deployed on a OpenSDN connected virtual machine (VM). The vRouter learns the MAC address/IP address binding of the pods to enable an efficient workload to workload communication. Also, OpenSDN supports Bidirectional Forwarding and Detection (BFD) based health check to verify the liveliness of a workload.
Support for Sandump Tool on Windows Machines¶
OpenSDN now supports the Sandump tool with Wireshark, available on Windows machines. Sandump tool captures the Sandesh messages from netlink connection between the Agent and the vRouter (only DPDK mode) and, provides detailed interpretation of all the captured bytes.
https://docs.opensdn.io/en/latest/opensdn-monitoring-and-troubleshooting-guide/sandump-tool.html
Support for agent_header.lua Wireshark Plugin in Windows OS Computers¶
OpenSDN now allows the use of the agent_header.lua Wireshark plugin in Windows OS computers, which enables you analyze the packets exchanged between vRouter data plane and vRouter agent on the pkt0 interface.
Upgrade OpenSDN Networking using Red Hat Fast Forward Upgrade Procedure¶
OpenSDN can now use a combined procedure to upgrade Red Hat OpenStack Platform (RHOSP) from RHOSP 13 to RHOSP 16.1 by leveraging Red Hat Fast Forward Upgrade (FFU) procedure while simultaneously upgrading OpenSDN from Release 5.1 to Release 21.05.
https://docs.opensdn.io/en/latest/opensdn-installation-and-upgrade-guide/ffu-ziu-rhosp16.1-cn.html
Support for KubeVirt in Kubernetes Environments¶
OpenSDN can now use KubeVirt in Kubernetes-orchestrated environments that use OpenSDN as the Container Networking Interface (CNI). KubeVirt is a virtualization add-on to Kubernetes that allows virtual machines (VMs) to run alongside the application containers present in Kubernetes environments.
Support for Keystone Authentication in Kubernetes Environments Using Juju¶
OpenSDN can now use the Keystone authentication service in OpenStack for authentication in environments that contain cloud networks using both Openstack and Kubernetes orchestrators when the Kubernetes environment is running Juju. This capability simplifies authentication in mixed cloud environments and is available when the cloud networks are both using OpenSDN.
Support for contrail-vrouter-utils package in the Contrail Tools Container¶
Starting with OpenSDN Networking Release 2011, the contrail-vrouter-utils package is available only in the contrail-tools container. You must use the contrail-tools container to execute tools like vif, nh, rt, and so on available in the contrail-vrouter-utils package. In previous releases, the contrail-vrouter-utils package is available in the contrail-vrouter-agent and contrail-vrouter-dpdk container. You can no longer use the contrail-vrouter-agent and contrail-vrouter-dpdk containers to execute the tools available in the contrail-vrouter-utils package.
Support for Netronome SmartNIC vRouter for Juju Charms Deployment¶
OpenSDN now supports Netronome Agilio CX for OpenSDN deployment with Juju charms. This feature enables increased packets per second (PPS) capacity of OpenSDN vRouter datapath allowing applications to reach their full processing capacity. Additionally, it allows to reclaim CPU cores from OpenSDN vRouter off-loading permitting more VMs and VNFs to be deployed per server.
Support for Red Hat OpenShift 4.6¶
In the latest release of OpenSDN you can enable OpenSDN as the Container Network Interface (CNI) in environments using Red Hat OpenShift 4.6. Red Hat OpenShift is a platform. For more information on Red Hat Openshift 4.6 in OpenSDN see How to OpenSDN Networking and Red Hat OpenShift 4.6.