Current Series Release Notes¶

3.24.0-10¶

Added VIF_TYPE_VIRTUAL VIF type for port_bindings to identify bound virtual ports (e.g. ports referenced by their IP in allowed-address-pairs). This will prevent mechanism drivers from binding these ports, avoiding potential connectivity issues.

New extension pvlan: Adds support for Private VLANs (PVLANs), enabling a new way of port isolation within a shared VLAN. With PVLAN, users can define networks that allow selective communication between ports using modes such as promiscuous, isolated, and community. The extension introduces new port and network attributes: pvlan_type, pvlan_community, and pvlan.

Now all service plugins, inheriting from ServicePluginBase class, will have the extension “filter-validation” enabled by default. That enforces the API filter validation in the queries, returning a HTTPBadRequest in case of using an invalid attribute. This extension can be enabled or disabled using the Neutron configuration variable [DEFAULT]filter_validation.

Added new vpn-no-sha1-3des API extension that removes the deprecated sha1 authentication algorithm and 3des encryption algorithm from the VPN API. When this extension is loaded, the default auth_algorithm for IKE and IPsec policies changes from sha1 to sha256.

The sha1 authentication algorithm and 3des encryption algorithm are deprecated for VPN IKE and IPsec policies. Operators should use the vpn-no-sha1-3des API extension to enforce the use of stronger algorithms.

Fixed API reference documentation for port binding activation and deletion endpoints. The host parameter is now correctly documented as a path parameter instead of a body parameter for the following endpoints:
- PUT /v2.0/ports/{port_id}/bindings/{host}/activate
- DELETE /v2.0/ports/{port_id}/bindings/{host}
This fixes the issue where clients (like openstacksdk) were incorrectly sending the host parameter in both the path and the body, causing a TypeError. For more information see bug 2146294