RHBA-2024:0392 - Bug Fix Advisory

Topic

An update for ovn23.09 is now available in Fast Datapath for Red Hat Enterprise Linux 9.

Description

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups.

Bug Fix(es) and Enhancement(s):

• OVN does not check length of OpenFlow FLOW_MOD messages (BZ#1955167)
• [ovn] Traffic flooding to the fabric when using VLAN backed networks (BZ#2087779)
• [RFE] Add information at NB DB about where gateway chassis port are bound (BZ#2107515)
• Use the libc native backtrace mechanism exposed in OvS (BZ#2164058)
• Add FDB aging mechanism.    FutureFeature (BZ#2179942)
• Add MAC binding timestamp refresh mechanism (BZ#2212315)
• ovn-controller replace CT zone UUID names with LR/LS names (BZ#2224199)
• LB skip_snat improperly applied with affinity_timeout (BZ#2224260)
• packet replied for load balance is not snated if both lb and nat are added (BZ#2224399)
• [OVN SCALE] ovn-controller: Inefficient condition updates for Port_Binding table (BZ#2224400)
• Use stable hashing when routing packets over ECMP. (BZ#2224402)
• [RFE] Extend DHCPv6 with FQDN option (BZ#2224403)
• Investigate failure WARN in "load-balancer template IPv4/IPv6" system tests (BZ#2226631)
• Add incremental processing in ovn-northd for port groups. (BZ#2228162)
• Support binding remote ports in ovn-northd (BZ#2231218)
• [OVN] qos on tunnel interface doesn't work(ovn-nbctl set Logical_Switch_Port $portname options:qos_max_rate) (BZ#2234349)
• ovn-controller: Incremental processing may grow conjunctive flows in size indefinitely (BZ#2239060)
• UEFI (edk2/ovmf) network boot with OVN fail because no DHCP release reply (BZ#2239061)
• Revisit OVN's logic of flushing conntrack for LR (BZ#2245944)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Fast Datapath 9 x86_64
• Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 9 ppc64le
• Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 9 s390x
• Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64) 9 aarch64

Fixes

• BZ - 1955167 - OVN does not check length of OpenFlow FLOW_MOD messages
• BZ - 2087779 - [ovn] Traffic flooding to the fabric when using VLAN backed networks
• BZ - 2107515 - [RFE] Add information at NB DB about where gateway chassis port are bound
• BZ - 2164058 - Use the libc native backtrace mechanism exposed in OvS
• BZ - 2179942 - Add FDB aging mechanism.
• BZ - 2212315 - Add MAC binding timestamp refresh mechanism
• BZ - 2224199 - ovn-controller replace CT zone UUID names with LR/LS names
• BZ - 2224260 - LB skip_snat improperly applied with affinity_timeout
• BZ - 2224399 - packet replied for load balance is not snated if both lb and nat are added
• BZ - 2224400 - [OVN SCALE] ovn-controller: Inefficient condition updates for Port_Binding table
• BZ - 2224402 - Use stable hashing when routing packets over ECMP.
• BZ - 2224403 - [RFE] Extend DHCPv6 with FQDN option
• BZ - 2226631 - Investigate failure WARN in "load-balancer template IPv4/IPv6" system tests
• BZ - 2228162 - Add incremental processing in ovn-northd for port groups.
• BZ - 2231218 - Support binding remote ports in ovn-northd
• BZ - 2234349 - [OVN] qos on tunnel interface doesn't work(ovn-nbctl set Logical_Switch_Port $portname options:qos_max_rate)
• BZ - 2239060 - ovn-controller: Incremental processing may grow conjunctive flows in size indefinitely
• BZ - 2239061 - UEFI (edk2/ovmf) network boot with OVN fail because no DHCP release reply
• BZ - 2245944 - Revisit OVN's logic of flushing conntrack for LR

CVEs

(none)

References

(none)