Release notes for VPP 20.09 =========================== More than 458 commits since the previous release, including 266 fixes. Release Highlights ------------------ The FD.io VPP 20.09 release added a number of notable new features. In plugins, the I/O layer added support for the Linux AF_XDP interface with the AF_XDP plugin. New plugins where added supporting both the Wireguard security protocol and CNAT destination based address translation, and the existing IKEv2 plugin added support for NAT-T. In the cryptography layer, support was added for synchronous software crypto engines, enabling users to allocate dedicated crypto worker threads. The flow layer added support for steering IPSEC ESP/AH flows to worker threads. GRO support was added to the packet coalescing library. This release introduces the new FD.io VPP API change policy to ensure backwards-compatibility. The policy will ensure seamless upgrades to new versions of FD.io VPP in future, provided no “in-progress” or deprecated APIs are in use. Enabling the FD.io community to enjoy the benefits of new releases, while minimizing the work involved in staying current. If you dive into the implementation, you will note that policy in action. A number of modified API messages have had their original versions maintained to ensure compatibility. Reflecting the new policy we added two new sections to the release notes describing: - Newly deprecated API messages: please note that if you are using a deprecated message, they will soon be removed in a subsequent release. Collaborate with the feature maintainer on the best approach to mitigate. - In-progress API messages: They are work-in-progress, and are *not* subject to the policy, and may change or even be removed at any time. Please collaborate with the feature maintainer on plans to productize the message before using in any product. In-progress APIs must eventually become stable or be removed. Features -------- - VNET - Crypto Infra - Add chacha20-poly1305 algo (61f49aa38) - Asynchronous crypto engines (2284817ea) - Add asynchronous crypto APIs (0c936b147) - Added support for optimized cryptodev API (ef80ad6bf) - FLOW - Added ability to steer IPSec ESP/AH flows to worker threads (d4c3666b9) - Added the vnet/flow API (d0236f725) - GENEVE - Support geneve interface acting as a bvi (7fc88cf3a) - GSO - Added software GRO support (f382b06fe) - IPSec - Dedicated IPSec interface type (dd4ccf262) - Deprecate old interface API (e6df80de4) - Interface Common - Support configuring RSS steering queues (c4665093c) - Native Virtio Drivers - Add vhost sw_if_index filter for sw_interface_vhost_user_dump (a0e8d9669) - Add modern device support (379aac395) - Add virtio 1.1 api flags (518251bc8) - TAP Drivers - Add gro support (9e2a78564) - Add virtio 1.1 API flag (50bd16559) - TCP - Track reorder with selective acknowledgments (cc4d6d022) - Plugins - AF_XDP driver - New plugin for Linux AF_XDP input (4a76d6f6d) - CNat - New plugin for destination based NAT (29f3c7d2e) - Wireguard - New plugin, initial implementation of wireguard protocol (edca1325c) - Crypto - OpenSSL - Add chacha20-poly1305 support to crypto-openssl (1b6ed022e) - DPDK - Device_id sorted order for cryptodev (5a849e3b3) - Call the meson-based build instead of Makefiles (73903d7e8) - Internet Key Exchange (IKEv2) Protocol - Add support for NAT traversal (NAT-T) (4362baa33) - Add profile dump API (6a9bd8188) - Add support for AES-GCM cipher in IKE (a7b963df2) - Add SA dump API (a340fe1ac) - Network Delay Simulator - Basic reorder support (e6c3e8f0e) - VPP Comms Library - Nest vcl_mq_epfd to support epoll_wait without high CPU usage (4266d4d5f) - Support connected udp listens (1e96617d9) - Support inter worker rpc (40c07ce7a) - Support multi-threads with session migration (a3a489691) - Vector Library - Add recursive macro expander to debug cli (961e3c842) - Binary API Libraries - Add new stream message convention (f5db3711b) - Make VPP api handlers endian independent (e796a1873) - Infrastructure Library - Multiarch support for OCTEONTX2 SoC (e2f5236dc) Known issues ------------ For the full list of issues please refer to fd.io `JIRA `__. Fixed issues ------------ For the full list of fixed issues please refer to: - fd.io `JIRA `__ - git `commit log `__ API changes ----------- Description of results: - *Definition changed*: indicates that the API file was modified between releases. - *Only in image*: indicates the API is new for this release. - *Only in file*: indicates the API has been removed in this release. ========================================== ================== Message Name Result ========================================== ================== adl_allowlist_enable_disable only in image adl_allowlist_enable_disable_reply only in image adl_interface_enable_disable only in image adl_interface_enable_disable_reply only in image bond_add_member only in image bond_add_member_reply only in image bond_create2 only in image bond_create2_reply only in image bond_detach_member only in image bond_detach_member_reply only in image cnat_add_del_snat_prefix only in image cnat_add_del_snat_prefix_reply only in image cnat_session_details only in image cnat_session_dump only in image cnat_session_purge only in image cnat_session_purge_reply only in image cnat_set_snat_addresses only in image cnat_set_snat_addresses_reply only in image cnat_translation_del only in image cnat_translation_del_reply only in image cnat_translation_details only in image cnat_translation_dump only in image cnat_translation_update only in image cnat_translation_update_reply only in image crypto_set_async_dispatch only in image crypto_set_async_dispatch_reply only in image crypto_set_handler only in image crypto_set_handler_reply only in image crypto_sw_scheduler_set_worker only in image crypto_sw_scheduler_set_worker_reply only in image det44_add_del_map only in image det44_add_del_map_reply only in image det44_close_session_in only in image det44_close_session_in_reply only in image det44_close_session_out only in image det44_close_session_out_reply only in image det44_forward only in image det44_forward_reply only in image det44_get_timeouts only in image det44_get_timeouts_reply only in image det44_interface_add_del_feature only in image det44_interface_add_del_feature_reply only in image det44_interface_details only in image det44_interface_dump only in image det44_map_details only in image det44_map_dump only in image det44_plugin_enable_disable only in image det44_plugin_enable_disable_reply only in image det44_reverse only in image det44_reverse_reply only in image det44_session_details only in image det44_session_dump only in image det44_set_timeouts only in image det44_set_timeouts_reply only in image flow_add only in image flow_add_reply only in image flow_del only in image flow_del_reply only in image flow_disable only in image flow_disable_reply only in image flow_enable only in image flow_enable_reply only in image geneve_add_del_tunnel2 only in image geneve_add_del_tunnel2_reply only in image gtpu_add_del_tunnel definition changed gtpu_tunnel_details definition changed gtpu_tunnel_update_tteid only in image gtpu_tunnel_update_tteid_reply only in image ikev2_child_sa_details only in image ikev2_child_sa_dump only in image ikev2_nonce_get only in image ikev2_nonce_get_reply only in image ikev2_profile_details only in image ikev2_profile_dump only in image ikev2_profile_set_ts definition changed ikev2_sa_details only in image ikev2_sa_dump only in image ikev2_set_esp_transforms definition changed ikev2_set_ike_transforms definition changed ikev2_set_responder definition changed ikev2_traffic_selector_details only in image ikev2_traffic_selector_dump only in image ipsec_itf_create only in image ipsec_itf_create_reply only in image ipsec_itf_delete only in image ipsec_itf_delete_reply only in image ipsec_itf_details only in image ipsec_itf_dump only in image ipsec_set_async_mode only in image ipsec_set_async_mode_reply only in image map_domains_get only in image map_domains_get_reply only in image nat44_add_del_static_mapping_v2 only in image nat44_add_del_static_mapping_v2_reply only in image nat_show_config_2 only in image nat_show_config_2_reply only in image nsim_configure2 only in image nsim_configure2_reply only in image pg_interface_enable_disable_coalesce only in image pg_interface_enable_disable_coalesce_reply only in image sr_policies_with_sl_index_details only in image sr_policies_with_sl_index_dump only in image sw_bond_interface_details only in image sw_bond_interface_dump only in image sw_member_interface_details only in image sw_member_interface_dump only in image trace_details only in image trace_dump only in image trace_dump_reply only in image virtio_pci_create_v2 only in image virtio_pci_create_v2_reply only in image wireguard_interface_create only in image wireguard_interface_create_reply only in image wireguard_interface_delete only in image wireguard_interface_delete_reply only in image wireguard_interface_details only in image wireguard_interface_dump only in image wireguard_peer_add only in image wireguard_peer_add_reply only in image wireguard_peer_remove only in image wireguard_peer_remove_reply only in image wireguard_peers_details only in image wireguard_peers_dump only in image ========================================== ================== Found 123 api message signature differences Newly deprecated API messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These messages are still there in the API, but can and probably will disappear in the next release. - bond_create - bond_detach_slave - bond_detach_slave_reply - bond_enslave - cop_interface_enable_disable - cop_interface_enable_disable_reply - cop_whitelist_enable_disable - cop_whitelist_enable_disable_reply - geneve_add_del_tunnel - ipsec_tunnel_if_add_del - ipsec_tunnel_if_set_sa - ipsec_tunnel_if_set_sa_reply - map_domain_dump - nat_det_add_del_map - nat_det_add_del_map_reply - nat_det_close_session_in - nat_det_close_session_in_reply - nat_det_close_session_out - nat_det_close_session_out_reply - nat_det_forward - nat_det_forward_reply - nat_det_map_details - nat_det_map_dump - nat_det_reverse - nat_det_reverse_reply - nat_det_session_details - nat_det_session_dump - nat_show_config - nsim_configure - nsim_configure_reply - sw_interface_bond_dump - sw_interface_slave_dump - virtio_pci_create - virtio_pci_create_reply In-progress API messages ~~~~~~~~~~~~~~~~~~~~~~~~ These messages are provided for testing and experimentation only. They are *not* subject to any compatibility process, and therefore can arbitrarily change or disappear at *any* moment. Also they may have less than satisfactory testing, making them unsuitable for other use than the technology preview. If you are intending to use these messages in production projects, please collaborate with the feature maintainer on their productization. - abf_itf_attach_add_del - abf_itf_attach_add_del_reply - abf_itf_attach_details - abf_itf_attach_dump - abf_plugin_get_version - abf_plugin_get_version_reply - abf_policy_add_del - abf_policy_add_del_reply - abf_policy_details - abf_policy_dump - adl_allowlist_enable_disable - adl_allowlist_enable_disable_reply - adl_interface_enable_disable - adl_interface_enable_disable_reply - af_xdp_create - af_xdp_create_reply - af_xdp_delete - af_xdp_delete_reply - cnat_add_del_snat_prefix - cnat_add_del_snat_prefix_reply - cnat_session_details - cnat_session_dump - cnat_session_purge - cnat_session_purge_reply - cnat_set_snat_addresses - cnat_set_snat_addresses_reply - cnat_translation_del - cnat_translation_del_reply - cnat_translation_details - cnat_translation_dump - cnat_translation_update - cnat_translation_update_reply - crypto_sw_scheduler_set_worker - crypto_sw_scheduler_set_worker_reply - det44_get_timeouts_reply - det44_interface_add_del_feature - det44_interface_add_del_feature_reply - det44_interface_details - det44_interface_dump - det44_plugin_enable_disable - det44_plugin_enable_disable_reply - det44_set_timeouts - det44_set_timeouts_reply - flow_add - flow_add_reply - flow_del - flow_del_reply - flow_disable - flow_disable_reply - flow_enable - flow_enable_reply - gbp_bridge_domain_add - gbp_bridge_domain_add_reply - gbp_bridge_domain_del - gbp_bridge_domain_del_reply - gbp_bridge_domain_details - gbp_bridge_domain_dump - gbp_bridge_domain_dump_reply - gbp_contract_add_del - gbp_contract_add_del_reply - gbp_contract_details - gbp_contract_dump - gbp_endpoint_add - gbp_endpoint_add_reply - gbp_endpoint_del - gbp_endpoint_del_reply - gbp_endpoint_details - gbp_endpoint_dump - gbp_endpoint_group_add - gbp_endpoint_group_add_reply - gbp_endpoint_group_del - gbp_endpoint_group_del_reply - gbp_endpoint_group_details - gbp_endpoint_group_dump - gbp_ext_itf_add_del - gbp_ext_itf_add_del_reply - gbp_ext_itf_details - gbp_ext_itf_dump - gbp_recirc_add_del - gbp_recirc_add_del_reply - gbp_recirc_details - gbp_recirc_dump - gbp_route_domain_add - gbp_route_domain_add_reply - gbp_route_domain_del - gbp_route_domain_del_reply - gbp_route_domain_details - gbp_route_domain_dump - gbp_route_domain_dump_reply - gbp_subnet_add_del - gbp_subnet_add_del_reply - gbp_subnet_details - gbp_subnet_dump - gbp_vxlan_tunnel_add - gbp_vxlan_tunnel_add_reply - gbp_vxlan_tunnel_del - gbp_vxlan_tunnel_del_reply - gbp_vxlan_tunnel_details - gbp_vxlan_tunnel_dump - ikev2_child_sa_details - ikev2_child_sa_dump - ikev2_initiate_del_child_sa - ikev2_initiate_del_child_sa_reply - ikev2_initiate_del_ike_sa - ikev2_initiate_del_ike_sa_reply - ikev2_initiate_rekey_child_sa - ikev2_initiate_rekey_child_sa_reply - ikev2_initiate_sa_init - ikev2_initiate_sa_init_reply - ikev2_nonce_get - ikev2_nonce_get_reply - ikev2_profile_add_del - ikev2_profile_add_del_reply - ikev2_profile_details - ikev2_profile_dump - ikev2_profile_set_auth - ikev2_profile_set_auth_reply - ikev2_profile_set_id - ikev2_profile_set_id_reply - ikev2_profile_set_ipsec_udp_port - ikev2_profile_set_ipsec_udp_port_reply - ikev2_profile_set_liveness - ikev2_profile_set_liveness_reply - ikev2_profile_set_ts - ikev2_profile_set_ts_reply - ikev2_profile_set_udp_encap - ikev2_profile_set_udp_encap_reply - ikev2_sa_details - ikev2_sa_dump - ikev2_set_esp_transforms - ikev2_set_esp_transforms_reply - ikev2_set_ike_transforms - ikev2_set_ike_transforms_reply - ikev2_set_local_key - ikev2_set_local_key_reply - ikev2_set_responder - ikev2_set_responder_reply - ikev2_set_sa_lifetime - ikev2_set_sa_lifetime_reply - ikev2_set_tunnel_interface - ikev2_set_tunnel_interface_reply - ikev2_traffic_selector_details - ikev2_traffic_selector_dump - l2_emulation - l2_emulation_reply - mdata_enable_disable - mdata_enable_disable_reply - nat44_add_del_static_mapping_v2 - nat44_add_del_static_mapping_v2_reply - oddbuf_enable_disable - oddbuf_enable_disable_reply - pg_interface_enable_disable_coalesce - pg_interface_enable_disable_coalesce_reply - sample_macswap_enable_disable - sample_macswap_enable_disable_reply - sr_policies_with_sl_index_details - sr_policies_with_sl_index_dump - sw_interface_set_vxlan_gbp_bypass - sw_interface_set_vxlan_gbp_bypass_reply - trace_details - trace_dump - trace_dump_reply - vxlan_gbp_tunnel_add_del - vxlan_gbp_tunnel_add_del_reply - vxlan_gbp_tunnel_details - vxlan_gbp_tunnel_dump - wireguard_interface_create - wireguard_interface_create_reply - wireguard_interface_delete - wireguard_interface_delete_reply - wireguard_interface_details - wireguard_interface_dump - wireguard_peer_add - wireguard_peer_add_reply - wireguard_peer_remove - wireguard_peer_remove_reply - wireguard_peers_details - wireguard_peers_dump Patches that changed API definitions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``src/vpp/api/vpe.api`` * `d0236f725 `_ flow: add vnet/flow formal API ``src/vnet/crypto/crypto.api`` * `4035daffd `_ crypto: Crypto set handler API to support set all as CLI * `0c936b147 `_ crypto: Add async crypto APIs ``src/vnet/cop/cop.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `ac0326fc5 `_ adl: move allow/deny list function to plugin ``src/vnet/lisp-gpe/lisp_gpe.api`` * `4ab5190eb `_ lisp: API cleanup ``src/vnet/vxlan-gbp/vxlan_gbp.api`` * `f72b1aff7 `_ vxlan-gbp: Mark APIs as in-progress ``src/vnet/flow/flow_types.api`` * `34bfa50b6 `_ flow: code refactor * `d0236f725 `_ flow: add vnet/flow formal API ``src/vnet/flow/flow.api`` * `d0236f725 `_ flow: add vnet/flow formal API ``src/vnet/srv6/sr.api`` * `30fa97dc6 `_ sr: new messages created to return sl index for segment lists in a sr policy ``src/vnet/pg/pg.api`` * `f382b06fe `_ gso: packet coalesce library * `0cf528233 `_ gso: fix the udp checksum in test ``src/vnet/geneve/geneve.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `7fc88cf3a `_ geneve: support geneve interface acting as a bvi ``src/vnet/lisp-cp/one.api`` * `4ab5190eb `_ lisp: API cleanup ``src/vnet/lisp-cp/lisp.api`` * `4ab5190eb `_ lisp: API cleanup ``src/vnet/devices/tap/tapv2.api`` * `50bd16559 `_ tap: add virtio 1.1 API flag ``src/vnet/devices/virtio/vhost_user.api`` * `a0e8d9669 `_ virtio: add vhost sw_if_index filter for sw_interface_vhost_user_dump ``src/vnet/devices/virtio/virtio.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `518251bc8 `_ virtio: add virtio 1.1 api flags ``src/vnet/ipsec/ipsec.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `2e84d6655 `_ ipsec: add ipsec set async mode api * `e6df80de4 `_ ipsec: Deprecate old interface API * `dd4ccf262 `_ ipsec: Dedicated IPSec interface type ``src/vnet/bonding/bond.api`` * `ea7178631 `_ bonding: add bond_create2 API to include gso option * `4c4223edf `_ bonding lacp: replace slave string with member ``src/vnet/ip/ip_types.api`` * `d0236f725 `_ flow: add vnet/flow formal API ``src/plugins/wireguard/wireguard.api`` * `edca1325c `_ wireguard: initial implementation of wireguard protocol ``src/plugins/map/map.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `ac0326fc5 `_ adl: move allow/deny list function to plugin * `f5db3711b `_ api: add new stream message convention ``src/plugins/lacp/lacp.api`` * `4c4223edf `_ bonding lacp: replace slave string with member ``src/plugins/l2e/l2e.api`` * `f733e7ade `_ l2e: mark API as in-progress ``src/plugins/ikev2/ikev2.api`` * `a340fe1ac `_ ikev2: add SA dump API * `459d17bb7 `_ ikev2: refactor and test profile dump API * `ac46e3b1d `_ ikev2: API downgrade due to lack of ikev2 tests * `6a9bd8188 `_ ikev2: add profile dump API ``src/plugins/ikev2/ikev2_types.api`` * `a340fe1ac `_ ikev2: add SA dump API * `459d17bb7 `_ ikev2: refactor and test profile dump API * `6a9bd8188 `_ ikev2: add profile dump API ``src/plugins/tracedump/tracedump.api`` * `65b65a469 `_ misc: add tracedump API plugin ``src/plugins/gtpu/gtpu.api`` * `9ebbb5c41 `_ gtpu: support separate rx-decap and encap-tx teid values ``src/plugins/gbp/gbp.api`` * `d2f8fb9c7 `_ gbp: mark APIs as in-progress ``src/plugins/acl/acl.api`` * `24ee40a5c `_ acl: correct acl vat help message ``src/plugins/nat/dslite/dslite.api`` * `603e75465 `_ nat: move deterministic nat to det44 sub feature ``src/plugins/nat/det44/det44.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `603e75465 `_ nat: move deterministic nat to det44 sub feature ``src/plugins/nat/nat_types.api`` * `96068d6b9 `_ nat: nat66 to plugin ``src/plugins/nat/nat.api`` * `6484f4b9c `_ nat: twice-nat static mapping pool address * `edc816355 `_ nat: fix type in api message * `603e75465 `_ nat: move deterministic nat to det44 sub feature * `96068d6b9 `_ nat: nat66 to plugin ``src/plugins/nat/nat66/nat66.api`` * `96068d6b9 `_ nat: nat66 to plugin ``src/plugins/cnat/cnat.api`` * `29f3c7d2e `_ cnat: Destination based NAT ``src/plugins/abf/abf.api`` * `df494dafa `_ abf: mark API as in-progress ``src/plugins/adl/adl.api`` * `ac0326fc5 `_ adl: move allow/deny list function to plugin ``src/plugins/nsim/nsim.api`` * `00f21fb2f `_ api: clean up use of deprecated flag * `e6c3e8f0e `_ nsim: basic reorder support ``src/plugins/crypto_sw_scheduler/crypto_sw_scheduler.api`` * `0c936b147 `_ crypto: Add async crypto APIs ``src/plugins/dhcp/dhcp.api`` * `bad679291 `_ api: register endian handlers for reply messages ``src/plugins/af_xdp/af_xdp.api`` * `4a76d6f6d `_ af_xdp: AF_XDP input plugin