Release notes for VPP 20.09

More than 458 commits since the previous release, including 266 fixes.

Release Highlights

The FD.io VPP 20.09 release added a number of notable new features. In plugins, the I/O layer added support for the Linux AF_XDP interface with the AF_XDP plugin. New plugins where added supporting both the Wireguard security protocol and CNAT destination based address translation, and the existing IKEv2 plugin added support for NAT-T. In the cryptography layer, support was added for synchronous software crypto engines, enabling users to allocate dedicated crypto worker threads. The flow layer added support for steering IPSEC ESP/AH flows to worker threads. GRO support was added to the packet coalescing library.

This release introduces the new FD.io VPP API change policy to ensure backwards-compatibility. The policy will ensure seamless upgrades to new versions of FD.io VPP in future, provided no “in-progress” or deprecated APIs are in use. Enabling the FD.io community to enjoy the benefits of new releases, while minimizing the work involved in staying current.

If you dive into the implementation, you will note that policy in action. A number of modified API messages have had their original versions maintained to ensure compatibility.

Reflecting the new policy we added two new sections to the release notes describing: - Newly deprecated API messages: please note that if you are using a deprecated message, they will soon be removed in a subsequent release. Collaborate with the feature maintainer on the best approach to mitigate. - In-progress API messages: They are work-in-progress, and are not subject to the policy, and may change or even be removed at any time. Please collaborate with the feature maintainer on plans to productize the message before using in any product. In-progress APIs must eventually become stable or be removed.

Features

• VNET

  • Crypto Infra

    • Add chacha20-poly1305 algo (61f49aa38)

    • Asynchronous crypto engines (2284817ea)

    • Add asynchronous crypto APIs (0c936b147)

    • Added support for optimized cryptodev API (ef80ad6bf)

  • FLOW

    • Added ability to steer IPSec ESP/AH flows to worker threads (d4c3666b9)

    • Added the vnet/flow API (d0236f725)

  • GENEVE

    • Support geneve interface acting as a bvi (7fc88cf3a)

  • GSO

    • Added software GRO support (f382b06fe)

  • IPSec

    • Dedicated IPSec interface type (dd4ccf262)

    • Deprecate old interface API (e6df80de4)

  • Interface Common

    • Support configuring RSS steering queues (c4665093c)

  • Native Virtio Drivers

    • Add vhost sw_if_index filter for sw_interface_vhost_user_dump (a0e8d9669)

    • Add modern device support (379aac395)

    • Add virtio 1.1 api flags (518251bc8)

  • TAP Drivers

    • Add gro support (9e2a78564)

    • Add virtio 1.1 API flag (50bd16559)

  • TCP

    • Track reorder with selective acknowledgments (cc4d6d022)

• Plugins

  • AF_XDP driver

    • New plugin for Linux AF_XDP input (4a76d6f6d)

  • CNat

    • New plugin for destination based NAT (29f3c7d2e)

  • Wireguard

    • New plugin, initial implementation of wireguard protocol (edca1325c)

  • Crypto - OpenSSL

    • Add chacha20-poly1305 support to crypto-openssl (1b6ed022e)

  • DPDK

    • Device_id sorted order for cryptodev (5a849e3b3)

    • Call the meson-based build instead of Makefiles (73903d7e8)

  • Internet Key Exchange (IKEv2) Protocol

    • Add support for NAT traversal (NAT-T) (4362baa33)

    • Add profile dump API (6a9bd8188)

    • Add support for AES-GCM cipher in IKE (a7b963df2)

    • Add SA dump API (a340fe1ac)

  • Network Delay Simulator

    • Basic reorder support (e6c3e8f0e)

• VPP Comms Library

  • Nest vcl_mq_epfd to support epoll_wait without high CPU usage (4266d4d5f)

  • Support connected udp listens (1e96617d9)

  • Support inter worker rpc (40c07ce7a)

  • Support multi-threads with session migration (a3a489691)

• Vector Library

  • Add recursive macro expander to debug cli (961e3c842)

• Binary API Libraries

  • Add new stream message convention (f5db3711b)

  • Make VPP api handlers endian independent (e796a1873)

• Infrastructure Library

  • Multiarch support for OCTEONTX2 SoC (e2f5236dc)

Known issues

For the full list of issues please refer to fd.io JIRA.

Fixed issues

For the full list of fixed issues please refer to:

• fd.io JIRA

• git commit log

API changes

Description of results:

• Definition changed: indicates that the API file was modified between releases.

• Only in image: indicates the API is new for this release.

• Only in file: indicates the API has been removed in this release.

Message Name	Result
adl_allowlist_enable_disable	only in image
adl_allowlist_enable_disable_reply	only in image
adl_interface_enable_disable	only in image
adl_interface_enable_disable_reply	only in image
bond_add_member	only in image
bond_add_member_reply	only in image
bond_create2	only in image
bond_create2_reply	only in image
bond_detach_member	only in image
bond_detach_member_reply	only in image
cnat_add_del_snat_prefix	only in image
cnat_add_del_snat_prefix_reply	only in image
cnat_session_details	only in image
cnat_session_dump	only in image
cnat_session_purge	only in image
cnat_session_purge_reply	only in image
cnat_set_snat_addresses	only in image
cnat_set_snat_addresses_reply	only in image
cnat_translation_del	only in image
cnat_translation_del_reply	only in image
cnat_translation_details	only in image
cnat_translation_dump	only in image
cnat_translation_update	only in image
cnat_translation_update_reply	only in image
crypto_set_async_dispatch	only in image
crypto_set_async_dispatch_reply	only in image
crypto_set_handler	only in image
crypto_set_handler_reply	only in image
crypto_sw_scheduler_set_worker	only in image
crypto_sw_scheduler_set_worker_reply	only in image
det44_add_del_map	only in image
det44_add_del_map_reply	only in image
det44_close_session_in	only in image
det44_close_session_in_reply	only in image
det44_close_session_out	only in image
det44_close_session_out_reply	only in image
det44_forward	only in image
det44_forward_reply	only in image
det44_get_timeouts	only in image
det44_get_timeouts_reply	only in image
det44_interface_add_del_feature	only in image
det44_interface_add_del_feature_reply	only in image
det44_interface_details	only in image
det44_interface_dump	only in image
det44_map_details	only in image
det44_map_dump	only in image
det44_plugin_enable_disable	only in image
det44_plugin_enable_disable_reply	only in image
det44_reverse	only in image
det44_reverse_reply	only in image
det44_session_details	only in image
det44_session_dump	only in image
det44_set_timeouts	only in image
det44_set_timeouts_reply	only in image
flow_add	only in image
flow_add_reply	only in image
flow_del	only in image
flow_del_reply	only in image
flow_disable	only in image
flow_disable_reply	only in image
flow_enable	only in image
flow_enable_reply	only in image
geneve_add_del_tunnel2	only in image
geneve_add_del_tunnel2_reply	only in image
gtpu_add_del_tunnel	definition changed
gtpu_tunnel_details	definition changed
gtpu_tunnel_update_tteid	only in image
gtpu_tunnel_update_tteid_reply	only in image
ikev2_child_sa_details	only in image
ikev2_child_sa_dump	only in image
ikev2_nonce_get	only in image
ikev2_nonce_get_reply	only in image
ikev2_profile_details	only in image
ikev2_profile_dump	only in image
ikev2_profile_set_ts	definition changed
ikev2_sa_details	only in image
ikev2_sa_dump	only in image
ikev2_set_esp_transforms	definition changed
ikev2_set_ike_transforms	definition changed
ikev2_set_responder	definition changed
ikev2_traffic_selector_details	only in image
ikev2_traffic_selector_dump	only in image
ipsec_itf_create	only in image
ipsec_itf_create_reply	only in image
ipsec_itf_delete	only in image
ipsec_itf_delete_reply	only in image
ipsec_itf_details	only in image
ipsec_itf_dump	only in image
ipsec_set_async_mode	only in image
ipsec_set_async_mode_reply	only in image
map_domains_get	only in image
map_domains_get_reply	only in image
nat44_add_del_static_mapping_v2	only in image
nat44_add_del_static_mapping_v2_reply	only in image
nat_show_config_2	only in image
nat_show_config_2_reply	only in image
nsim_configure2	only in image
nsim_configure2_reply	only in image
pg_interface_enable_disable_coalesce	only in image
pg_interface_enable_disable_coalesce_reply	only in image
sr_policies_with_sl_index_details	only in image
sr_policies_with_sl_index_dump	only in image
sw_bond_interface_details	only in image
sw_bond_interface_dump	only in image
sw_member_interface_details	only in image
sw_member_interface_dump	only in image
trace_details	only in image
trace_dump	only in image
trace_dump_reply	only in image
virtio_pci_create_v2	only in image
virtio_pci_create_v2_reply	only in image
wireguard_interface_create	only in image
wireguard_interface_create_reply	only in image
wireguard_interface_delete	only in image
wireguard_interface_delete_reply	only in image
wireguard_interface_details	only in image
wireguard_interface_dump	only in image
wireguard_peer_add	only in image
wireguard_peer_add_reply	only in image
wireguard_peer_remove	only in image
wireguard_peer_remove_reply	only in image
wireguard_peers_details	only in image
wireguard_peers_dump	only in image

Found 123 api message signature differences

Newly deprecated API messages

These messages are still there in the API, but can and probably will disappear in the next release.

• bond_create

• bond_detach_slave

• bond_detach_slave_reply

• bond_enslave

• cop_interface_enable_disable

• cop_interface_enable_disable_reply

• cop_whitelist_enable_disable

• cop_whitelist_enable_disable_reply

• geneve_add_del_tunnel

• ipsec_tunnel_if_add_del

• ipsec_tunnel_if_set_sa

• ipsec_tunnel_if_set_sa_reply

• map_domain_dump

• nat_det_add_del_map

• nat_det_add_del_map_reply

• nat_det_close_session_in

• nat_det_close_session_in_reply

• nat_det_close_session_out

• nat_det_close_session_out_reply

• nat_det_forward

• nat_det_forward_reply

• nat_det_map_details

• nat_det_map_dump

• nat_det_reverse

• nat_det_reverse_reply

• nat_det_session_details

• nat_det_session_dump

• nat_show_config

• nsim_configure

• nsim_configure_reply

• sw_interface_bond_dump

• sw_interface_slave_dump

• virtio_pci_create

• virtio_pci_create_reply

In-progress API messages

These messages are provided for testing and experimentation only. They are not subject to any compatibility process, and therefore can arbitrarily change or disappear at any moment. Also they may have less than satisfactory testing, making them unsuitable for other use than the technology preview. If you are intending to use these messages in production projects, please collaborate with the feature maintainer on their productization.

• abf_itf_attach_add_del

• abf_itf_attach_add_del_reply

• abf_itf_attach_details

• abf_itf_attach_dump

• abf_plugin_get_version

• abf_plugin_get_version_reply

• abf_policy_add_del

• abf_policy_add_del_reply

• abf_policy_details

• abf_policy_dump

• adl_allowlist_enable_disable

• adl_allowlist_enable_disable_reply

• adl_interface_enable_disable

• adl_interface_enable_disable_reply

• af_xdp_create

• af_xdp_create_reply

• af_xdp_delete

• af_xdp_delete_reply

• cnat_add_del_snat_prefix

• cnat_add_del_snat_prefix_reply

• cnat_session_details

• cnat_session_dump

• cnat_session_purge

• cnat_session_purge_reply

• cnat_set_snat_addresses

• cnat_set_snat_addresses_reply

• cnat_translation_del

• cnat_translation_del_reply

• cnat_translation_details

• cnat_translation_dump

• cnat_translation_update

• cnat_translation_update_reply

• crypto_sw_scheduler_set_worker

• crypto_sw_scheduler_set_worker_reply

• det44_get_timeouts_reply

• det44_interface_add_del_feature

• det44_interface_add_del_feature_reply

• det44_interface_details

• det44_interface_dump

• det44_plugin_enable_disable

• det44_plugin_enable_disable_reply

• det44_set_timeouts

• det44_set_timeouts_reply

• flow_add

• flow_add_reply

• flow_del

• flow_del_reply

• flow_disable

• flow_disable_reply

• flow_enable

• flow_enable_reply

• gbp_bridge_domain_add

• gbp_bridge_domain_add_reply

• gbp_bridge_domain_del

• gbp_bridge_domain_del_reply

• gbp_bridge_domain_details

• gbp_bridge_domain_dump

• gbp_bridge_domain_dump_reply

• gbp_contract_add_del

• gbp_contract_add_del_reply

• gbp_contract_details

• gbp_contract_dump

• gbp_endpoint_add

• gbp_endpoint_add_reply

• gbp_endpoint_del

• gbp_endpoint_del_reply

• gbp_endpoint_details

• gbp_endpoint_dump

• gbp_endpoint_group_add

• gbp_endpoint_group_add_reply

• gbp_endpoint_group_del

• gbp_endpoint_group_del_reply

• gbp_endpoint_group_details

• gbp_endpoint_group_dump

• gbp_ext_itf_add_del

• gbp_ext_itf_add_del_reply

• gbp_ext_itf_details

• gbp_ext_itf_dump

• gbp_recirc_add_del

• gbp_recirc_add_del_reply

• gbp_recirc_details

• gbp_recirc_dump

• gbp_route_domain_add

• gbp_route_domain_add_reply

• gbp_route_domain_del

• gbp_route_domain_del_reply

• gbp_route_domain_details

• gbp_route_domain_dump

• gbp_route_domain_dump_reply

• gbp_subnet_add_del

• gbp_subnet_add_del_reply

• gbp_subnet_details

• gbp_subnet_dump

• gbp_vxlan_tunnel_add

• gbp_vxlan_tunnel_add_reply

• gbp_vxlan_tunnel_del

• gbp_vxlan_tunnel_del_reply

• gbp_vxlan_tunnel_details

• gbp_vxlan_tunnel_dump

• ikev2_child_sa_details

• ikev2_child_sa_dump

• ikev2_initiate_del_child_sa

• ikev2_initiate_del_child_sa_reply

• ikev2_initiate_del_ike_sa

• ikev2_initiate_del_ike_sa_reply

• ikev2_initiate_rekey_child_sa

• ikev2_initiate_rekey_child_sa_reply

• ikev2_initiate_sa_init

• ikev2_initiate_sa_init_reply

• ikev2_nonce_get

• ikev2_nonce_get_reply

• ikev2_profile_add_del

• ikev2_profile_add_del_reply

• ikev2_profile_details

• ikev2_profile_dump

• ikev2_profile_set_auth

• ikev2_profile_set_auth_reply

• ikev2_profile_set_id

• ikev2_profile_set_id_reply

• ikev2_profile_set_ipsec_udp_port

• ikev2_profile_set_ipsec_udp_port_reply

• ikev2_profile_set_liveness

• ikev2_profile_set_liveness_reply

• ikev2_profile_set_ts

• ikev2_profile_set_ts_reply

• ikev2_profile_set_udp_encap

• ikev2_profile_set_udp_encap_reply

• ikev2_sa_details

• ikev2_sa_dump

• ikev2_set_esp_transforms

• ikev2_set_esp_transforms_reply

• ikev2_set_ike_transforms

• ikev2_set_ike_transforms_reply

• ikev2_set_local_key

• ikev2_set_local_key_reply

• ikev2_set_responder

• ikev2_set_responder_reply

• ikev2_set_sa_lifetime

• ikev2_set_sa_lifetime_reply

• ikev2_set_tunnel_interface

• ikev2_set_tunnel_interface_reply

• ikev2_traffic_selector_details

• ikev2_traffic_selector_dump

• l2_emulation

• l2_emulation_reply

• mdata_enable_disable

• mdata_enable_disable_reply

• nat44_add_del_static_mapping_v2

• nat44_add_del_static_mapping_v2_reply

• oddbuf_enable_disable

• oddbuf_enable_disable_reply

• pg_interface_enable_disable_coalesce

• pg_interface_enable_disable_coalesce_reply

• sample_macswap_enable_disable

• sample_macswap_enable_disable_reply

• sr_policies_with_sl_index_details

• sr_policies_with_sl_index_dump

• sw_interface_set_vxlan_gbp_bypass

• sw_interface_set_vxlan_gbp_bypass_reply

• trace_details

• trace_dump

• trace_dump_reply

• vxlan_gbp_tunnel_add_del

• vxlan_gbp_tunnel_add_del_reply

• vxlan_gbp_tunnel_details

• vxlan_gbp_tunnel_dump

• wireguard_interface_create

• wireguard_interface_create_reply

• wireguard_interface_delete

• wireguard_interface_delete_reply

• wireguard_interface_details

• wireguard_interface_dump

• wireguard_peer_add

• wireguard_peer_add_reply

• wireguard_peer_remove

• wireguard_peer_remove_reply

• wireguard_peers_details

• wireguard_peers_dump

Patches that changed API definitions

src/vpp/api/vpe.api

• d0236f725 flow: add vnet/flow formal API

src/vnet/crypto/crypto.api

• 4035daffd crypto: Crypto set handler API to support set all as CLI

• 0c936b147 crypto: Add async crypto APIs

src/vnet/cop/cop.api

• 00f21fb2f api: clean up use of deprecated flag

• ac0326fc5 adl: move allow/deny list function to plugin

src/vnet/lisp-gpe/lisp_gpe.api

• 4ab5190eb lisp: API cleanup

src/vnet/vxlan-gbp/vxlan_gbp.api

• f72b1aff7 vxlan-gbp: Mark APIs as in-progress

src/vnet/flow/flow_types.api

• 34bfa50b6 flow: code refactor

• d0236f725 flow: add vnet/flow formal API

src/vnet/flow/flow.api

• d0236f725 flow: add vnet/flow formal API

src/vnet/srv6/sr.api

• 30fa97dc6 sr: new messages created to return sl index for segment lists in a sr policy

src/vnet/pg/pg.api

• f382b06fe gso: packet coalesce library

• 0cf528233 gso: fix the udp checksum in test

src/vnet/geneve/geneve.api

• 00f21fb2f api: clean up use of deprecated flag

• 7fc88cf3a geneve: support geneve interface acting as a bvi

src/vnet/lisp-cp/one.api

• 4ab5190eb lisp: API cleanup

src/vnet/lisp-cp/lisp.api

• 4ab5190eb lisp: API cleanup

src/vnet/devices/tap/tapv2.api

• 50bd16559 tap: add virtio 1.1 API flag

src/vnet/devices/virtio/vhost_user.api

• a0e8d9669 virtio: add vhost sw_if_index filter for sw_interface_vhost_user_dump

src/vnet/devices/virtio/virtio.api

• 00f21fb2f api: clean up use of deprecated flag

• 518251bc8 virtio: add virtio 1.1 api flags

src/vnet/ipsec/ipsec.api

• 00f21fb2f api: clean up use of deprecated flag

• 2e84d6655 ipsec: add ipsec set async mode api

• e6df80de4 ipsec: Deprecate old interface API

• dd4ccf262 ipsec: Dedicated IPSec interface type

src/vnet/bonding/bond.api

• ea7178631 bonding: add bond_create2 API to include gso option

• 4c4223edf bonding lacp: replace slave string with member

src/vnet/ip/ip_types.api

• d0236f725 flow: add vnet/flow formal API

src/plugins/wireguard/wireguard.api

• edca1325c wireguard: initial implementation of wireguard protocol

src/plugins/map/map.api

• 00f21fb2f api: clean up use of deprecated flag

• ac0326fc5 adl: move allow/deny list function to plugin

• f5db3711b api: add new stream message convention

src/plugins/lacp/lacp.api

• 4c4223edf bonding lacp: replace slave string with member

src/plugins/l2e/l2e.api

• f733e7ade l2e: mark API as in-progress

src/plugins/ikev2/ikev2.api

• a340fe1ac ikev2: add SA dump API

• 459d17bb7 ikev2: refactor and test profile dump API

• ac46e3b1d ikev2: API downgrade due to lack of ikev2 tests

• 6a9bd8188 ikev2: add profile dump API

src/plugins/ikev2/ikev2_types.api

• a340fe1ac ikev2: add SA dump API

• 459d17bb7 ikev2: refactor and test profile dump API

• 6a9bd8188 ikev2: add profile dump API

src/plugins/tracedump/tracedump.api

• 65b65a469 misc: add tracedump API plugin

src/plugins/gtpu/gtpu.api

• 9ebbb5c41 gtpu: support separate rx-decap and encap-tx teid values

src/plugins/gbp/gbp.api

• d2f8fb9c7 gbp: mark APIs as in-progress

src/plugins/acl/acl.api

• 24ee40a5c acl: correct acl vat help message

src/plugins/nat/dslite/dslite.api

• 603e75465 nat: move deterministic nat to det44 sub feature

src/plugins/nat/det44/det44.api

• 00f21fb2f api: clean up use of deprecated flag

• 603e75465 nat: move deterministic nat to det44 sub feature

src/plugins/nat/nat_types.api

• 96068d6b9 nat: nat66 to plugin

src/plugins/nat/nat.api

• 6484f4b9c nat: twice-nat static mapping pool address

• edc816355 nat: fix type in api message

• 603e75465 nat: move deterministic nat to det44 sub feature

• 96068d6b9 nat: nat66 to plugin

src/plugins/nat/nat66/nat66.api

• 96068d6b9 nat: nat66 to plugin

src/plugins/cnat/cnat.api

• 29f3c7d2e cnat: Destination based NAT

src/plugins/abf/abf.api

• df494dafa abf: mark API as in-progress

src/plugins/adl/adl.api

• ac0326fc5 adl: move allow/deny list function to plugin

src/plugins/nsim/nsim.api

• 00f21fb2f api: clean up use of deprecated flag

• e6c3e8f0e nsim: basic reorder support

src/plugins/crypto_sw_scheduler/crypto_sw_scheduler.api

• 0c936b147 crypto: Add async crypto APIs

src/plugins/dhcp/dhcp.api

• bad679291 api: register endian handlers for reply messages

src/plugins/af_xdp/af_xdp.api

• 4a76d6f6d af_xdp: AF_XDP input plugin