FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
Release notes for VPP 20.09

More than 458 commits since the previous release, including 266 fixes.

Release Highlights

The FD.io VPP 20.09 release added a number of notable new features. In plugins, the I/O layer added support for the Linux AF_XDP interface with the AF_XDP plugin. New plugins where added supporting both the Wireguard security protocol and CNAT destination based address translation, and the existing IKEv2 plugin added support for NAT-T. In the cryptography layer, support was added for synchronous software crypto engines, enabling users to allocate dedicated crypto worker threads. The flow layer added support for steering IPSEC ESP/AH flows to worker threads. GRO support was added to the packet coalescing library.

This release introduces the new FD.io VPP API change policy to ensure backwards-compatibility. The policy will ensure seamless upgrades to new versions of FD.io VPP in future, provided no "in-progress" or deprecated APIs are in use. Enabling the FD.io community to enjoy the benefits of new releases, while minimizing the work involved in staying current.

If you dive into the implementation, you will note that policy in action. A number of modified API messages have had their original versions maintained to ensure compatibility.

Reflecting the new policy we added two new sections to the release notes describing:

  • Newly deprecated API messages: please note that if you are using a deprecated message, they will soon be removed in a subsequent release. Collaborate with the feature maintainer on the best approach to mitigate.
  • In-progress API messages: They are work-in-progress, and are not subject to the policy, and may change or even be removed at any time. Please collaborate with the feature maintainer on plans to productize the message before using in any product. In-progress APIs must eventually become stable or be removed.

Features

  • VNET
    • Crypto Infra
      • Add chacha20-poly1305 algo (61f49aa38)
      • Asynchronous crypto engines (2284817ea)
      • Add asynchronous crypto APIs (0c936b147)
      • Added support for optimized cryptodev API (ef80ad6bf)
    • FLOW
      • Added ability to steer IPSec ESP/AH flows to worker threads (d4c3666b9)
      • Added the vnet/flow API (d0236f725)
    • GENEVE
      • Support geneve interface acting as a bvi (7fc88cf3a)
    • GSO
      • Added software GRO support (f382b06fe)
    • IPSec
      • Dedicated IPSec interface type (dd4ccf262)
      • Deprecate old interface API (e6df80de4)
    • Interface Common
      • Support configuring RSS steering queues (c4665093c)
    • Native Virtio Drivers
      • Add vhost sw_if_index filter for sw_interface_vhost_user_dump (a0e8d9669)
      • Add modern device support (379aac395)
      • Add virtio 1.1 api flags (518251bc8)
    • TAP Drivers
      • Add gro support (9e2a78564)
      • Add virtio 1.1 API flag (50bd16559)
    • TCP
      • Track reorder with selective acknowledgments (cc4d6d022)
  • Plugins
    • AF_XDP driver
      • New plugin for Linux AF_XDP input (4a76d6f6d)
    • CNat
      • New plugin for destination based NAT (29f3c7d2e)
    • Wireguard
      • New plugin, initial implementation of wireguard protocol (edca1325c)
    • Crypto - OpenSSL
      • Add chacha20-poly1305 support to crypto-openssl (1b6ed022e)
    • DPDK
      • Device_id sorted order for cryptodev (5a849e3b3)
      • Call the meson-based build instead of Makefiles (73903d7e8)
    • Internet Key Exchange (IKEv2) Protocol
      • Add support for NAT traversal (NAT-T) (4362baa33)
      • Add profile dump API (6a9bd8188)
      • Add support for AES-GCM cipher in IKE (a7b963df2)
      • Add SA dump API (a340fe1ac)
    • Network Delay Simulator
      • Basic reorder support (e6c3e8f0e)
  • VPP Comms Library
    • Nest vcl_mq_epfd to support epoll_wait without high CPU usage (4266d4d5f)
    • Support connected udp listens (1e96617d9)
    • Support inter worker rpc (40c07ce7a)
    • Support multi-threads with session migration (a3a489691)
  • Vector Library
    • Add recursive macro expander to debug cli (961e3c842)
  • Binary API Libraries
    • Add new stream message convention (f5db3711b)
    • Make VPP api handlers endian independent (e796a1873)
  • Infrastructure Library
    • Multiarch support for OCTEONTX2 SoC (e2f5236dc)

Known issues

For the full list of issues please refer to fd.io JIRA.

Fixed issues

For the full list of fixed issues please refer to:

API changes

Description of results:

  • Definition changed: indicates that the API file was modified between releases.
  • Only in image: indicates the API is new for this release.
  • Only in file: indicates the API has been removed in this release.
Message Name Result
adl_allowlist_enable_disable only in image
adl_allowlist_enable_disable_reply only in image
adl_interface_enable_disable only in image
adl_interface_enable_disable_reply only in image
bond_add_member only in image
bond_add_member_reply only in image
bond_create2 only in image
bond_create2_reply only in image
bond_detach_member only in image
bond_detach_member_reply only in image
cnat_add_del_snat_prefix only in image
cnat_add_del_snat_prefix_reply only in image
cnat_session_details only in image
cnat_session_dump only in image
cnat_session_purge only in image
cnat_session_purge_reply only in image
cnat_set_snat_addresses only in image
cnat_set_snat_addresses_reply only in image
cnat_translation_del only in image
cnat_translation_del_reply only in image
cnat_translation_details only in image
cnat_translation_dump only in image
cnat_translation_update only in image
cnat_translation_update_reply only in image
crypto_set_async_dispatch only in image
crypto_set_async_dispatch_reply only in image
crypto_set_handler only in image
crypto_set_handler_reply only in image
crypto_sw_scheduler_set_worker only in image
crypto_sw_scheduler_set_worker_reply only in image
det44_add_del_map only in image
det44_add_del_map_reply only in image
det44_close_session_in only in image
det44_close_session_in_reply only in image
det44_close_session_out only in image
det44_close_session_out_reply only in image
det44_forward only in image
det44_forward_reply only in image
det44_get_timeouts only in image
det44_get_timeouts_reply only in image
det44_interface_add_del_feature only in image
det44_interface_add_del_feature_reply only in image
det44_interface_details only in image
det44_interface_dump only in image
det44_map_details only in image
det44_map_dump only in image
det44_plugin_enable_disable only in image
det44_plugin_enable_disable_reply only in image
det44_reverse only in image
det44_reverse_reply only in image
det44_session_details only in image
det44_session_dump only in image
det44_set_timeouts only in image
det44_set_timeouts_reply only in image
flow_add only in image
flow_add_reply only in image
flow_del only in image
flow_del_reply only in image
flow_disable only in image
flow_disable_reply only in image
flow_enable only in image
flow_enable_reply only in image
geneve_add_del_tunnel2 only in image
geneve_add_del_tunnel2_reply only in image
gtpu_add_del_tunnel definition changed
gtpu_tunnel_details definition changed
gtpu_tunnel_update_tteid only in image
gtpu_tunnel_update_tteid_reply only in image
ikev2_child_sa_details only in image
ikev2_child_sa_dump only in image
ikev2_nonce_get only in image
ikev2_nonce_get_reply only in image
ikev2_profile_details only in image
ikev2_profile_dump only in image
ikev2_profile_set_ts definition changed
ikev2_sa_details only in image
ikev2_sa_dump only in image
ikev2_set_esp_transforms definition changed
ikev2_set_ike_transforms definition changed
ikev2_set_responder definition changed
ikev2_traffic_selector_details only in image
ikev2_traffic_selector_dump only in image
ipsec_itf_create only in image
ipsec_itf_create_reply only in image
ipsec_itf_delete only in image
ipsec_itf_delete_reply only in image
ipsec_itf_details only in image
ipsec_itf_dump only in image
ipsec_set_async_mode only in image
ipsec_set_async_mode_reply only in image
map_domains_get only in image
map_domains_get_reply only in image
nat44_add_del_static_mapping_v2 only in image
nat44_add_del_static_mapping_v2_reply only in image
nat_show_config_2 only in image
nat_show_config_2_reply only in image
nsim_configure2 only in image
nsim_configure2_reply only in image
pg_interface_enable_disable_coalesce only in image
pg_interface_enable_disable_coalesce_reply only in image
sr_policies_with_sl_index_details only in image
sr_policies_with_sl_index_dump only in image
sw_bond_interface_details only in image
sw_bond_interface_dump only in image
sw_member_interface_details only in image
sw_member_interface_dump only in image
trace_details only in image
trace_dump only in image
trace_dump_reply only in image
virtio_pci_create_v2 only in image
virtio_pci_create_v2_reply only in image
wireguard_interface_create only in image
wireguard_interface_create_reply only in image
wireguard_interface_delete only in image
wireguard_interface_delete_reply only in image
wireguard_interface_details only in image
wireguard_interface_dump only in image
wireguard_peer_add only in image
wireguard_peer_add_reply only in image
wireguard_peer_remove only in image
wireguard_peer_remove_reply only in image
wireguard_peers_details only in image
wireguard_peers_dump only in image

Found 123 api message signature differences

Newly deprecated API messages

These messages are still there in the API, but can and probably will disappear in the next release.

  • bond_create
  • bond_detach_slave
  • bond_detach_slave_reply
  • bond_enslave
  • cop_interface_enable_disable
  • cop_interface_enable_disable_reply
  • cop_whitelist_enable_disable
  • cop_whitelist_enable_disable_reply
  • geneve_add_del_tunnel
  • ipsec_tunnel_if_add_del
  • ipsec_tunnel_if_set_sa
  • ipsec_tunnel_if_set_sa_reply
  • map_domain_dump
  • nat_det_add_del_map
  • nat_det_add_del_map_reply
  • nat_det_close_session_in
  • nat_det_close_session_in_reply
  • nat_det_close_session_out
  • nat_det_close_session_out_reply
  • nat_det_forward
  • nat_det_forward_reply
  • nat_det_map_details
  • nat_det_map_dump
  • nat_det_reverse
  • nat_det_reverse_reply
  • nat_det_session_details
  • nat_det_session_dump
  • nat_show_config
  • nsim_configure
  • nsim_configure_reply
  • sw_interface_bond_dump
  • sw_interface_slave_dump
  • virtio_pci_create
  • virtio_pci_create_reply

In-progress API messages

These messages are provided for testing and experimentation only. They are not subject to any compatibility process, and therefore can arbitrarily change or disappear at any moment. Also they may have less than satisfactory testing, making them unsuitable for other use than the technology preview. If you are intending to use these messages in production projects, please collaborate with the feature maintainer on their productization.

  • abf_itf_attach_add_del
  • abf_itf_attach_add_del_reply
  • abf_itf_attach_details
  • abf_itf_attach_dump
  • abf_plugin_get_version
  • abf_plugin_get_version_reply
  • abf_policy_add_del
  • abf_policy_add_del_reply
  • abf_policy_details
  • abf_policy_dump
  • adl_allowlist_enable_disable
  • adl_allowlist_enable_disable_reply
  • adl_interface_enable_disable
  • adl_interface_enable_disable_reply
  • af_xdp_create
  • af_xdp_create_reply
  • af_xdp_delete
  • af_xdp_delete_reply
  • cnat_add_del_snat_prefix
  • cnat_add_del_snat_prefix_reply
  • cnat_session_details
  • cnat_session_dump
  • cnat_session_purge
  • cnat_session_purge_reply
  • cnat_set_snat_addresses
  • cnat_set_snat_addresses_reply
  • cnat_translation_del
  • cnat_translation_del_reply
  • cnat_translation_details
  • cnat_translation_dump
  • cnat_translation_update
  • cnat_translation_update_reply
  • crypto_sw_scheduler_set_worker
  • crypto_sw_scheduler_set_worker_reply
  • det44_get_timeouts_reply
  • det44_interface_add_del_feature
  • det44_interface_add_del_feature_reply
  • det44_interface_details
  • det44_interface_dump
  • det44_plugin_enable_disable
  • det44_plugin_enable_disable_reply
  • det44_set_timeouts
  • det44_set_timeouts_reply
  • flow_add
  • flow_add_reply
  • flow_del
  • flow_del_reply
  • flow_disable
  • flow_disable_reply
  • flow_enable
  • flow_enable_reply
  • gbp_bridge_domain_add
  • gbp_bridge_domain_add_reply
  • gbp_bridge_domain_del
  • gbp_bridge_domain_del_reply
  • gbp_bridge_domain_details
  • gbp_bridge_domain_dump
  • gbp_bridge_domain_dump_reply
  • gbp_contract_add_del
  • gbp_contract_add_del_reply
  • gbp_contract_details
  • gbp_contract_dump
  • gbp_endpoint_add
  • gbp_endpoint_add_reply
  • gbp_endpoint_del
  • gbp_endpoint_del_reply
  • gbp_endpoint_details
  • gbp_endpoint_dump
  • gbp_endpoint_group_add
  • gbp_endpoint_group_add_reply
  • gbp_endpoint_group_del
  • gbp_endpoint_group_del_reply
  • gbp_endpoint_group_details
  • gbp_endpoint_group_dump
  • gbp_ext_itf_add_del
  • gbp_ext_itf_add_del_reply
  • gbp_ext_itf_details
  • gbp_ext_itf_dump
  • gbp_recirc_add_del
  • gbp_recirc_add_del_reply
  • gbp_recirc_details
  • gbp_recirc_dump
  • gbp_route_domain_add
  • gbp_route_domain_add_reply
  • gbp_route_domain_del
  • gbp_route_domain_del_reply
  • gbp_route_domain_details
  • gbp_route_domain_dump
  • gbp_route_domain_dump_reply
  • gbp_subnet_add_del
  • gbp_subnet_add_del_reply
  • gbp_subnet_details
  • gbp_subnet_dump
  • gbp_vxlan_tunnel_add
  • gbp_vxlan_tunnel_add_reply
  • gbp_vxlan_tunnel_del
  • gbp_vxlan_tunnel_del_reply
  • gbp_vxlan_tunnel_details
  • gbp_vxlan_tunnel_dump
  • ikev2_child_sa_details
  • ikev2_child_sa_dump
  • ikev2_initiate_del_child_sa
  • ikev2_initiate_del_child_sa_reply
  • ikev2_initiate_del_ike_sa
  • ikev2_initiate_del_ike_sa_reply
  • ikev2_initiate_rekey_child_sa
  • ikev2_initiate_rekey_child_sa_reply
  • ikev2_initiate_sa_init
  • ikev2_initiate_sa_init_reply
  • ikev2_nonce_get
  • ikev2_nonce_get_reply
  • ikev2_profile_add_del
  • ikev2_profile_add_del_reply
  • ikev2_profile_details
  • ikev2_profile_dump
  • ikev2_profile_set_auth
  • ikev2_profile_set_auth_reply
  • ikev2_profile_set_id
  • ikev2_profile_set_id_reply
  • ikev2_profile_set_ipsec_udp_port
  • ikev2_profile_set_ipsec_udp_port_reply
  • ikev2_profile_set_liveness
  • ikev2_profile_set_liveness_reply
  • ikev2_profile_set_ts
  • ikev2_profile_set_ts_reply
  • ikev2_profile_set_udp_encap
  • ikev2_profile_set_udp_encap_reply
  • ikev2_sa_details
  • ikev2_sa_dump
  • ikev2_set_esp_transforms
  • ikev2_set_esp_transforms_reply
  • ikev2_set_ike_transforms
  • ikev2_set_ike_transforms_reply
  • ikev2_set_local_key
  • ikev2_set_local_key_reply
  • ikev2_set_responder
  • ikev2_set_responder_reply
  • ikev2_set_sa_lifetime
  • ikev2_set_sa_lifetime_reply
  • ikev2_set_tunnel_interface
  • ikev2_set_tunnel_interface_reply
  • ikev2_traffic_selector_details
  • ikev2_traffic_selector_dump
  • l2_emulation
  • l2_emulation_reply
  • mdata_enable_disable
  • mdata_enable_disable_reply
  • nat44_add_del_static_mapping_v2
  • nat44_add_del_static_mapping_v2_reply
  • oddbuf_enable_disable
  • oddbuf_enable_disable_reply
  • pg_interface_enable_disable_coalesce
  • pg_interface_enable_disable_coalesce_reply
  • sample_macswap_enable_disable
  • sample_macswap_enable_disable_reply
  • sr_policies_with_sl_index_details
  • sr_policies_with_sl_index_dump
  • sw_interface_set_vxlan_gbp_bypass
  • sw_interface_set_vxlan_gbp_bypass_reply
  • trace_details
  • trace_dump
  • trace_dump_reply
  • vxlan_gbp_tunnel_add_del
  • vxlan_gbp_tunnel_add_del_reply
  • vxlan_gbp_tunnel_details
  • vxlan_gbp_tunnel_dump
  • wireguard_interface_create
  • wireguard_interface_create_reply
  • wireguard_interface_delete
  • wireguard_interface_delete_reply
  • wireguard_interface_details
  • wireguard_interface_dump
  • wireguard_peer_add
  • wireguard_peer_add_reply
  • wireguard_peer_remove
  • wireguard_peer_remove_reply
  • wireguard_peers_details
  • wireguard_peers_dump

Patches that changed API definitions

src/vpp/api/vpe.api
d0236f725 flow: add vnet/flow formal API
src/vnet/crypto/crypto.api
4035daffd crypto: Crypto set handler API to support set all as CLI
0c936b147 crypto: Add async crypto APIs
src/vnet/cop/cop.api
00f21fb2f api: clean up use of deprecated flag
ac0326fc5 adl: move allow/deny list function to plugin
src/vnet/lisp-gpe/lisp_gpe.api
4ab5190eb lisp: API cleanup
src/vnet/vxlan-gbp/vxlan_gbp.api
f72b1aff7 vxlan-gbp: Mark APIs as in-progress
src/vnet/flow/flow_types.api
34bfa50b6 flow: code refactor
d0236f725 flow: add vnet/flow formal API
src/vnet/flow/flow.api
d0236f725 flow: add vnet/flow formal API
src/vnet/srv6/sr.api
30fa97dc6 sr: new messages created to return sl index for segment lists in a sr policy
src/vnet/pg/pg.api
f382b06fe gso: packet coalesce library
0cf528233 gso: fix the udp checksum in test
src/vnet/geneve/geneve.api
00f21fb2f api: clean up use of deprecated flag
7fc88cf3a geneve: support geneve interface acting as a bvi
src/vnet/lisp-cp/one.api
4ab5190eb lisp: API cleanup
src/vnet/lisp-cp/lisp.api
4ab5190eb lisp: API cleanup
src/vnet/devices/tap/tapv2.api
50bd16559 tap: add virtio 1.1 API flag
src/vnet/devices/virtio/vhost_user.api
a0e8d9669 virtio: add vhost sw_if_index filter for sw_interface_vhost_user_dump
src/vnet/devices/virtio/virtio.api
00f21fb2f api: clean up use of deprecated flag
518251bc8 virtio: add virtio 1.1 api flags
src/vnet/ipsec/ipsec.api
00f21fb2f api: clean up use of deprecated flag
2e84d6655 ipsec: add ipsec set async mode api
e6df80de4 ipsec: Deprecate old interface API
dd4ccf262 ipsec: Dedicated IPSec interface type
src/vnet/bonding/bond.api
ea7178631 bonding: add bond_create2 API to include gso option
4c4223edf bonding lacp: replace slave string with member
src/vnet/ip/ip_types.api
d0236f725 flow: add vnet/flow formal API
src/plugins/wireguard/wireguard.api
edca1325c wireguard: initial implementation of wireguard protocol
src/plugins/map/map.api
00f21fb2f api: clean up use of deprecated flag
ac0326fc5 adl: move allow/deny list function to plugin
f5db3711b api: add new stream message convention
src/plugins/lacp/lacp.api
4c4223edf bonding lacp: replace slave string with member
src/plugins/l2e/l2e.api
f733e7ade l2e: mark API as in-progress
src/plugins/ikev2/ikev2.api
a340fe1ac ikev2: add SA dump API
459d17bb7 ikev2: refactor and test profile dump API
ac46e3b1d ikev2: API downgrade due to lack of ikev2 tests
6a9bd8188 ikev2: add profile dump API
src/plugins/ikev2/ikev2_types.api
a340fe1ac ikev2: add SA dump API
459d17bb7 ikev2: refactor and test profile dump API
6a9bd8188 ikev2: add profile dump API
src/plugins/tracedump/tracedump.api
65b65a469 misc: add tracedump API plugin
src/plugins/gtpu/gtpu.api
9ebbb5c41 gtpu: support separate rx-decap and encap-tx teid values
src/plugins/gbp/gbp.api
d2f8fb9c7 gbp: mark APIs as in-progress
src/plugins/acl/acl.api
24ee40a5c acl: correct acl vat help message
src/plugins/nat/dslite/dslite.api
603e75465 nat: move deterministic nat to det44 sub feature
src/plugins/nat/det44/det44.api
00f21fb2f api: clean up use of deprecated flag
603e75465 nat: move deterministic nat to det44 sub feature
src/plugins/nat/nat_types.api
96068d6b9 nat: nat66 to plugin
src/plugins/nat/nat.api
6484f4b9c nat: twice-nat static mapping pool address
edc816355 nat: fix type in api message
603e75465 nat: move deterministic nat to det44 sub feature
96068d6b9 nat: nat66 to plugin
src/plugins/nat/nat66/nat66.api
96068d6b9 nat: nat66 to plugin
src/plugins/cnat/cnat.api
29f3c7d2e cnat: Destination based NAT
src/plugins/abf/abf.api
df494dafa abf: mark API as in-progress
src/plugins/adl/adl.api
ac0326fc5 adl: move allow/deny list function to plugin
src/plugins/nsim/nsim.api
00f21fb2f api: clean up use of deprecated flag
e6c3e8f0e nsim: basic reorder support
src/plugins/crypto_sw_scheduler/crypto_sw_scheduler.api
0c936b147 crypto: Add async crypto APIs
src/plugins/dhcp/dhcp.api
bad679291 api: register endian handlers for reply messages
src/plugins/af_xdp/af_xdp.api
4a76d6f6d af_xdp: AF_XDP input plugin