We joyfully announce the release of: networking-generic-switch 9.0.0 This release is part of the gazpacho release series. The source is available from: https://opendev.org/openstack/networking-generic-switch Download the package from: https://pypi.org/project/networking-generic-switch Please report issues through: https://bugs.launchpad.net/networking-generic-switch/+bugs For more details, please see below. 9.0.0 ^^^^^ New Features ************ * Adds per-port "default_vlan" parameter to device driver interfaces. The "plug_port_to_network", "delete_port", "plug_bond_to_network", and "unplug_bond_from_network" methods now accept an optional "default_vlan" parameter that allows specifying a default VLAN on a per-port basis. This enhancement provides greater flexibility compared to the existing switch-wide "ngs_port_default_vlan" configuration option. When both are specified, the per-port value takes precedence. If neither is provided, no default VLAN cleanup or restoration will be performed. * Extends VXLAN support to Arista EOS and SONiC switches, enabling VXLAN overlay networks for bare metal deployments across multiple switch platforms. **Prerequisites**: This feature requires the "networking-baremetal" plugin with the "baremetal-l2vni" mechanism driver, which handles hierarchical port binding and allocates local VLAN segments that are mapped to VXLAN VNIs on the switch fabric. **Arista EOS**: Arista EOS uses BGP EVPN control plane with ingress-replication for BUM (Broadcast, Unknown unicast, and Multicast) traffic handling, following the same architecture as Cisco NX-OS. This approach aligns with vendor best practices and scales properly with Neutron's dynamic VNI assignment model. For each VXLAN network, the driver automatically configures: * BGP EVPN control plane (VLAN configuration with route distinguisher and route targets) * VLAN to VNI mapping * Ingress-replication for BUM traffic (default behavior) Configuration requires: * "ngs_bgp_asn" - BGP AS number (required) * "vxlan_interface" - VXLAN interface name (defaults to "Vxlan1") Switch prerequisites include BGP EVPN configuration. **SONiC**: SONiC uses BGP EVPN control plane with ingress-replication for BUM (Broadcast, Unknown unicast, and Multicast) traffic handling. The implementation uses FRR for EVPN configuration and relies on EVPN Type-3 IMET routes for dynamic VTEP discovery, avoiding the scaling issues associated with static flood lists. For each VXLAN network, the driver automatically configures: * BGP EVPN control plane (per-VNI configuration in FRR with route distinguisher and route targets) * VLAN to VNI mapping on the VTEP interface * Ingress-replication for BUM traffic (via EVPN) Configuration requires: * "vtep_name" - VXLAN tunnel endpoint interface name (required) * "ngs_bgp_asn" - BGP AS number (required) See the VXLAN L2VNI Support section in the configuration documentation for complete setup instructions and examples for each platform. * Adds VXLAN support for Cisco NX-OS switches using BGP EVPN with ingress-replication. This enables VXLAN overlay networks for bare metal deployments with Cisco Nexus switches acting as VXLAN Tunnel Endpoints (VTEPs). **Prerequisites**: This feature requires the "networking-baremetal" plugin with the "baremetal-l2vni" mechanism driver, which handles hierarchical port binding and allocates local VLAN segments that are mapped to VXLAN VNIs on the switch fabric. The implementation uses BGP EVPN control plane with ingress- replication for BUM (Broadcast, Unknown unicast, and Multicast) traffic handling. This approach aligns with Cisco best practices and scales properly with Neutron's dynamic VNI assignment model. For each VXLAN network, the driver automatically configures: * BGP EVPN control plane (VNI L2, route distinguisher, route targets) * VLAN to VNI mapping (vn-segment) * NVE interface membership with ingress-replication protocol bgp Configuration is minimal - only the NVE interface name needs to be specified (defaults to "nve1"). Switch prerequisites include BGP EVPN configuration with the NVE interface set to "host-reachability protocol bgp". See the VXLAN L2VNI Support section in the configuration documentation for complete setup instructions and examples. * Now the etcd api version is detected automatically. The API version can be overridden by the "api_version" query parameter of the coordination backend url, or the "ETCD3GW_API_PATH" environment. * Adds VXLAN L2VNI support for Juniper Junos and Cumulus NVUE platforms, completing VXLAN capabilities across major network operating systems. **Prerequisites**: This feature requires the "networking-baremetal" plugin with the "baremetal-l2vni" mechanism driver, which handles hierarchical port binding and allocates local VLAN segments that are mapped to VXLAN VNIs on the switch fabric. **Juniper Junos**: Supports VXLAN L2VNI configuration on QFX and EX series switches. The implementation maps VLANs (referenced by name) to VNIs using the "vxlan vni" command. Optional EVPN control plane support is available via VRF target configuration. Configuration options: * "ngs_evpn_vni_config" - Enable EVPN VRF target configuration (default: false) * "ngs_bgp_asn" - BGP AS number (required when EVPN is enabled) When EVPN is enabled, the driver configures per-VLAN VRF targets for EVPN Type-2 route import/export using the format "target:<asn>:<vni>". **Cumulus NVUE**: Supports VXLAN L2VNI configuration on the default bridge domain "br_default" for Cumulus Linux 5.x switches. Provides flexible BUM traffic handling with support for: * EVPN-only deployments (no configuration needed) * Head-End Replication (HER) with static flood lists * Hybrid deployments combining EVPN and HER Configuration options: * "ngs_her_flood_list" - Global HER flood list (comma-separated VTEP IPs, optional) * "ngs_physnet_her_flood" - Per-physical-network HER flood lists (format: "physnet1:ip1,ip2;physnet2:ip3,ip4", optional) * "ngs_evpn_vni_config" - Enable EVPN VNI control plane configuration in FRR (default: false) * "ngs_bgp_asn" - BGP AS number (required when EVPN is enabled) HER flood list resolution follows a three-tier hierarchy: per- physnet mapping, global configuration, or EVPN-only (default). See the VXLAN L2VNI Support section in the configuration documentation for complete setup instructions and examples for each platform. * It is now possible to add security group support to existing drivers. This is implemented as a neutron service plugin and can be enabled by appending "genericswitch_security_group" to the neutron configuration "[DEFAULT]service_plugins" list. The security group feature is limited to applying one security group to a port. The first driver to have security group support added is "netmiko_cisco_nxos". Limitations specific to this driver are: * Only ingress rules allowed * Only IPv4 rules are implemented * Supports rules for protocols: tcp, udp, icmp * The "netmiko_dell_os10" driver now supports security groups on switches running Dell OS10, supporting the following: * Ingress and egress rules * IPv4 * Rule filters for IP protocols TCP, UDP and ICMP * The "netmiko_sonic" driver now supports security groups on upstream distributions of SONiC, supporting the following: * Ingress and egress rules * IPv4 and IPv6 * Rule filters for IP protocols TCP, UDP and ICMP The security group (ACL) implementation of Dell Enterprise SONiC 4.5 diverges from upstream enough to require the addition of a new driver "netmiko_dell_enterprise_sonic". This driver should be specified when running this distribution of SONiC on Dell hardware. Dell Enterprise SONiC 4.5 also lacks support for ICMP filter rules, and this is enforced by "netmiko_dell_enterprise_sonic". Upgrade Notes ************* * Any Aruba AOS-CX device using the "aruba_os" device type in its configuration needs a configuration update. The device type should be replaced with "aruba_aoscx". Bug Fixes ********* * Add error checking for Dell Force10 and OS10 devices. * Add Arista EOS bond trunk commands so LACP bond trunk ports are supported. * Convert boolean configuration parameters before passing them to Netmiko. Previously, we were only converting numeric parameters (int/floats). This allows full configurability of low-level Netmiko parameters, such as SSH key management. * Fix Netmiko device type for Aruba AOS-CX. The previously-used device type, "aruba_os", is meant for wireless controllers, not for switches running AOS-CX. As a result, trying to run any command over SSH with Netmiko would fail on Aruba AOS-CX switches. * Fixed incorrect command when unplugging bond subports. Previously, when a bond was unplugged from a network with trunk subports, the system would incorrectly try to add subports instead of removing them. This bug has been fixed, and the system now uses the correct command to remove subports, ensuring proper bond cleanup. Changes in networking-generic-switch 8.0.0..9.0.0 ------------------------------------------------- c06d3f9 Log warning when `backend_url`` is not configured 119f960 Detect device configuration errors on Dell Force10 and OS10 836461b docs: Reorder docs to be more sane 0de6128 vxlan: OVS testing patch for 'vxlan' binding model e19b240 vxlan: Add Junos, Cumulus NVUE, and denote Dell OS10 as unsupported bc00791 vxlan: Arista EOS and vendor neutral SONiC 9a584aa vxlan: follow-up cisco nxos/substrate review feedback. db7aa18 Avoid unnecessary functional test runs e0a103c Declare Python 3.13 supported 2ccb263 CI: Temporary setuptools pin c5b2e9a Remove unused sphinxcontrib-seqdiag 63d0009 l2vni plug case with Cisco NXOS cd93f3c devstack: Ignore error with file existing on restack bbb00c8 Migrate setup configuration to pyproject.toml format de89f51 Add Arista bond trunk support d09ce22 Update hacking to 7.0.0 58ee56c Use upper constraints in pep8 job f53cc2a clean up codespell jobs bf2f9f5 fix: segment binding level for VLAN support adfc71f reno: Update master for unmaintained/2024.1 e3e6cc5 Drop remaining logic for linuxbridge-agent 96198e7 tox: Enable codespell by default and limit it to relevant files 2db0a81 Add default vlan to driver interfaces 01da92a Drop ineffective ignore_base_python 5e463cf test_devices: Fix test to avoid scary backtrace 819c97f Update master for stable/2025.2 26160cd Fix incorrect command when unplugging bond subports 4997706 Cast boolean Netmiko kwargs to native types a24f603 Fix support for Aruba AOS CX devices b3c86c4 Add security group support to netmiko_dell_os10 61ea1f5 Add security group support to netmiko_sonic fa20b9f Add security group support to netmiko_cisco_nxos 39f8e0b tox: exclude all venv dirs from pep8 7462918 devstack: Drop explicit etcd api version 6402317 etcd: Discover api version automatically Diffstat (except docs and test files) ------------------------------------- .pre-commit-config.yaml | 12 + devstack/plugin.sh | 9 +- devstack/upgrade/upgrade.sh | 7 +- networking_generic_switch/batching.py | 10 +- networking_generic_switch/devices/__init__.py | 112 ++- .../devices/netmiko_devices/__init__.py | 214 ++++- .../devices/netmiko_devices/arista.py | 238 +++++- .../devices/netmiko_devices/cisco.py | 240 ++++++ .../devices/netmiko_devices/cumulus.py | 262 ++++++ .../devices/netmiko_devices/dell.py | 105 ++- .../devices/netmiko_devices/juniper.py | 240 ++++++ .../devices/netmiko_devices/ovs.py | 189 ++++- .../devices/netmiko_devices/sonic.py | 569 ++++++++++++- networking_generic_switch/generic_switch_mech.py | 194 ++++- networking_generic_switch/generic_switch_sg.py | 2 +- pyproject.toml | 100 ++- ...dd-default-vlan-parameter-c614b798f45f9973.yaml | 13 + .../add-dell-error-checking-28809170596cccda.yaml | 4 + .../notes/arista-bond-trunk-4a376a636f899173.yaml | 5 + ...rista-sonic-vxlan-support-8f3a9c4b2e1d5a67.yaml | 56 ++ ...cisco-nxos-vxlan-bgp-evpn-251dd384acac2d6f.yaml | 31 + ...nvert-netmiko-bool-params-55d86c55fc73503e.yaml | 7 + .../notes/etcd-api-discover-10e2f7c02e96e88b.yaml | 6 + ...aruba-netmiko-device-type-1e1a3e2e3eb3741e.yaml | 12 + ...unplugging-trunk-subports-66d8496b43c55130.yaml | 8 + ...per-cumulus-vxlan-support-6c8d4f2a9b3e7d15.yaml | 53 ++ releasenotes/notes/nx-os-sg-804cc5831089448a.yaml | 15 + releasenotes/notes/os10-sg-ceaea96b20b31dbd.yaml | 9 + releasenotes/notes/sonic-sg-b7142e4c153ca7ac.yaml | 17 + releasenotes/source/2024.1.rst | 2 +- releasenotes/source/2025.2.rst | 6 + releasenotes/source/index.rst | 1 + requirements.txt | 4 +- setup.cfg | 66 -- tox.ini | 13 +- zuul.d/networking-generic-switch-jobs.yaml | 5 +- zuul.d/project.yaml | 19 +- 55 files changed, 6887 insertions(+), 444 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 913556e..c61189a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4 +4 @@ -etcd3gw>=2.1.0 # Apache-2.0 +etcd3gw>=2.3.0 # Apache-2.0 @@ -7 +7 @@ stevedore>=1.20.0 # Apache-2.0 -netmiko>=4.1.1 # MIT +netmiko>=4.4.0 # MIT