[neutron] Flow drop on agent restart with openvswitch firewall driver

Hi All,

I'm looking for ideas as we need to upgrade our Neutron deployment and it looks like it would impact workloads a bit much for now to do so and i'm no master of the neutron code...

We're running Neutron 14.0.2 with ml2 plugin and firewall_driver set as openvswitch. drop_flows_on_start is default False.

Reading at some old bug reports my understanding was that a restart of the neutron-openvswitch-agent should not impact existing flows and be seamless, but this is not what I'm experiencing as I see some temporary drop(s) around when ovs-fctl del-flows/add-flows is called on br-int (either east-west traffic or north-south). I tried switching to iptables_hybrid driver instead and I don't see the issue in that case.

e.g when a wget download is happening on an instance while the agent is restarting, I see the following: 2020-09-08 14:26:09 (12.2 MB/s) - Read error at byte 146971864/7416743936 (Success). Retrying

I'm a bit lot so i'm wondering if that's expected/known behavior, if a workaround is possible....

Let me know if a bug report might be a better place to dig deeper or not or if you want additional information... or if I missed a closed bug.

Thanks !
