OVS Live Upgrade

This document describes the procedure for performing a live upgrade of Open vSwitch (OVS) with NVIDIA DOCA datapath support, enabling seamless transitions with minimal or no network traffic disruption.

Non-disruptive upgrade (NDU), also known as a live or hot upgrade, replaces the OVS user-space process without disrupting active network traffic. It achieves this by synchronizing runtime state between the running process and a newly launched one, enabling a seamless handoff. NDU supports high-availability requirements and can also be used to restart OVS after configuration changes, ensuring continuous operation without downtime or packet loss.

The NDU procedure involves two cooperating OVS processes:

• Server – the currently running OVS process

• Client – the new OVS process launched for the upgrade

The upgrade sequence consists of the following steps:

1. Client initialization – The new OVS process is launched in client mode.

2. State Synchronization – The client connects to the server and synchronizes essential runtime state, including:

   • Datapath and OpenFlow ports

   • Tunnel neighbor entries

   • OpenFlow tables, rules, meters, groups, and TLV mappings

   • Connection tracking (CT) state

   • MAC learning tables (FDB)

   • Routing entries

     Note

     Datapath rules (e.g., megaflows) are not transferred; the new process relearns them upon takeover.

3. Control plane handover – Upon successful synchronization, the client assumes control, and the server process is gracefully terminated.

Throughout the process, packet forwarding continues with negligible disruption.

To support live upgrade:

• Both the existing and new OVS processes must support NDU.

• The datapath type must be set to doca.

Initiating the Upgrade

No manual intervention is required during the upgrade process. To initiate an NDU, reload the OVS systemd service:

            

            
systemctl reload ovs-vswitchd.service
        

This command launches the client process, triggers synchronization, and transitions control to the new instance. The old process exits cleanly after handover.

Progress and any anomalies are logged to the OVS log files.

Post-Upgrade Validation

After the upgrade, confirm that:

• The new OVS process is active and managing the datapath

• All ports, flow rules, and dynamic state have been retained

• No traffic interruption occurred during the upgrade

Use standard OVS utilities to verify status:

            

            
ovs-vsctl show
ovs-ofctl dump-flows <bridge>
ovs-appctl dpctl/offload-stats-show
ovs-appctl dpctl/dump-flows
        

Error Handling and Rollback

If an error occurs during the synchronization or switchover phase, OVS will automatically revert to the original process to maintain service continuity. All rollback operations and failures are recorded in the log.