DOCA SDK Documentation
DOCA SDK Documentation
Breadcrumbs

OVS Live Upgrade

This document describes the procedure for performing a live upgrade of Open vSwitch (OVS) with NVIDIA DOCA datapath support, enabling seamless transitions with minimal or no network traffic disruption.

Introduction

Non-disruptive upgrade (NDU), also known as a live or hot upgrade, replaces the OVS user-space process without disrupting active network traffic. It achieves this by synchronizing runtime state between the running process and a newly launched one, enabling a seamless handoff. NDU supports high-availability requirements and can also be used to restart OVS after configuration changes, ensuring continuous operation without downtime or packet loss.

NDU Operational Model

The NDU procedure involves two cooperating OVS processes:

  • Server – the currently running OVS process

  • Client – the new OVS process launched for the upgrade

The upgrade sequence consists of the following steps:

  1. Client initialization – The new OVS process is launched in client mode.

  2. State Synchronization – The client connects to the server and synchronizes essential runtime state, including:

    • Datapath and OpenFlow ports

    • Tunnel neighbor entries

    • OpenFlow tables, rules, meters, groups, and TLV mappings

    • Connection tracking (CT) state

    • MAC learning tables (FDB)

    • Routing entries 

      Datapath rules (e.g., megaflows) are not transferred; the new process relearns them upon takeover.

  3. Control plane handover – Upon successful synchronization, the client assumes control, and the server process is gracefully terminated.

Throughout the process, packet forwarding continues with negligible disruption.

Prerequisites

To support live upgrade:

  • Both the existing and new OVS processes must support NDU.

  • The datapath type must be set to doca.

Upgrade Procedure

Initiating the Upgrade

No manual intervention is required during the upgrade process. To initiate an NDU, reload the OVS systemd service:

Bash
systemctl reload ovs-vswitchd.service

This command launches the client process, triggers synchronization, and transitions control to the new instance. The old process exits cleanly after handover.

Progress and any anomalies are logged to the OVS log files.

Post-Upgrade Validation

After the upgrade, confirm that:

  • The new OVS process is active and managing the datapath

  • All ports, flow rules, and dynamic state have been retained

  • No traffic interruption occurred during the upgrade

Use standard OVS utilities to verify status:

Bash
ovs-vsctl show
ovs-ofctl dump-flows <bridge>
ovs-appctl dpctl/offload-stats-show
ovs-appctl dpctl/dump-flows

Error Handling and Rollback

If an error occurs during the synchronization or switchover phase, OVS will automatically revert to the original process to maintain service continuity. All rollback operations and failures are recorded in the log. 

On Debian-based distributions (including Ubuntu), the dpkg package manager currently restarts OVS during .deb package upgrades. This behavior conflicts with the NDU mechanism. Once the installer behavior is updated, this limitation will be removed.

Last updated: