Comment 6 for bug 1877594

An update after a further discussion with the rest of the OpenStack team and more testing done by me.

The procedure described in #5 can be trimmed down to the following on each neutron-gateway unit (br-prov is the name of the pre-created Linux bridge):

# remove the linux bridge (removes the master device for <physical-port-name>)
sudo ip link del name dev br-prov
sudo ovs-vsctl add-port br-data <physical-port-name>
# remove the veth pair
sudo ip link del veth-br-prov
sudo ovs-vsctl del-port br-data veth-br-prov
sudo rm /etc/network/interfaces.d/veth-br-prov.cfg
# also remove any /e/n/i or netplan config that sets up the br-prov Linux bridge

# after doing it on all neutron-gateway units, change the application config:

juju config neutron-gateway data-port=br-data:<physical-port-name>

# -----------------

There is no need to take down L3 services on a given neutron-gateway unit during that operation but there will be a brief period of time when br-data will have no uplink and so workload packets will be dropped. I believe this period of time will be similar to the one in case of an HA router failover to a different neutron-gateway unit.

I tested this in a lab with a ping test running in parallel to performing the interface operations - and there was no noticeable impact, however, depending on the load there may be so I would advise doing this during a maintenance window or a low-usage period of time.