Comment 2 for bug 1708731

Also affects us. We found this problem happens with every keep-alive connection, like tunnels (not only GRE).

After some investigating we found this: in file neutron/agent/linux/openvswitch_firewall/firewall.py in function OVSFirewallDriver.update_port_filter() there is some time window happened between "delete port rules" and "add port rules". If any packet comes to already established connection between delete/add events, than it marked as invalid (conntrack_mark=1) and future packets dropped by table 82 in OVS.

Any rules update on a port cause such connections stop work.