Comment 2 for bug 1461642

Confirmed as seen several times in the libvirt+xen CI, e.g. http://d7013eaae7e632dff837-028d11a4a642ead4d20755bd13d99a1b.r55.cf5.rackcdn.com/31/189731/1/check/dsvm-tempest-xen/f59dee5/logs/xen/index.html

Medium as it's a race condition which will affect any nova-network + libvirt+xen deployments and needs a fix to be scheduled.

This workaround was not deemed suitable by Xen as it doesn't solve the conceptual issue of both Xen + openstack trying to update iptables at the same time. Hopefully the concurrent updating isn't needed, but if it is then it's likely an OpenStack script will be needed and passed to libxl as a parameter to ensure the correct updates are made and OpenStack remains in control of the networking