diff --git a/neutron/agent/linux/openvswitch_firewall/firewall.py b/neutron/agent/linux/openvswitch_firewall/firewall.py
index e19694dee22..21a18852cbb 100644
--- a/neutron/agent/linux/openvswitch_firewall/firewall.py
+++ b/neutron/agent/linux/openvswitch_firewall/firewall.py
@@ -1510,4 +1510,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
             # the actions field is bogus anyway.
             del flow['actions']
             del flow['priority']
+            # NOTE(hangyang) If cookie is not set then _delete_flows will
+            # use the OVSBridge._default_cookie to filter the flows but that
+            # will not match with the ip flow's cookie so OVS won't actually
+            # delete the flow
+            flow['cookie'] = ovs_lib.COOKIE_ANY
             self._delete_flows(deferred=False, **flow)
diff --git a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
index 71fdde43a54..3196c3626da 100644
--- a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
+++ b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
@@ -1061,6 +1061,16 @@ class TestOVSFirewallDriver(base.BaseTestCase):
         addr_to_conj = {'addr1': {8, 16, 24}}
         self._test_delete_flows_for_flow_state(addr_to_conj, False)
 
+    def test_delete_flow_for_ip_using_cookie_any(self):
+        with mock.patch.object(self.firewall, '_delete_flows') as \
+                mock_delete_flows:
+            self.firewall.delete_flow_for_ip('10.1.2.3',
+                                             constants.INGRESS_DIRECTION,
+                                             constants.IPv4, 100, [0])
+            _, kwargs = mock_delete_flows.call_args
+            self.assertIn('cookie', kwargs)
+            self.assertIs(ovs_lib.COOKIE_ANY, kwargs['cookie'])
+
 
 class TestCookieContext(base.BaseTestCase):
     def setUp(self):