Resolve a UDP rebalance issue on backend failure

In some scenarios, UDP load balancers may not immediately rebalance the
backend member servers if a member server fails. This is due to
connection caching of the flows.
This change sets the "expire_nodest_conn" sysctl to 1, causing the flows
to be flushed on a real server removal due to failure.

Closes-Bug: #2114264

Change-Id: I1e2f28281debf07cea27cd585f3e85282b684c8d
Signed-off-by: Michael Johnson <johnsomor@gmail.com>

octavia/amphorae/backends/agent/api_server/templates/amphora-netns.systemd.j2

@@ -23,6 +23,9 @@ ExecStart=-/sbin/sysctl -w net.netfilter.nf_conntrack_expect_max=488
 ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.ip_forward=1
 ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.vs.conntrack=1
 ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv6.conf.all.forwarding=1
+# Ensure the connection cache is flushed immediately on real server removal
+ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.vs.expire_nodest_conn=1
+ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.vs.expire_quiescent_template=1
 # We need the plugged_interfaces file sorted to join the host interfaces
 ExecStart=-/bin/sh -c '/usr/bin/sort -k 1 /var/lib/octavia/plugged_interfaces > /var/lib/octavia/plugged_interfaces.sorted'
 # Assign the interfaces into the namespace with the appropriate name

releasenotes/notes/Fix-UDP-member-server-rebalance-74c67cb09c7c529a.yaml

@@ -0,0 +1,10 @@
+---
+upgrade:
+  - |
+    UDP load balancers will require a failover to fix the UDP rebalance issue
+    once the control plane is updated.
+fixes:
+  - |
+    Fixed an issue where UDP listeners may not rebalance failed member servers
+    in a timely fashion. It may have been up to five minutes for a failed
+    member server to be removed from existing flows.