Systems and methods for consistent configuration update handling in high availability deployments using a global configuration epoch

What is claimed is: 1 . A networking device comprising: a packet processing pipeline circuit configured to implement a data plane; and a processor configured to implement a control plane, wherein the packet processing pipeline circuit and the processor are further configured to implement flow table updating, wherein the flow table updating includes: the data plane using an encapsulated network packet received from a virtual network interface card (VNIC) to identify a flow table entry; making a determination that the flow table entry is out of date, that a virtual internet protocol (VIP) address in the encapsulated network packet is bound to the VNIC, and that the VNIC is in a high availability (HA) active role for the VIP address; and the control plane updating the flow table entry in response to a result of making the determination. 2 . The networking device of claim 1 , wherein: a VNIC datapath epoch value is determined from a VNIC local epoch value and a VNIC peer epoch value that is the VNIC local epoch value of a HA peer; and a flow epoch value stored in the flow table entry being less than the VNIC datapath epoch value indicates that the flow table entry is out of date. 3 . The networking device of claim 2 , wherein: a network configuration received by the networking device is associated with a global epoch value; and the networking device is configured to update the VNIC local epoch value to equal the global epoch value in response to determining that the network configuration changes a policy that is implemented for the VNIC and that the global epoch value is greater than the VNIC local epoch value. 4 . The networking device of claim 3 , wherein the control plane is configured to update the VNIC datapath epoch value after updating the VNIC local epoch in response to determining that the VNIC has the HA active role for the VIP address and the VIP address is bound to the VNIC. 5 . The networking device of claim 4 , wherein updating the VNIC datapath epoch value includes incrementing the VNIC datapath epoch value by one in response to determining that the VNIC peer epoch value equals the VNIC local epoch value. 6 . The networking device of claim 4 , wherein updating the VNIC datapath epoch value includes incrementing the VNIC datapath epoch value by a difference between the VNIC local epoch value and the VNIC peer epoch value in response to determining that the VNIC peer epoch value does not equal the VNIC local epoch value. 7 . The networking device of claim 3 , wherein the VNIC local epoch value is not updated in response to receiving the network configuration after determining that none of a plurality of policies that are implemented for the VNIC are changed by the network configuration. 8 . The networking device of claim 3 , wherein a second VNIC local epoch value and a second VNIC datapath epoch value are associated with a second VNIC; the networking device is configured to update the second VNIC local epoch value to equal the global epoch value in response to determining that the network configuration changing a second policy implemented for the second VNIC; and the networking device is configured to update the second VNIC datapath epoch value in response to determining that the second VNIC has the HA active role for a second VIP address that is bound to the second VNIC. 9 . The networking device of claim 3 , wherein: the networking device is configured to send a sync packet to the HA peer; the sync packet includes a flow table update for the flow table entry; and the flow epoch value included in the flow table update equals the global epoch value. 10 . The networking device of claim 2 , wherein the networking device is configured to send the VNIC local epoch value to the HA peer after updating the VNIC local epoch value. 11 . The networking device of claim 2 , wherein the VNIC peer epoch value does not equal the VNIC local epoch value. 12 . The networking device of claim 2 , wherein the VNIC local epoch value is less than a global epoch value associated with a HA configuration that includes the networking device and the HA peer. 13 . The networking device of claim 2 , wherein: the networking device is configured to receive a sync packet for the flow table entry; the sync packet includes a second flow epoch value of the flow table entry; and the networking device is configured to use the sync packet to update the flow table entry in response to determining that the second flow epoch value is greater than the flow epoch value. 14 . The networking device of claim 2 , wherein the networking device is configured to transition to a standby role for the VNIC in response to the HA peer transitioning to an HA active role. 15 . The networking device of claim 1 , wherein: the data plane is configured to determine that the flow table entry is out of date; the control plane is configured to determine that the VIP address is bound to the VNIC; and the control plane is configured to determine that the VNIC is in the HA active role for the VIP address. 16 . A method comprising: using, by a data plane, an encapsulated network packet received from a virtual network interface card (VNIC) to identify a flow table entry; making a determination that the flow table entry is out of date, that a virtual internet protocol (VIP) address in the encapsulated network packet is bound to the VNIC, and that the VNIC is in a HA active role for the VIP address; and updating, by a control plane, the flow table entry in response to a result of making the determination, wherein: a packet processing pipeline circuit of a networking device is configured to implement the data plane; and a processor of the networking device is configured to implement the control plane. 17 . The method of claim 16 , wherein: a VNIC datapath epoch value is determined from a VNIC local epoch value and a VNIC peer epoch value that is the VNIC local epoch value of a HA peer; and updating the flow table entry includes setting a flow epoch value that is in the flow table entry to equal the VNIC datapath epoch value. 18 . The method of claim 16 , wherein: a VNIC datapath epoch value is determined from a VNIC local epoch value and a VNIC peer epoch value that is the VNIC local epoch value of a HA peer; and a flow epoch value stored in the flow table entry being less than the VNIC datapath epoch value indicates that the flow table entry is out of date. 19 . The method of claim 18 , further including: receiving a network configuration that is associated with a global epoch value; and setting the VNIC local epoch value to equal the global epoch value in response to determining that the network configuration changes a policy that is implemented for the VNIC and that the global epoch value is greater than the VNIC local epoch value. 20 . The method of claim 19 , further including: using the VNIC local epoch value to update the VNIC datapath epoch value after updating the VNIC local epoch and after determining that the VNIC has the HA active role for the VIP address in the encapsulated network packet and that the VIP address is bound to the VNIC. 21 . A networking device comprising: a circuit means for implementing a data plane means; a processor means for implementing a control plane means; and a determination means for making a determination that a flow table entry is out of date, that a virtual internet protocol (VIP) address is bound to a virtual networ