Many network and computing functions can now be virtualized within a host that is hosting one or more guests. The virtualization of these functions allows for greater flexibility and, in many cases, cost savings when compared to implementing the functions using dedicated physical devices and/or systems. For example, network firewall functionality may be implemented as a packet handler executing within a host to protect guests executing thereon rather than relying on a physical network firewall system connected to the physical network through which the host communicates. Other packet handling functions may also be implemented in the host, such as logical network routing functions, quality of service functions, deep packet inspection functions, or any other type of function that may operate on network packet traffic exchanged with a guest.
When the time comes to apply changes to the data plane of a packing handler in a host (e.g., to update or otherwise modify the data plane), the change process can cause significant disruption to any guests on the host. For example, to apply changes to the data plane of the handler, the associated guests may need to be evacuated from the host, may need to be shut down before the changes are applied and restarted after, and the host itself may need to be restarted. Any of the aforementioned steps may render the guests unusable on the host for a relatively long period of time. Accordingly, changes to the data plane may need to be timed appropriately to minimize the effect the disruption has on the applications or services provided by the guests executing on the host.