Comment by deathanatos

> Restarting all the servers would result in many clients reconnecting several times. It was better to avoid it when possible.

As a sibling says, you need a "reconnect now" in the protocol. (GOAWAY, in HTTP.)

In addition to what the sibling says, if you have some sort of cordoning/graceful drain facility at the traffic level, you can also prevent the "several times" bit: bring new, patched nodes online. Disallow new connections to the outgoing nodes. Drain the outgoing nodes. Decommission them.

(I.e., only permit reconnects to patched nodes.)