When we set the k8s.ovn.org/node-primary-ifaddr annotation on the node, we simply take the first valid IP address we find on the node gateway. We exclude link-local addresses and those in internally reserved subnets (https://github.com/openshift/ovn-kubernetes/pull/1386).
Now, we might have more than one "valid" IP address on the gateway, as observed in:
https://bugzilla.redhat.com/show_bug.cgi?id=2081390#c11 , https://bugzilla.redhat.com/show_bug.cgi?id=2081390#c14
For instance, taken from a different cluster than in the linked BZ:
Above we have fd2e:6f44:5dd8:c956::4/128 which is the LB VIP of ingress added by keepalive.
We don't currently distinguish in the code between the node IP as in node.spec.IP and other IPs that might be added to br-ex by other components.
Would it be a good idea to just set the node primary address annotation to match node.spec.IP?