Impact statement for the OCPBUGS-41823 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

Customer upgrading OCP from 4.14 to 4.15 with IPsec configuration (or) Enabling 'Full' mode IPsec on a fresh 4.15 cluster having a higher chance of this vulnerability.

Which types of clusters?

This happens only on the IPsec enabled OCP clusters.

What is the impact? Is it serious enough to warrant removing update recommendations?

Once the cluster is hit with the issue, pod to pod communication is broken between a set of nodes which may impact overall functionality of the cluster and it may even cause production outage.

How involved is remediation?

The remediation is to restart IPsec pods until it resolves the issue, but this procedure is not guaranteed.

Is this a regression?

This is still being worked on to find out the root cause of the problem, can't confirm this is a regression issue.