From 9aa223fa1548f88cdb732544af23415243479e19 Mon Sep 17 00:00:00 2001
From: Mateusz Kowalski <mko@redhat.com>
Date: Thu, 28 May 2026 10:45:43 +0200
Subject: [PATCH] templates: disable IPv4 DAD to fix nodeip-configuration race
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RHEL 10 enables IPv4 Duplicate Address Detection (DAD / ACD) by default
in NetworkManager. The ACD probing takes ~3 seconds, during which the
IPv4 address remains in tentative state and is not visible to
applications querying interface addresses.

This introduces a race condition in dual-stack baremetal clusters where
nodeip-configuration.service starts before the IPv4 address is assigned.
The service only sees the IPv6 address (which completes DAD faster) and
configures kubelet with IPv6-only, despite the interface eventually
getting both addresses.

Timeline observed on affected nodes:
  T+0s  Interface up, IPv6 tentative, IPv4 ACD probing starts
  T+2s  IPv6 DAD complete, IPv4 still probing
        nodeip-configuration.service runs → sees only IPv6 → writes
        IPv6-only config
  T+4s  IPv4 ACD complete (too late)

Fix this by adding a global NetworkManager drop-in that sets
ipv4.dad-timeout=0, restoring the RHEL 9 behavior where IPv4 addresses
are assigned immediately without ACD probing.

Fixes: https://issues.redhat.com/browse/OCPBUGS-86571

Generated-by: OpenClaw OpenClaw 2026.5.12 (f066dd2)
AI-model: claude-opus-4.6
Signed-off-by: Mateusz Kowalski <mko@redhat.com>
---
 .../common/_base/files/NetworkManager-no-dad.yaml    | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 templates/common/_base/files/NetworkManager-no-dad.yaml

diff --git a/templates/common/_base/files/NetworkManager-no-dad.yaml b/templates/common/_base/files/NetworkManager-no-dad.yaml
new file mode 100644
index 0000000000..051c7ce576
--- /dev/null
+++ b/templates/common/_base/files/NetworkManager-no-dad.yaml
@@ -0,0 +1,12 @@
+mode: 0644
+path: "/etc/NetworkManager/conf.d/01-no-dad.conf"
+contents:
+  inline: |
+    # Disable IPv4 DAD (Duplicate Address Detection / Address Conflict Detection).
+    # RHEL 10 enables this by default, which delays IPv4 address assignment by ~3s
+    # while ACD probing runs. This causes a race condition where
+    # nodeip-configuration.service may run before the IPv4 address is assigned,
+    # resulting in IPv6-only kubelet configuration on dual-stack clusters.
+    # See: https://issues.redhat.com/browse/OCPBUGS-86571
+    [connection]
+    ipv4.dad-timeout=0