Point2Point IPAM adds ip addr when it is not expected

[Ex4amp1e]

Expected Behavior

From point2point ipam Readme:

IPAM service should be idempotent, so if we have allocated some IP addresses for the request and request type (p2p,
subnet) hasn't changed, and allocated addresses are still not excluded by the excluded prefixes, we should return the
same addresses for the same connection.

Current Behavior

When NSE1 is replaced with NSE2 with another CIDR, NSE2 with polity ipam policy adds (not replaces) new ip addrs in ipcontext for: src_ip_addrs, dst_ip_addrs, src_routes:prefix, dst_routes:prefix

In the result client contains old ip addr in interface(expected), but also get routes configured and working connection for the addr form the new NSE's CIDR

Steps to Reproduce

1. Deploy NSE1 and 2 clients

NSE1 config:

        - name: NSM_CIDR_PREFIX
          value: 172.16.1.0/29

2. Remove NSE1, deploy NSE2

NSE2 config:

        - name: NSM_CIDR_PREFIX
          value: 172.16.2.0/29,2001:db8::/116 

Note: the issue has been reproduced with dual-stack NSE2 and 2 clients, but looks like it is not required to have 2 clients and just having new ipv4 CIDR on NSE2 and 1 client with default point2point IPAM will be required to reproduce the issue.

3. Check client's interfaces, e.g.:

kubectl exec pods/alpine-1 -n ns-ipam-policies -- ifconfig

4. Get client's routes, e.g.:

kubectl exec pods/alpine-1 -n ns-ipam-policies -- ip r show dev nsm-1

Unexpected to have route from NSE2 CIDR since client doesn't have interface for it and it is not expected. But it is also can be pinged successfully.

Context

• Kubernetes Version: 1.28 - 1 control plane + 2 worker was used

Failure Logs

point2point.zip