[enterprise-4.16] :adds warning message for IPsec updates to 4.15

networking/network_security/configuring-ipsec-ovn.adoc

@@ -12,9 +12,10 @@ IPsec is disabled by default. You can enable IPsec either during or after instal
 
 The following support limitations exist for IPsec on a {product-title} cluster:
 
+* You must disable IPsec before updating to {product-title} 4.15. There is a known issue that can cause interruptions in pod-to-pod communication if you update without disabling IPsec. (link:https://issues.redhat.com/browse/OCPBUGS-43323[*OCPBUGS-43323*])
 * On {ibm-cloud-name}, IPsec supports only NAT-T. Encapsulating Security Payload (ESP) is not supported on this platform.
 * If your cluster uses link:https://www.redhat.com/en/topics/containers/what-are-hosted-control-planes[{hcp}] for Red{nbsp}Hat {product-title}, IPsec is not supported for IPsec encryption of either pod-to-pod or traffic to external hosts.
-* Using ESP hardware offloading on any network interface is not supported if one or more of those interfaces is attached to Open vSwitch (OVS). Enabling IPsec for your cluster triggers the use of IPsec with interfaces attached to OVS. By default, {product-title} disables ESP hardware offloading on any interfaces attached to OVS. 
+* Using ESP hardware offloading on any network interface is not supported if one or more of those interfaces is attached to Open vSwitch (OVS). Enabling IPsec for your cluster triggers the use of IPsec with interfaces attached to OVS. By default, {product-title} disables ESP hardware offloading on any interfaces attached to OVS.
 * If you enabled IPsec for network interfaces that are not attached to OVS, a cluster administrator must manually disable ESP hardware offloading on each interface that is not attached to OVS.
 
 The following list outlines key tasks in the IPsec documentation: