diff --git a/go-controller/pkg/controllermanager/controller_manager.go b/go-controller/pkg/controllermanager/controller_manager.go
index 06d88c4ce4..e056b54a2b 100644
--- a/go-controller/pkg/controllermanager/controller_manager.go
+++ b/go-controller/pkg/controllermanager/controller_manager.go
@@ -194,7 +194,9 @@ func (cm *ControllerManager) CleanupStaleNetworks(validNetworks ...util.NetInfo)
 		}
 	}
 
-	if util.IsRouteAdvertisementsEnabled() {
+	// OCP HACK BEGIN
+	if util.IsRouteAdvertisementsEnabled() && !util.IsLooseUDNIsolation() {
+		// OCP HACK END
 		// Remove stale subnets from the advertised networks address set used for isolation
 		// NOTE: network reconciliation will take care of removing the subnets for existing networks that are no longer
 		// advertised.
@@ -530,7 +532,27 @@ func (cm *ControllerManager) Reconcile(_ string, _, _ util.NetInfo) error {
 }
 
 func (cm *ControllerManager) configureAdvertisedNetworkIsolation() error {
+	// OCP HACK BEGIN
 	addressSetFactory := addressset.NewOvnAddressSetFactory(cm.nbClient, config.IPv4Mode, config.IPv6Mode)
-	_, err := addressSetFactory.EnsureAddressSet(ovn.GetAdvertisedNetworkSubnetsAddressSetDBIDs())
-	return err
+	if !util.IsLooseUDNIsolation() {
+		_, err := addressSetFactory.EnsureAddressSet(ovn.GetAdvertisedNetworkSubnetsAddressSetDBIDs())
+		return err
+	}
+	klog.Infof("Ensure global advertised networks addressset and tier-0 drop ACLs are removed in loose UDN isolation mode")
+	addrSet, _ := addressSetFactory.GetAddressSet(ovn.GetAdvertisedNetworkSubnetsAddressSetDBIDs())
+	if addrSet == nil {
+		return nil
+	}
+	dropACLIDs := ovn.GetAdvertisedNetworkSubnetsDropACLdbIDs()
+	dropACLPredicate := libovsdbops.GetPredicate[*nbdb.ACL](dropACLIDs, nil)
+	dropACLs, _ := libovsdbops.FindACLsWithPredicate(cm.nbClient, dropACLPredicate)
+	if len(dropACLs) > 0 {
+		p := func(_ *nbdb.LogicalSwitch) bool { return true }
+		err := libovsdbops.RemoveACLsFromLogicalSwitchesWithPredicate(cm.nbClient, p, dropACLs...)
+		if err != nil {
+			return err
+		}
+	}
+	return addrSet.Destroy()
+	// OCP HACK END
 }
diff --git a/go-controller/pkg/ovn/udn_isolation.go b/go-controller/pkg/ovn/udn_isolation.go
index 6c44489f9c..440cbe9fe7 100644
--- a/go-controller/pkg/ovn/udn_isolation.go
+++ b/go-controller/pkg/ovn/udn_isolation.go
@@ -300,6 +300,25 @@ func BuildAdvertisedNetworkSubnetsDropACL(advertisedNetworkSubnetsAddressSet add
 // pass   "(ip[4|6].src == <UDN_SUBNET> && ip[4|6].dst == <UDN_SUBNET>)"                1100
 // drop   "(ip[4|6].src == $<ALL_ADV_SUBNETS> && ip[4|6].dst == $<ALL_ADV_SUBNETS>)"    1050
 func (bnc *BaseNetworkController) addAdvertisedNetworkIsolation(nodeName string) error {
+	// OCP HACK BEGIN
+	if util.IsLooseUDNIsolation() {
+		klog.Infof("The network %s is configured with loose isolation mode, so delete tier-0 pass ACL rule if it exists",
+			bnc.GetNetworkName())
+		// It is okay to delete only pass ACLs here because drop ACLs for the network and global advertised
+		// networks addressset are already deleted in controller manager's configureAdvertisedNetworkIsolation
+		// method.
+		passACLs, _ := bnc.getPassACLsForAdvertisedNetwork()
+		if len(passACLs) == 0 {
+			return nil
+		}
+		p := func(sw *nbdb.LogicalSwitch) bool { return sw.Name == bnc.GetNetworkScopedSwitchName(nodeName) }
+		err := libovsdbops.RemoveACLsFromLogicalSwitchesWithPredicate(bnc.nbClient, p, passACLs...)
+		if err != nil {
+			return fmt.Errorf("failed to delete tier-0 pass ACLs for network %s: %w", bnc.GetNetworkName(), err)
+		}
+		return nil
+	}
+	// OCP HACK END
 	var passMatches, cidrs []string
 	var ops []ovsdb.Operation
 
@@ -363,6 +382,13 @@ func (bnc *BaseNetworkController) addAdvertisedNetworkIsolation(nodeName string)
 // deleteAdvertisedNetworkIsolation deletes advertised network isolation rules from the given node switch.
 // It removes the network CIDRs from the global advertised networks addresset together with the ACLs on the node switch.
 func (bnc *BaseNetworkController) deleteAdvertisedNetworkIsolation(nodeName string) error {
+	// OCP HACK BEGIN
+	if util.IsLooseUDNIsolation() {
+		klog.Infof("The network %s is configured with loose isolation mode, skip deleting tier-0 drop ACL rule",
+			bnc.GetNetworkName())
+		return nil
+	}
+	// OCP HACK END
 	addrSet, err := bnc.addressSetFactory.GetAddressSet(GetAdvertisedNetworkSubnetsAddressSetDBIDs())
 	if err != nil {
 		return fmt.Errorf("failed to get advertised subnets addresset %s for network %s: %w", GetAdvertisedNetworkSubnetsAddressSetDBIDs(), bnc.GetNetworkName(), err)
@@ -377,9 +403,7 @@ func (bnc *BaseNetworkController) deleteAdvertisedNetworkIsolation(nodeName stri
 		return fmt.Errorf("failed to create ovsdb ops for deleting the addresses from %s addresset for network %s: %w", GetAdvertisedNetworkSubnetsAddressSetDBIDs(), bnc.GetNetworkName(), err)
 	}
 
-	passACLIDs := GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.controllerName, bnc.GetNetworkName(), bnc.GetNetworkID())
-	passACLPredicate := libovsdbops.GetPredicate[*nbdb.ACL](passACLIDs, nil)
-	passACLs, err := libovsdbops.FindACLsWithPredicate(bnc.nbClient, passACLPredicate)
+	passACLs, err := bnc.getPassACLsForAdvertisedNetwork()
 	if err != nil {
 		return fmt.Errorf("unable to find the pass ACL for advertised network %s: %w", bnc.GetNetworkName(), err)
 	}
@@ -401,3 +425,12 @@ func (bnc *BaseNetworkController) deleteAdvertisedNetworkIsolation(nodeName stri
 	_, err = libovsdbops.TransactAndCheck(bnc.nbClient, ops)
 	return err
 }
+
+// OCP HACK BEGIN
+func (bnc *BaseNetworkController) getPassACLsForAdvertisedNetwork() ([]*nbdb.ACL, error) {
+	passACLIDs := GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.controllerName, bnc.GetNetworkName(), bnc.GetNetworkID())
+	passACLPredicate := libovsdbops.GetPredicate[*nbdb.ACL](passACLIDs, nil)
+	return libovsdbops.FindACLsWithPredicate(bnc.nbClient, passACLPredicate)
+}
+
+// OCP HACK END
diff --git a/go-controller/pkg/util/multi_network.go b/go-controller/pkg/util/multi_network.go
index b1679462f3..fc23b1aaf7 100644
--- a/go-controller/pkg/util/multi_network.go
+++ b/go-controller/pkg/util/multi_network.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os"
 	"reflect"
 	"strconv"
 	"strings"
@@ -1554,3 +1555,13 @@ func ParseNetworkName(networkName string) (udnNamespace, udnName string) {
 	}
 	return "", ""
 }
+
+// OCP HACK BEGIN
+// IsLooseUDNIsolation returns true of `UDN_ISOLATION_MODE` env variable is set to "loose" value.
+// In "loose" mode, the network controller skips programming network isolation rules for advertised
+// UDN networks and this will allow pod to pod communication among advertised UDN networks.
+func IsLooseUDNIsolation() bool {
+	return os.Getenv("UDN_ISOLATION_MODE") == "loose"
+}
+
+// OCP HACK END