Comment 6 for bug 1274034

Jeremy Stanley (fungi) wrote :

Traditionally, mechanisms for mitigating ARP spoofing/cache poisoning have been considered security features, not vulnerability fixes. The complicating factor here, as I read this, is that we have a lack of security feature parity from nova-network's behavior. If Neutron documentation or configuration explicitly say it implements filters for these then this is a vulnerability (security feature not working as advertised), otherwise I would lean toward still considering this a security hardening measure on Neutron's road toward achieving feature parity with nova-network.