Comment 10 for bug 1372882

I think we would have to amend the patch slightly to drop RAs from the VM ports.

Reasoning:
1. Irrespective of whether the network is a external network or not, it would be good to drop all RAs from the VMs (similar to not allowing DHCP server inside a VM). It also helps because we are not sure if other devices on the network have any protection for this kind of stuff.

2. Currently even if we allow RAs from the VM ports, because of the Anti-Spoofing rules that are applied, a VM cannot act as a IPv6 router (i.e., it cannot forward IPv6 traffic). So there is no point in allowing Router Advts from VMs assuming that it would be used in Service VM use-cases.
Inorder to properly implement IPv6 router as a Service VM, one needs to use the port_security_extension [1] which allows us to disable security group rules/anti-spoofing filters on the VM ports.

[1] - https://review.openstack.org/#/c/99873/22/specs/kilo/ml2-ovs-portsecurity.rst

I can update the patch accordingly and would like to hear the feedback.