Comment 6 for bug 1382562

Is that the right classification? It sounds like that is reserved for a case where users are using something wrong. This is a bug in neutron and not a mistake on the user's part.

In this case the user is using address pairs in a completely legitimate way by specifying a CIDR. The neutron function that checks the address pairs when calculating members of security groups just breaks if it's a CIDR.