Comment 3 for bug 1844712

My primary concern, if this represents a legitimate bug in Neutron, is that it could lead to viable man-in-the-middle types of exploits where an instance for the attacker's tenant broadcasts route advertisements with itself as a gateway, and then translates the source addresses of any traffic routed to it by instances from victim tenants sharing the same layer 2 network segment before forwarding them on to their intended destinations, allowing the attacker to at least observe and potentially tamper with the content of the victims' plaintext communications.

Short of that, the behavior observed at a minimum suggests a simple denial of service for IPv6 network communications in similarly-configured environments.