Comment 44 for bug 1274034

It _may_ be a security issue in your environment if you haven't mitigated it through other means already. That Neutron didn't do if for you in earlier releases doesn't mean it's a vulnerability in Neutron however, just that it was not a problem Neutron's anti-spoofing rules were originally designed to solve (much in the same way that a you wouldn't consider a helmet flawed just because it fails to protect your knees).

As previously discussed Neutron developers and the OpenStack Vulnerability Management Team have chosen not to consider a lack of Nova Network feature parity in Neutron a security vulnerability, just an incomplete design which could stand to be improved.