Testing networking-ovn with OVS -master (rev c4623bb83), I found OVN permitted unrestricted use of 0.0.0.0 and ::. These should only be used for IPv4 DHCP discovery and request messages and ICMPv6 MLD reports as well as Neighbor Solicitation to enable duplicate address detection. It appears the PORT_SEC_IP stage only validates L3 headers, and later stages do not restrict the use of these special purpose source L3 addresses.
Dustin Lundquist _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss