Neutron already has max_allowed_address_pair configuration value in neutron conf. The default limit is 10. However it's not related to shared networks and is a limitation per one port.
I think it worth reaching out to openstack-dev mailing list and starting a thread about this and then file a bug based on discussion. Marking as invalid ** Changed in: neutron Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1373868 Title: Should we allow all networks use allowed address pairs? Status in OpenStack Neutron (virtual network service): Invalid Bug description: Now we can add allowed address pair to every net's port if allowed address pair is enable. This will cause security problem in a shared network, I think. So we should add an limit for shared net or add a config entry in neutron.conf, so administrator can disables some net's ports' allowed address pairs. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1373868/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp