In addition to providing users with a mechanism to allow inbound and outbound traffic to and from instances, Neutron also applies anti-spoofing rules to all ports to ensure that unexpected or undesired traffic cannot originate from, or pass through, a port. This includes rules that prohibit instances from acting as DHCP servers, acting as routers, or sourcing traffic from an IP address that is not its fixed IP. The latter is most often seen when setting up high availability between instances using Virtual Router Redundancy Protocol (VRRP), keepalived, or some other method. These security mechanisms are implemented by default for every port. However, there are two methods that can be used to work around or remove these security restrictions. ...