Merge "release note to deprecate prevent_arp_spoofing option"

neutron/plugins/ml2/drivers/agent/config.py

@@ -43,7 +43,7 @@ agent_opts = [
                        "added to any ports that have port security disabled. "
                        "For LinuxBridge, this requires ebtables. For OVS, it "
                        "requires a version that supports matching ARP "
-                       "headers. This option will be removed in Newton so "
+                       "headers. This option will be removed in Ocata so "
                        "the only way to disable protection will be via the "
                        "port security extension."))
 ]

neutron/plugins/ml2/drivers/openvswitch/agent/common/config.py

@@ -134,7 +134,7 @@ agent_opts = [
                        "added to any ports that have port security disabled. "
                        "For LinuxBridge, this requires ebtables. For OVS, it "
                        "requires a version that supports matching ARP "
-                       "headers. This option will be removed in Newton so "
+                       "headers. This option will be removed in Ocata so "
                        "the only way to disable protection will be via the "
                        "port security extension.")),
     cfg.BoolOpt('dont_fragment', default=True,

releasenotes/notes/deprecate_prevent_arp_spoofing_option-a09e673fc8f9fee4.yaml

@@ -0,0 +1,10 @@
+---
+deprecations:
+  - The option ``[AGENT] prevent_arp_spoofing`` has been deprecated
+    and will be removed in Ocata release. ARP spoofing protection
+    should always be enabled unless its explicitly disabled via the
+    port security extension via the API. The primary reason it was
+    a config option was because it was merged at the end of Kilo
+    development cycle so it was not considered stable. It has been
+    enabled by default since Liberty and is considered stable
+    and there is no reason to keep this configurable.