OpenNebula

There's a bug when you create 2 VNETs with the same range of IPs, if ONE decides to put two VMs in the same node you could have the same MAC for two VMs, the problem arrives if you have defined BLACK or WHITE ports or ICMP rules, then you will have all the dropped ports to the two machines.
This is caused by the rules with ovs-ofctl are applied by MAC, then as you have the same MAC in different VMs, the openvswitch does not know which port is referring and it applies the rule for the two ports.

I've resolved the problem by adding the tag dl_vlan when you are adding the rule, with this tag you specify the vlan tag that the port you want to filter has. If you don't have tags in the vlans I think this problem does not have solution, but in my case, I have modified the sunstone interface to don't show the VLAN select and is sending "YES"

I've modified the file /var/lib/one/remotes/vnm/ovswitch/OpenvSwitch.rb sending the dl_vlan parameter to the ovs-ofctl if you have set the VLAN variable to YES. Attached you can file the file.