I think I'm losing my mind here, so I need a hand.
Say we have two hosts on the same isolated private vlan. There is also a promiscuous SVI for that vlan. So:
Host A: 188.8.131.52/24 -- isolated
Host B: 184.108.40.206/24 -- isolated
SVI: 220.127.116.11/24 -- promiscuous
Now, when everything is normal, Host A cannot talk to Host B directly, but both can talk to the SVI.
Let's say someone goes and changes the subnet mask of Host A to /25. This will force the host to send traffic with destination of 18.104.22.168 to the SVI (because it's not within his subnet).
My question is, what will the SVI/router do with this traffic. Will it route it back "down" the same vlan it came in -- thus bypassing pvlan security, or will it drop the traffic?
Assuming it does route the traffic, I know Host B will attempt to respond to Host A directly, but at this point I would consider this a breach.
I hope this made sense.