A: In short, this is prohibited by the Xen hypervisor on the base OS (Dom0).
The more detailed answer is that Dom0 creates a bridge from a physical interface on the base box to the instance and controls where traffic coming from that virtual NIC goes. Security is achieved because the bridge works like this: Base Box VLAN sub interface <--> instance eth0.
1) The interface
peth0.2999 is the physical eth0 using VLAN2999 tagging.
2) The bridge
xenbrVLAN2999 is attaching
peth0.2999 which means that any traffic coming into interface
vif4.0 is leaving out the physical interface tagged on VL2999, and conversely any traffic coming into the physical interface with VLAN2999 tagging will be sent to
3) Xen then presents
vif4.0 to the instance as
4) The result is that the instance ethernet interface is successfully confined to VLAN2999.