After some thought I don't think we should push back on implementing an nftables-firewall-driver, or ovs/ct driver.
why not having both and checking what works best? I cannot help too much on nft, since I don't have expertise on it (yet), but I would be glad to review any related patches, and learn on the way if you're willing to push that work.
the OVS/CT solution would eliminate absolutely everything except ovs/openflow.
OVS + NFT still means mixing two technologies. LB + NFT probably would see a lot of benefits.
Thiago, can you post a link here to your NFT proposal for cross reference?
Hi Thiago,
After some thought I don't think we should push back on implementing an nftables- firewall- driver, or ovs/ct driver.
why not having both and checking what works best? I cannot help too much on nft, since I don't have expertise on it (yet), but I would be glad to review any related patches, and learn on the way if you're willing to push that work.
the OVS/CT solution would eliminate absolutely everything except ovs/openflow.
OVS + NFT still means mixing two technologies. LB + NFT probably would see a lot of benefits.
Thiago, can you post a link here to your NFT proposal for cross reference?