Yes, that's the gap I am referring to. Your point on API is fair, I wish I could find the record of the many conversations we had on this very topic but I am unable to do so. Nonetheless the fact remains that for this reason (amongst other reasons like potential lack of scalability - do we have an idea of how many rules are being accrued in large deployments), a stateless driver was dismissed in the past.
We're pretty close to getting a fully functional firewall driver based on OVS. I realize that this is not quite there yet and may not work for dpdk, but what would it take to make it so, rather than promoting a totally different architecture?
Hi Sean,
Yes, that's the gap I am referring to. Your point on API is fair, I wish I could find the record of the many conversations we had on this very topic but I am unable to do so. Nonetheless the fact remains that for this reason (amongst other reasons like potential lack of scalability - do we have an idea of how many rules are being accrued in large deployments), a stateless driver was dismissed in the past.
We're pretty close to getting a fully functional firewall driver based on OVS. I realize that this is not quite there yet and may not work for dpdk, but what would it take to make it so, rather than promoting a totally different architecture?