Comment 4 for bug 1508155

For some reason the hybrid solution performs equal or sightly better in some conditions (don't ask me why, I don't know). It works, and I agree it has a lot of complexity.

NFT could be a good thing for linuxbridge or the virtual routers. But I'd prefer to see an openflow+CT firewall for OVS. (to avoid mixing too many technologies at once, like we have now)

We also have the OVS/CT initiative I know @jlibova was working on it already [1]. Btw, we have the old spec for this, but I'm not unsure if he filled any rfe.

[1] https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver