As we know, openvswitch uses a linuxbridge based firewall to implement security-groups on openstack. It works great but it has so many packet hops. It also makes troubleshooting a little complicated. 

OpenvSwitch does support native firewall features in flows, Does it mature enough to implement in production and replace it with LinuxBridge based IPtables firewall? 

~S