why not use the extra features


we dont trust the vendors stacks

big reason is we like our network stack

offload engines bypass pf

we would have to complicate our stack to bypass it, which hurts everyone else

offload engines cant scale like a real machine can (mem limits on a chip, etc), so end up on the machine anyway