We also spent a great deal of time benchmarking Romana. What we learned is that processing network policies introduced only a very small delay, never more than 0.2ms, even after applying 200 policies. For all practical purposes, applying network policy to Kubernetes pods introduces no meaningful delay.
The Linux kernel has implemented some important optimizations for processing iptables rules that allows a large number of policies to be applied without any noticeable performance impact. This is important when deploying large, complex application that require many network security policies.
The complete results, along with our analysis is published on the Kubernetes blog here.