Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-356

Network Policies correlation

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • eBPF, FLP
    • None
    • network-policies-correlation
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-488 - OVN Observability with Sampling (tech preview)
    • OCPSTRAT-488OVN Observability with Sampling (tech preview)
    • 7% To Do, 43% In Progress, 50% Done
    • M
    • NetObserv - Sprint 234

      We should be able to correlate flows with network policies:

      • which policy allowed that flow?
      • what's the dropped flows?
      • provide global stats on dropped / accepted traffic

       

      PoC doc: https://docs.google.com/document/d/14Y3YYFxuOs3o-Lkipf-d7ZZp5gpbk6-01ZT_fTraCu8/edit

      There are two possible approaches in terms of implementation:

      • Add new "netpolicy flows" on top of existing flows
      • Enrich existing flows with netpolicy info.

      The PoC describes the former, however it is probably most interesting to aim the latter. (95% of the PoC is valid in both cases, ie. all the "low level" parts: OvS, OVN). The latter involves more work in FLP.

            mmahmoud@redhat.com Mohamed Mahmoud
            jtakvori Joel Takvorian
            Mehul Modi Mehul Modi
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: