Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-696

Reporter node behaves the opposite of what it says

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • netobserv-1.2
    • netobserv-ocp4.12
    • None
    • None
    • False
    • None
    • False
    • Hide
      Previously, the "reporter" option in the console plugin, which is used to filter flows based on the observation point (source node or destination node), did sometimes mix flows regardless that node observation point. This was due to flows being incorrectly reported as being Ingress or Egress at the node level.
      With this patch, the flow direction is now corrected, which allows the "reporter" option to filter for source observation point, or destination observation point, as expected.
      Show
      Previously, the "reporter" option in the console plugin, which is used to filter flows based on the observation point (source node or destination node), did sometimes mix flows regardless that node observation point. This was due to flows being incorrectly reported as being Ingress or Egress at the node level. With this patch, the flow direction is now corrected, which allows the "reporter" option to filter for source observation point, or destination observation point, as expected.
    • NetObserv - Sprint 228, NetObserv - Sprint 229, NetObserv - Sprint 230, NetObserv - Sprint 231, NetObserv - Sprint 232
    • Important

      In Network Traffic. under Query Options, the last sentence in the tooltip for "Reporter node" says:

      Cluster ingress traffic is only reported by destination nodes, and cluster egress by source nodes.

      However, the opposite is happening.

      Steps to reproduce the problem:

      1. In Network Traffic, in Query Options, select "Destination".  This is the default.
      2. Filter on a pod where you will make a web request.
      3. ssh into that pod.
      4. Make a curl request to a web site.  It's easier to see if you use an IP address to avoid DNS traffic.  Example:
        curl -kL https://52.200.142.250
        
      1. In the Flow table, you will only see traffic from that pod going out to the Internet to dest port 443 (see 01-dest.png, 1st row).  There will be no return traffic.  This means it is the source node reporting egress traffic, even though "Destination" is selected.
      2. Now in Query Options, select "Source".  Do the same curl request.  This time, it shows only the return traffic from the web site to your pod (see 02-source.png, 1st row).  This means it is the destination node reporting ingress traffic.

       

        1. 01-dest.png
          260 kB
          Steven Lee
        2. 02-source.png
          265 kB
          Steven Lee
        3. image-2022-11-24-14-24-09-176.png
          110 kB
          Mario Macias
        4. image-2022-11-24-14-37-59-244.png
          157 kB
          Mario Macias
        5. image-2022-11-24-14-42-56-069.png
          110 kB
          Mario Macias
        6. image-2022-11-24-14-45-48-160.png
          155 kB
          Mario Macias
        7. image-2022-11-25-11-04-55-169.png
          163 kB
          Mario Macias
        8. Screenshot 2022-11-23 at 12.10.38.png
          244 kB
          Mario Macias
        9. Screenshot 2022-11-23 at 12.11.13.png
          245 kB
          Mario Macias

              jtakvori Joel Takvorian
              stlee@redhat.com Steven Lee
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: