Feature Overview (aka. Goal Summary)  

Add port-mirroring support in OVN-Kubernetes, with optional source/destination address packet filtering. 

Port mirroring is a network feature that allows a network switch to send a copy of network packets seen on one port (or an entire VLAN) to another port on the same switch for monitoring and analysis. This technique is often used for network diagnostics, security monitoring, and troubleshooting.

Goals (aka. expected user outcomes)

For several use cases, customers require the ability to capture some or all ingress and egress traffic of pods/VMs located within an OpenShift cluster for the primary purposes of analysis and debugging.  The logging endpoint for the traffic should be generic in nature, as that device is unique to each customer and is not directly supported by OpenShift.  

Because the amount of traffic logged can be voluminous, optional specification of targeted (or non-targeted) source and destination IP addresses can be specified. 

Requirements (aka. Acceptance Criteria):

Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed.  Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.

Use Cases (Optional):

• Regulatory compliance requirement
• Post-event forensic analysis
• Debugging
• Traffic pattern analysis

Questions to Answer (Optional):

• How to filter traffic

  Out of Scope

• Layer-7 (request header) Traffic filtering

  Background

  Customer Considerations

  Documentation Considerations

  Interoperability Considerations