We should be able to correlate flows with network policies:

• which policy allowed that flow?
• what's the dropped flows?
• provide global stats on dropped / accepted traffic

PoC doc: https://docs.google.com/document/d/14Y3YYFxuOs3o-Lkipf-d7ZZp5gpbk6-01ZT_fTraCu8/edit

There are two possible approaches in terms of implementation:

• Add new "netpolicy flows" on top of existing flows
• Enrich existing flows with netpolicy info.

The PoC describes the former, however it is probably most interesting to aim the latter. (95% of the PoC is valid in both cases, ie. all the "low level" parts: OvS, OVN). The latter involves more work in FLP.