-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Product / Portfolio Work
-
None
-
33% To Do, 33% In Progress, 33% Done
-
False
-
-
False
-
None
-
None
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
We should be able to correlate flows with network policies:
- which policy allowed that flow?
- what's the dropped flows?
- provide global stats on dropped / accepted traffic
PoC doc: https://docs.google.com/document/d/14Y3YYFxuOs3o-Lkipf-d7ZZp5gpbk6-01ZT_fTraCu8/edit
There are two possible approaches in terms of implementation:
- Add new "netpolicy flows" on top of existing flows
- Enrich existing flows with netpolicy info.
The PoC describes the former, however it is probably most interesting to aim the latter. (95% of the PoC is valid in both cases, ie. all the "low level" parts: OvS, OVN). The latter involves more work in FLP.
- clones
-
OCPSTRAT-488 OVN Observability with Sampling (tech preview)
-
- Closed
-
- incorporates
-
RFE-4199 [OVN] Implement additional OVN metrics for default deny ACLs
-
- Closed
-
- links to
(6 links to)