Once NetObserv stack is enabled for RHOSO Control Plane, we can observe network traffic between podified services. This Epic expands on this by reporting network traffic events from Dataplane (Compute, Networker) nodes that are not part of OCP cluster proper.

• The events are collected and reported using NetObserv components (ebpf agent, flowpipeline-logs) running on the Dataplane nodes.
• The aggregation is happening on OCP side (events are reported to Loki / Prometheus managed by OCP Monitoring stack).
• The connectivity between Loki / Prometheus and Dataplane nodes is accordingly established.

When this Epic is done, admins may decide to enable network traffic events from one or more Dataplane nodes. When enabled, NetObserv ebpf agent and flowpipeline-logs components are started on the respective nodes and configured to report back to Loki / Prometheus. Ultimately, the OCP Dashboard user is able to see events related to OpenStack workloads (VMs) in their NetObserv UI Dashboard.

Note: this Epic does not cover enriching the reported events with OpenStack specific metadata. It means that the reported events will have only basic metadata attached, like MACs, IPs, ingress/egress direction, interface name, node name. Another Epic will target enriching the reported events with additional OpenStack specific metadata.

Note: this Epic doesn't target DPDK workloads. This Epic relies on NetObserv eBPF agent to monitor for events, which relies on kernel networking interfaces. To implement similar monitoring capability for DPDK, we will need to implement an alternative mechanism to expose traffic flow events from DPDK userspace.