https://issues.redhat.com/browse/NETOBSERV-67


memodi@memodi-mac:/Users/memodi/workspaces/repos/netobserv/network-observability-operator  (main=)
$ make deploy
/Users/memodi/workspaces/repos/netobserv/network-observability-operator/bin/controller-gen "crd:trivialVersions=true,preserveUnknownFields=false" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cd config/manager && /Users/memodi/workspaces/repos/netobserv/network-observability-operator/bin/kustomize edit set image controller=quay.io/netobserv/network-observability-operator:main
/Users/memodi/workspaces/repos/netobserv/network-observability-operator/bin/kustomize build config/default | kubectl apply -f -
namespace/network-observability created
customresourcedefinition.apiextensions.k8s.io/flowcollectors.flows.netobserv.io created
serviceaccount/netobserv-controller-manager created
role.rbac.authorization.k8s.io/netobserv-leader-election-role created
clusterrole.rbac.authorization.k8s.io/netobserv-manager-role created
clusterrole.rbac.authorization.k8s.io/netobserv-metrics-reader created
clusterrole.rbac.authorization.k8s.io/netobserv-proxy-role created
rolebinding.rbac.authorization.k8s.io/netobserv-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/netobserv-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/netobserv-proxy-rolebinding created
configmap/netobserv-manager-config created
service/netobserv-metrics-service created
deployment.apps/netobserv-controller-manager created


$ oc apply -f config/samples/flows_v1alpha1_flowcollector.yaml
flowcollector.flows.netobserv.io/cluster created



$ oc get pods -n openshift-ovn-kubernetes
NAME                   READY   STATUS    RESTARTS       AGE
ovnkube-master-5rmzf   6/6     Running   6 (4h8m ago)   4h9m
ovnkube-master-jlj9b   6/6     Running   1 (4h ago)     4h9m
ovnkube-master-mztmr   6/6     Running   6 (4h8m ago)   4h9m
ovnkube-node-dd8hp     6/6     Running   0              37s
ovnkube-node-g6xrv     6/6     Running   0              74s
ovnkube-node-krg2l     6/6     Running   0              13s




$ oc get pod/ovnkube-node-dd8hp -n openshift-ovn-kubernetes -o yaml | egrep -iA 3 ipfix
      --sflow-targets ${SFLOW_COLLECTORS}\"\nfi\nif [[ -n \"${IPFIX_COLLECTORS}\"
      ]] ; then\n  export_network_flows_flags=\"$export_network_flows_flags --ipfix-targets
      ${IPFIX_COLLECTORS}\"\nfi\nif [[ -n \"${IPFIX_CACHE_MAX_FLOWS}\" ]] ; then\n
      \ export_network_flows_flags=\"$export_network_flows_flags --ipfix-cache-max-flows
      ${IPFIX_CACHE_MAX_FLOWS}\"\nfi\nif [[ -n \"${IPFIX_CACHE_ACTIVE_TIMEOUT}\" ]]
      ; then\n  export_network_flows_flags=\"$export_network_flows_flags --ipfix-cache-active-timeout
      ${IPFIX_CACHE_ACTIVE_TIMEOUT}\"\nfi\nif [[ -n \"${IPFIX_SAMPLING}\" ]] ; then\n
      \ export_network_flows_flags=\"$export_network_flows_flags --ipfix-sampling
      ${IPFIX_SAMPLING}\"\nfi\ngw_interface_flag=\n# if br-ex1 is configured on the
      node, we want to use it for external gateway traffic\nif [ -d /sys/class/net/br-ex1
      ]; then\n  gw_interface_flag=\"--exgw-interface=br-ex1\"\nfi\n\nnode_mgmt_port_netdev_flags=\nif
      [[ -n \"${OVNKUBE_NODE_MGMT_PORT_NETDEV}\" ]] ; then\n  node_mgmt_port_netdev_flags=\"--ovnkube-node-mgmt-port-netdev
--
    - name: IPFIX_COLLECTORS
      value: 172.30.203.240:2055
    - name: IPFIX_CACHE_MAX_FLOWS
      value: "400"
    - name: IPFIX_CACHE_ACTIVE_TIMEOUT
      value: "60"
    - name: IPFIX_SAMPLING
      value: "100"
    - name: K8S_NODE
      valueFrom:



$ oc get cm/ovs-flows-config -n openshift-network-operator -o yaml
apiVersion: v1
data:
  cacheActiveTimeout: 60s
  cacheMaxFlows: "400"
  sampling: "100"
  sharedTarget: 172.30.203.240:2055
kind: ConfigMap
metadata:
  creationTimestamp: "2021-12-23T19:34:26Z"
  name: ovs-flows-config
  namespace: openshift-network-operator
  ownerReferences:
  - apiVersion: flows.netobserv.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: FlowCollector
    name: cluster
    uid: a7dd7529-699e-4b50-9aad-f9b9549c4056
  resourceVersion: "103828"
  uid: a6e80aa2-c343-40dd-9750-a8f16bf1472a




Log line from ovnkube-node and ovnkube-node container:

I1223 19:35:10.322682  233796 ovs.go:204] exec(3): /usr/bin/ovs-vsctl --timeout=15 -- --id=@ipfix create ipfix targets=["172.30.203.240:2055"] cache_active_timeout=60 cache_max_flows=400 sampling=100 -- set bridge br-int ipfix=@ipfix


Modified cacheMaxFlows to be 0:


$ oc get flowcollector -o yaml | egrep -i cachemaxflows:
      cacheMaxFlows: 0


$ oc get pods -n openshift-ovn-kubernetes
NAME                   READY   STATUS    RESTARTS        AGE
ovnkube-master-5rmzf   6/6     Running   6 (5h26m ago)   5h28m
ovnkube-master-jlj9b   6/6     Running   1 (5h18m ago)   5h28m
ovnkube-master-mztmr   6/6     Running   6 (5h26m ago)   5h28m
ovnkube-node-5vgg6     6/6     Running   0               58s
ovnkube-node-9ltmh     6/6     Running   0               95s
ovnkube-node-btpc2     6/6     Running   0               83s
ovnkube-node-c6fsd     6/6     Running   0               70s
ovnkube-node-dngbm     6/6     Running   0               107s
ovnkube-node-zc5gr     6/6     Running   0               42s


I1223 20:52:48.730579  537158 ovs.go:204] exec(3): /usr/bin/ovs-vsctl --timeout=15 -- --id=@ipfix create ipfix targets=["172.30.203.240:2055"] cache_active_timeout=60 sampling=100 -- set bridge br-int ipfix=@ipfix


*verified it's not set in ovs-vsctl command


*modified sampling value:

$ oc get flowcollector -o yaml | egrep -i sampling:
      sampling: 1



I1223 20:58:13.344156  640122 ovs.go:204] exec(3): /usr/bin/ovs-vsctl --timeout=15 -- --id=@ipfix create ipfix targets=["172.30.203.240:2055"] cache_active_timeout=60 sampling=1 -- set bridge br-int ipfix=@ipfix



$ oc get pods -n openshift-ovn-kubernetes
NAME                   READY   STATUS              RESTARTS        AGE
ovnkube-master-5rmzf   6/6     Running             6 (5h31m ago)   5h32m
ovnkube-master-jlj9b   6/6     Running             1 (5h23m ago)   5h32m
ovnkube-master-mztmr   6/6     Running             6 (5h31m ago)   5h32m
ovnkube-node-g78ft     6/6     Running             0               41s
ovnkube-node-jqbbs     6/6     Running             0               54s
ovnkube-node-mc24w     0/6     ContainerCreating   0               4s
ovnkube-node-msp6f     6/6     Running             0               66s
ovnkube-node-x4t9z     6/6     Running             0               29s
ovnkube-node-x8v85     6/6     Running             0               17s


*set sampling to 0:

$ oc logs pod/ovnkube-node-7rllr ovnkube-node -n openshift-ovn-kubernetes | grep '@ipfix'
I1223 20:59:30.620806  547655 ovs.go:204] exec(3): /usr/bin/ovs-vsctl --timeout=15 -- --id=@ipfix create ipfix targets=["172.30.203.240:2055"] cache_active_timeout=60 sampling=400 -- set bridge br-int ipfix=@ipfix


Verified it's set to default value of 400


Modified cache_active_timeout to some low value:

$ oc get flowcollector -o yaml | egrep -i cacheactivetimeout:
      cacheActiveTimeout: 1s


$ oc logs pod/ovnkube-node-d4hmb ovnkube-node -n openshift-ovn-kubernetes | grep '@ipfix'
I1223 21:01:39.624064  551788 ovs.go:204] exec(3): /usr/bin/ovs-vsctl --timeout=15 -- --id=@ipfix create ipfix targets=["172.30.203.240:2055"] cache_active_timeout=1 sampling=400 -- set bridge br-int ipfix=@ipfix




Verified various values for advanced ipfix configs