OSDOCS-11625:Viewing Network events in Network Observability

Author: skrthomas

modules/network-observability-networking-events-overview.adoc

@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-networking-events-overview_{context}"]
+= OVN Kubernetes networking events
+:FeatureName: Viewing `NetworkEvents`
+include::snippets/technology-preview.adoc[]
+
+You use network event tracking in Network Observability to gain insight into OVN-Kubernetes events, including network policies, admin network policies, and egress firewalls. You can use the insights from tracking network events to help with the following:
+
+* Network monitoring: Monitor allowed and blocked traffic, detecting whether packets are allowed or blocked based on network policies and admin network policies. 
+
+* Network security: You can track outbound traffic and see whether it adheres to egress firewall rules. Detect unauthorized outbound connections and flag outbound traffic that violates egress rules.
+
+See the _Additional resources_ in this section for more information about enabling and working with this view.

modules/network-observability-viewing-network-events.adoc

@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-viewing-network-events_{context}"]
+= Viewing network events
+:FeatureName: Viewing `NetworkEvents`
+include::snippets/technology-preview.adoc[]
+
+You can view network events, such as network flows that are dropped or allowed by a network policy, by editing the `FlowCollector` to the specifications in the following YAML example.
+
+.Prerequisites
+* Must have the `OVNObservability` enabled by enabling the `TechPreviewNoUpgrade` feature set in the `FeatureGate` CR named `cluster`. For more information, see "Enabling feature sets using the CLI" and "Checking OVN-Kubernetes network traffic with OVS sampling using the CLI" in the "Additional resources" of this section.
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. In the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster*, and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource to enable viewing `NetworkEvents`, for example:
++
+[id="network-observability-flowcollector-configuring-networkevents{context}"]
+.Example `FlowCollector` configuration
+[source, yaml]
+----
+apiVersion: flows.netobserv.io/v1beta2
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+   agent:
+    type: eBPF
+    ebpf:
+      sampling: 1       <1>
+      privileged: true  <2>
+      features:
+       - "NetworkEvents"
+----
+<1> The `sampling` parameter is set to a value of 1 so that all network events are captured.
+<2> The `privileged` parameter is set to `true` because the `OVN observability` library needs to access local OVS socket and OVN databases
+
+.Verification
+. Navigate to the *Network Traffic* view and select the *Traffic flows* table. 
+. You should see the new column, *Network Events*, where you can view information about impacts that network policies, admin policies, and egress firewalls have on network flows. Here are some examples of the kinds of events you could see in this column:
++
+.Examples of Network Events output
+[source,text]
+----
+Dropped by cluster multicast policy, direction Ingress
+----
++
+[source,text]
+----
+Allowed by network policy iperf.iperf3-server-access-egress, direction Egress
+----
++
+[source,text]
+----
+Allowed by admin network policy allow-egress-iperf, direction Egress
+----

observability/network_observability/observing-network-traffic.adoc

@@ -41,6 +41,11 @@ include::modules/network-observability-flow-filter-parameters.adoc[leveloffset=+
 * xref:../../observability/network_observability/metrics-alerts-dashboards.adoc#network-observability-metrics_metrics-dashboards-alerts[Network Observability metrics]
 * xref:../../observability/network_observability/network-observability-operator-monitoring.adoc#network-observability-health-dashboard-overview_network_observability[Health dashboards]
 
+include::modules/network-observability-networking-events-overview.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-viewing-network-events_nw-observe-network-traffic[Viewing network events]
+
 //Traffic flows
 include::modules/network-observability-trafficflow.adoc[leveloffset=+1]
 include::modules/network-observability-working-with-trafficflow.adoc[leveloffset=+2]
@@ -52,6 +57,15 @@ include::modules/network-observability-RTT.adoc[leveloffset=+2]
 include::modules/network-observability-histogram-trafficflow.adoc[leveloffset=+2]
 include::modules/network-observability-working-with-zones.adoc[leveloffset=+2]
 include::modules/network-observability-filtering-ebpf-rule.adoc[leveloffset=+2]
+include::modules/network-observability-viewing-network-events.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling-features-cli_nodes-cluster-enabling[Enabling feature sets using the CLI]
+//Temp link until merge reconciliation
+* link:https://docs.openshift.com/container-platform/4.18/networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.html#nw-ovn-kubernetes-observability_ovn-kubernetes-sources-of-troubleshooting-information[Checking OVN-Kubernetes network traffic with OVS sampling using the CLI]
+
+// * xr3f:../networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc#nw-ovn-kubernetes-observability_ovn-kubernetes-sources-of-troubleshooting-information[Checking OVN-Kubernetes network traffic with OVS sampling using the CLI]
 
 //Topology
 include::modules/network-observability-topology.adoc[leveloffset=+1]