diff --git a/modules/network-observability-networking-events-overview.adoc b/modules/network-observability-networking-events-overview.adoc new file mode 100644 index 000000000000..965a3e1d4187 --- /dev/null +++ b/modules/network-observability-networking-events-overview.adoc @@ -0,0 +1,17 @@ +// Module included in the following assemblies: +// +// network_observability/observing-network-traffic.adoc + +:_mod-docs-content-type: CONCEPT +[id="network-observability-networking-events-overview_{context}"] += OVN Kubernetes networking events +:FeatureName: OVN-Kubernetes networking events tracking +include::snippets/technology-preview.adoc[] + +You use network event tracking in Network Observability to gain insight into OVN-Kubernetes events, including network policies, admin network policies, and egress firewalls. You can use the insights from tracking network events to help with the following tasks: + +* Network monitoring: Monitor allowed and blocked traffic, detecting whether packets are allowed or blocked based on network policies and admin network policies. + +* Network security: You can track outbound traffic and see whether it adheres to egress firewall rules. Detect unauthorized outbound connections and flag outbound traffic that violates egress rules. + +See the _Additional resources_ in this section for more information about enabling and working with this view. \ No newline at end of file diff --git a/modules/network-observability-viewing-network-events.adoc b/modules/network-observability-viewing-network-events.adoc new file mode 100644 index 000000000000..b8aa0df0f9db --- /dev/null +++ b/modules/network-observability-viewing-network-events.adoc @@ -0,0 +1,60 @@ +// Module included in the following assemblies: +// +// * network_observability/observing-network-traffic.adoc + +:_mod-docs-content-type: PROCEDURE +[id="network-observability-viewing-network-events_{context}"] += Viewing network events +:FeatureName: OVN-Kubernetes networking events tracking +include::snippets/technology-preview.adoc[] + +You can edit the `FlowCollector` to view information about network traffic events, such as network flows that are dropped or allowed by the following resources: + +* `NetworkPolicy` +* `AdminNetworkPolicy` +* `BaselineNetworkPolicy` +* `EgressFirewall` +* `UserDefinedNetwork` isolation +* Multicast ACLs + +.Prerequisites +* You must have `OVNObservability` enabled by setting the `TechPreviewNoUpgrade` feature set in the `FeatureGate` custom resource (CR) named `cluster`. For more information, see "Enabling feature sets using the CLI" and "Checking OVN-Kubernetes network traffic with OVS sampling using the CLI". +* You have created at least one of the following network APIs: `NetworkPolicy`, `AdminNetworkPolicy`, `BaselineNetworkPolicy`, `UserDefinedNetwork` isolation, multicast, or `EgressFirewall`. + +.Procedure +. In the web console, navigate to *Operators* -> *Installed Operators*. +. In the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. +. Select *cluster*, and then select the *YAML* tab. +. Configure the `FlowCollector` CR to enable viewing `NetworkEvents`, for example: ++ +[id="network-observability-flowcollector-configuring-networkevents{context}"] +.Example `FlowCollector` configuration +[source, yaml] +---- +apiVersion: flows.netobserv.io/v1beta2 +kind: FlowCollector +metadata: + name: cluster +spec: + agent: + type: eBPF + ebpf: + # sampling: 1 <1> + privileged: true <2> + features: + - "NetworkEvents" +---- +<1> Optional: The `sampling` parameter is set to a value of 1 so that all network events are captured. If sampling `1` is too resource heavy, set sampling to something more appropriate for your needs. +<2> The `privileged` parameter is set to `true` because the `OVN observability` library needs to access local Open vSwitch (OVS) socket and OpenShift Virtual Network (OVN) databases. + +.Verification +. Navigate to the *Network Traffic* view and select the *Traffic flows* table. +. You should see the new column, *Network Events*, where you can view information about impacts of one of the following network APIs you have enabled: `NetworkPolicy`, `AdminNetworkPolicy`, `BaselineNetworkPolicy`, `UserDefinedNetwork` isolation, multicast, or egress firewalls. + +An example of the kind of events you could see in this column is as follows: ++ +.Example of Network Events output +[source,text] +---- + by , direction +---- diff --git a/observability/network_observability/observing-network-traffic.adoc b/observability/network_observability/observing-network-traffic.adoc index 3eb5763d350a..f6077154c997 100644 --- a/observability/network_observability/observing-network-traffic.adoc +++ b/observability/network_observability/observing-network-traffic.adoc @@ -41,6 +41,11 @@ include::modules/network-observability-flow-filter-parameters.adoc[leveloffset=+ * xref:../../observability/network_observability/metrics-alerts-dashboards.adoc#network-observability-metrics_metrics-dashboards-alerts[Network Observability metrics] * xref:../../observability/network_observability/network-observability-operator-monitoring.adoc#network-observability-health-dashboard-overview_network_observability[Health dashboards] +include::modules/network-observability-networking-events-overview.adoc[leveloffset=+2] +[role="_additional-resources"] +.Additional resources +* xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-viewing-network-events_nw-observe-network-traffic[Viewing network events] + //Traffic flows include::modules/network-observability-trafficflow.adoc[leveloffset=+1] include::modules/network-observability-working-with-trafficflow.adoc[leveloffset=+2] @@ -54,6 +59,12 @@ include::modules/network-observability-working-with-zones.adoc[leveloffset=+2] include::modules/network-observability-filtering-ebpf-rule.adoc[leveloffset=+2] include::modules/network-observability-packet-translation-overview.adoc[leveloffset=+2] include::modules/network-observability-packet-translation.adoc[leveloffset=+2] +include::modules/network-observability-viewing-network-events.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources +* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling-features-cli_nodes-cluster-enabling[Enabling feature sets using the CLI] +* xref:../../networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc#nw-ovn-kubernetes-observability_ovn-kubernetes-sources-of-troubleshooting-information[Checking OVN-Kubernetes network traffic with OVS sampling using the CLI] //Topology include::modules/network-observability-topology.adoc[leveloffset=+1]