openshift-docs/modules/network-observability-SRIOV-configuration.adoc

// Module included in the following assemblies:
//
// * observability/network_observability/network-observability-secondary-networks.adoc

:_mod-docs-content-type: PROCEDURE
[id="network-observability-SR-IOV-config_{context}"]
= Configuring monitoring for SR-IOV interface traffic

[role="_abstract"]
Configure the `FlowCollector` resource to monitor traffic on Single Root I/O Virtualization (SR-IOV) device by setting the `spec.agent.ebpf.privileged` field to `true`, which enables the eBPF agent to monitor other network namespaces.

The eBPF agent monitors other network namespaces in addition to the host network namespaces, which are monitored by default. When a pod with a virtual functions (VF) interface is created, a new network namespace is created. With `SRIOVNetwork` policy `IPAM` configurations specified, the VF interface is migrated from the host network namespace to the pod network namespace.

.Prerequisites
* Access to an {product-title} cluster with a SR-IOV device.
* The `SRIOVNetwork` custom resource (CR) `spec.ipam` configuration must be set with an IP address from the range that the interface lists or from other plugins.

.Procedure
. In the web console, navigate to *Ecosystem* -> *Installed Operators*.
. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
. Select *cluster* and then select the *YAML* tab.
. Configure the `FlowCollector` custom resource. A sample configuration is as follows:
+
.Configure `FlowCollector` for SR-IOV monitoring
[source,yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
  name: cluster
spec:
  namespace: netobserv
  deploymentModel: Direct
  agent:
    type: eBPF
    ebpf:
      privileged: true   <1>
----
<1> The `spec.agent.ebpf.privileged` field value must be set to `true` to enable SR-IOV monitoring.