openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bf30f56217486112ccbff8d870ee16ffe9a0a2f0
openshift-docs/modules/network-observability-filtering-ebpf-rule.adoc
Andrea Hoffer bf30f56217 Fixing typos on main
2026-01-27 21:08:23 +00:00

91 lines
3.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
// network_observability/observing-network-traffic.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-filtering-ebpf-rule_{context}"]
= Filtering eBPF flow data using multiple rules
[role="_abstract"]
Configure multiple filtering rules in the `FlowCollector` custom resource to refine network traffic data collection by accepting or rejecting specific eBPF flows based on IP addresses and packet conditions.
[IMPORTANT]
====
* You cannot use duplicate Classless Inter-Domain Routing (CIDRs) in filter rules.
* When an IP address matches multiple filter rules, the rule with the most specific CIDR prefix (longest prefix) takes precedence.
====
.Procedure
. In the web console, navigate to *Ecosystem* -> *Installed Operators*.
. Under the *Provided APIs* heading for *Network Observability*, select *Flow Collector*.
. Select *cluster*, then select the *YAML* tab.
. Configure the `FlowCollector` custom resource, similar to the following sample configurations:
.Example YAML to sample all North-South traffic, and 1:50 East-West traffic
By default, all other flows are rejected.
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
deploymentModel: Direct
agent:
type: eBPF
ebpf:
flowFilter:
enable: true <1>
rules:
- action: Accept <2>
cidr: 0.0.0.0/0 <3>
sampling: 1 <4>
- action: Accept
cidr: 10.128.0.0/14
peerCIDR: 10.128.0.0/14 <5>
- action: Accept
cidr: 172.30.0.0/16
peerCIDR: 10.128.0.0/14
sampling: 50
----
<1> To enable eBPF flow filtering, set `spec.agent.ebpf.flowFilter.enable` to `true`.
<2> To define the action for the flow filter rule, set the required `action` parameter. Valid values are `Accept` or `Reject`.
<3> To define the IP address and CIDR mask for the flow filter rule, set the required `cidr` parameter. This parameter supports both IPv4 and IPv6 address formats. To match any IP address, use `0.0.0.0/0` for IPv4 or `::/0` for IPv6.
<4> To define the sampling interval for matched flows and override the global sampling setting `spec.agent.ebpf.sampling`, set the `sampling` parameter.
<5> To filter flows by Peer IP CIDR, set the `peerCIDR` parameter.
.Example YAML to filter flows with packet drops
By default, all other flows are rejected.
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
deploymentModel: Direct
agent:
type: eBPF
ebpf:
privileged: true <1>
features:
- PacketDrop <2>
flowFilter:
enable: true <3>
rules:
- action: Accept <4>
cidr: 172.30.0.0/16
pktDrops: true <5>
----
<1> To enable packet drops, set `spec.agent.ebpf.privileged` to `true`.
<2> To report packet drops for each network flow, add the `PacketDrop` value to the `spec.agent.ebpf.features` list.
<3> To enable eBPF flow filtering, set `spec.agent.ebpf.flowFilter.enable` to `true`.
<4> To define the action for the flow filter rule, set the required `action` parameter. Valid values are `Accept` or `Reject`.
<5> To filter flows containing drops, set `pktDrops` to `true`.
View Git Blame Copy Permalink