openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
c980d6dcb5d0aa57450ce2bafd3d56b3f4e1f559
openshift-docs/modules/network-observability-filtering-ebpf-rule.adoc
Andrea Hoffer c980d6dcb5 Fixing some typos
2025-10-06 14:13:08 -04:00

90 lines
3.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
// network_observability/observing-network-traffic.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-filtering-ebpf-rule_{context}"]
= Filtering eBPF flow data using multiple rules
You can configure the `FlowCollector` custom resource to filter eBPF flows using multiple rules to control the flow of packets cached in the eBPF flow table.
[IMPORTANT]
====
* You cannot use duplicate Classless Inter-Domain Routing (CIDRs) in filter rules.
* When an IP address matches multiple filter rules, the rule with the most specific CIDR prefix (longest prefix) takes precedence.
====
.Procedure
. In the web console, navigate to *Operators* -> *Installed Operators*.
. Under the *Provided APIs* heading for *Network Observability*, select *Flow Collector*.
. Select *cluster*, then select the *YAML* tab.
. Configure the `FlowCollector` custom resource, similar to the following sample configurations:
.Example YAML to sample all North-South traffic, and 1:50 East-West traffic
By default, all other flows are rejected.
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
deploymentModel: Direct
agent:
type: eBPF
ebpf:
flowFilter:
enable: true <1>
rules:
- action: Accept <2>
cidr: 0.0.0.0/0 <3>
sampling: 1 <4>
- action: Accept
cidr: 10.128.0.0/14
peerCIDR: 10.128.0.0/14 <5>
- action: Accept
cidr: 172.30.0.0/16
peerCIDR: 10.128.0.0/14
sampling: 50
----
<1> To enable eBPF flow filtering, set `spec.agent.ebpf.flowFilter.enable` to `true`.
<2> To define the action for the flow filter rule, set the required `action` parameter. Valid values are `Accept` or `Reject`.
<3> To define the IP address and CIDR mask for the flow filter rule, set the required `cidr` parameter. This parameter supports both IPv4 and IPv6 address formats. To match any IP address, use `0.0.0.0/0` for IPv4 or `::/0` for IPv6.
<4> To define the sampling rate for matched flows and override the global sampling setting `spec.agent.ebpf.sampling`, set the `sampling` parameter.
<5> To filter flows by Peer IP CIDR, set the `peerCIDR` parameter.
.Example YAML to filter flows with packet drops
By default, all other flows are rejected.
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
deploymentModel: Direct
agent:
type: eBPF
ebpf:
privileged: true <1>
features:
- PacketDrop <2>
flowFilter:
enable: true <3>
rules:
- action: Accept <4>
cidr: 172.30.0.0/16
pktDrops: true <5>
----
<1> To enable packet drops, set `spec.agent.ebpf.privileged` to `true`.
<2> To report packet drops for each network flow, add the `PacketDrop` value to the `spec.agent.ebpf.features` list.
<3> To enable eBPF flow filtering, set `spec.agent.ebpf.flowFilter.enable` to `true`.
<4> To define the action for the flow filter rule, set the required `action` parameter. Valid values are `Accept` or `Reject`.
<5> To filter flows containing drops, set `pktDrops` to `true`.
View Git Blame Copy Permalink