OSDOCS-10877: Virtualization in Network Observability

Author: skrthomas

_topic_maps/_topic_map.yml

@@ -2922,6 +2922,8 @@ Topics:
     File: network-observability-operator-monitoring
   - Name: Scheduling resources
     File: network-observability-scheduling-resources
+  - Name: Secondary networks
+    File: network-observability-secondary-networks
   - Name: Network Observability CLI
     Dir: netobserv_cli
     Topics:

modules/network-observability-SRIOV-configuration.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * network_observability/configuring-operator.adoc
+// * observability/network_observability/network-observability-secondary-networks.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="network-observability-SR-IOV-config_{context}"]

modules/network-observability-virtualization-configuration.adoc

@@ -0,0 +1,93 @@
+// Module included in the following assemblies:
+//
+// * observability/network_observability/network-observability-secondary-networks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-virtualization-config_{context}"]
+= Configuring virtual machine (VM) secondary network interfaces for Network Observability
+You can observe networking patterns on an OpenShift Virtualization setup by identifying eBPF-enriched network flows coming from VMs that are connected to secondary networks, such as through Open Virtual Network (OVN)-Kubernetes, or SR-IOV CNI plugins. Network flows coming from VMs that are connected to the default internal pod network are automatically captured by Network Observability.
+
+.Procedure
+. Get information about the virtual machine launcher pod by running the following command. This information is used in Step 2: 
++
+[source,terminal]
+----
+$ oc get pod virt-launcher-<vm_name>-<suffix> -n <namespace> -o yaml
+----
++
+[source,yaml]
+----
+$ oc get pod virt-launcher-fedora-aqua-fowl-13-zr2x9 -n my-vms -o yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    k8s.v1.cni.cncf.io/network-status: |- 
+      [{
+        "name": "ovn-kubernetes",
+        "interface": "eth0",
+        "ips": [
+          "10.129.2.39"
+        ],
+        "mac": "0a:58:0a:81:02:27",
+        "default": true,
+        "dns": {}
+      },
+      {
+        "name": "my-vms/l2-network",   <1>
+        "interface": "podc0f69e19ba2", <2>
+        "ips": [
+          "10.10.10.15"
+        ], <3>
+        "mac": "02:fb:f8:00:00:12",    <4>
+        "dns": {}
+      }]
+  name: virt-launcher-fedora-aqua-fowl-13-zr2x9
+  namespace: my-vms
+spec:
+  ...
+status:
+  ...
+----
+<1> The name of the secondary network.
+<2> The network interface name of the secondary network.
+<3> The list of IPs used by the secondary network.
+<4> The MAC address used for secondary network.
+
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* and then select the *YAML* tab.
+. Configure `FlowCollector` based on the information you found from the additional network investigation. 
++
+[source,yaml]
+----
+apiVersion: flows.netobserv.io/v1beta2
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+# ...
+ebpf:
+    privileged: true              <1>
+  processor:
+    advanced:
+      secondaryNetworks:
+      - index:                    <2>
+        - Interface
+        - MAC                     <3>
+        - IP                      <4>
+        name: my-vms/l2-network   <5> 
+# ...
+----
+<.> Ensure that the ebpf agent is in `privileged` mode so that the flows are enriched according to the MAC address.
+<.> Define the fields to use for indexing the virtual machine launcher pods. These should form a unique identifier across the cluster according to the fields available in `k8s.v1.cni.cncf.io/network-status` annotation. Not all secondary networks have all the index fields in this example. Ensure that only the fields that are annotated in your secondary interface are listed here and if they are not annotated, they are removed.
+<.> If your additional network information has a MAC address, specify it here.
+<.> If your additional network information has an IP address, specify it here.
+<.> Specify the name of the network found in `k8s.v1.cni.cncf.io/network-status` annotation. Usually <namespace>/<network_attachement_definition_name>. 
+
+. Ping from one VM to another for secondary interface IP.
+
+.Verification
+. Navigate to the *Network Traffic* page.
+. Filter by *Source* IP using your virtual machine IP found in `k8s.v1.cni.cncf.io/network-status` annotation.
+. View both *Source* and *Destination* fields should enriched identifying VM launcher Pods and VM instance as Owners

observability/network_observability/configuring-operator.adoc

@@ -24,10 +24,5 @@ For more information about specifying flow format, see xref:../../observability/
 
 include::modules/network-observability-configuring-FLP-sampling.adoc[leveloffset=+1]
 include::modules/network-observability-configuring-quickfilters-flowcollector.adoc[leveloffset=+1]
-include::modules/network-observability-SRIOV-configuration.adoc[leveloffset=+1]
-[role="_additional-resources"]
-.Additional resources
-For more information about creating the `SriovNetwork` custom resource, see xref:../../networking/hardware_networks/configuring-sriov-device.adoc#cnf-creating-an-additional-sriov-network-with-vrf-plug-in_configuring-sriov-device[Creating an additional SR-IOV network attachment with the CNI VRF plugin].
-
 include::modules/network-observability-resource-recommendations.adoc[leveloffset=+1]
 include::modules/network-observability-resources-table.adoc[leveloffset=+2]

observability/network_observability/installing-operators.adoc

@@ -43,7 +43,7 @@ Once you create the `FlowCollector` instance, you can reconfigure it, but the po
 
 * xref:../../observability/network_observability/configuring-operator.adoc#network-observability-flowcollector-kafka-config_network_observability[Configuring the Flow Collector resource with Kafka]
 * xref:../../observability/network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data to Kafka or IPFIX]
-* xref:../../observability/network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[Configuring monitoring for SR-IOV interface traffic]
+* xref:../../observability/network_observability/network-observability-secondary-networks.adoc#network-observability-SR-IOV-config_secondary_networks[Configuring monitoring for SR-IOV interface traffic]
 * xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversation tracking]
 * xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-dns-tracking_nw-observe-network-traffic[Working with DNS tracking]
 * xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-packet-drops_nw-observe-network-traffic[Working with packet drops]

observability/network_observability/network-observability-operator-release-notes.adoc

@@ -249,7 +249,7 @@ For more information, see xref:../../observability/network_observability/observi
 
 [id="SR-IOV-configuration-1.4"]
 ==== SR-IOV support
-You can now collect traffic from a cluster with Single Root I/O Virtualization (SR-IOV) device. For more information, see xref:../../observability/network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[Configuring the monitoring of SR-IOV interface traffic].
+You can now collect traffic from a cluster with Single Root I/O Virtualization (SR-IOV) device. For more information, see xref:../../observability/network_observability/network-observability-secondary-networks.adoc#network-observability-SR-IOV-config_secondary_networks[Configuring the monitoring of SR-IOV interface traffic].
 
 [id="IPFIX-support-1.4"]
 ==== IPFIX exporter support
@@ -266,7 +266,7 @@ Network Observability Operator can now run on `s390x` architecture. Previously i
 === Bug fixes
 * Previously, the Prometheus metrics exported by Network Observability were computed out of potentially duplicated network flows. In the related dashboards, from *Observe* -> *Dashboards*, this could result in potentially doubled rates. Note that dashboards from the *Network Traffic* view were not affected. Now, network flows are filtered to eliminate duplicates before metrics calculation, which results in correct traffic rates displayed in the dashboards. (link:https://issues.redhat.com/browse/NETOBSERV-1131[*NETOBSERV-1131*])
 
-* Previously, the Network Observability Operator agents were not able to capture traffic on network interfaces when configured with Multus or SR-IOV, non-default network namespaces. Now, all available network namespaces are recognized and used for capturing flows, allowing capturing traffic for SR-IOV. There are xref:../../observability/network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[configurations needed] for the `FlowCollector` and `SRIOVnetwork` custom resource to collect traffic.
+* Previously, the Network Observability Operator agents were not able to capture traffic on network interfaces when configured with Multus or SR-IOV, non-default network namespaces. Now, all available network namespaces are recognized and used for capturing flows, allowing capturing traffic for SR-IOV. There are xref:../../observability/network_observability/network-observability-secondary-networks.adoc#network-observability-SR-IOV-config_secondary_networks[configurations needed] for the `FlowCollector` and `SRIOVnetwork` custom resource to collect traffic.
 (link:https://issues.redhat.com/browse/NETOBSERV-1283[*NETOBSERV-1283*])
 
 * Previously, in the Network Observability Operator details from *Operators* -> *Installed Operators*, the `FlowCollector` *Status* field might have reported incorrect information about the state of the deployment. The status field now shows the proper conditions with improved messages. The history of events is kept, ordered by event date. (link:https://issues.redhat.com/browse/NETOBSERV-1224[*NETOBSERV-1224*])

observability/network_observability/network-observability-secondary-networks.adoc

@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="network-observability-secondary-networks"]
+= Secondary networks
+include::_attributes/common-attributes.adoc[]
+:context: secondary_networks
+
+toc::[]
+You can configure the Network Observability Operator to collect and enrich network flow data from secondary networks, such as SR-IOV and Open Virtual Network (OVN)-Kubernetes.
+
+// Note to tech review:
+// Is the existing SR-IOV example we have, "Configuring monitoring for SR-IOV interface traffic", an example of secondary network? If so, it is not through a VM, right? 
+
+.Prerequisites
+* Access to an {product-title} cluster with an additional network interface, such as a secondary interface or an L2 network.
+* The `spec.agent.ebpf.privileged` field must be set to `true`.
+
+include::modules/network-observability-SRIOV-configuration.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+For more information about creating the `SriovNetwork` custom resource, see xref:../../networking/hardware_networks/configuring-sriov-device.adoc#cnf-creating-an-additional-sriov-network-with-vrf-plug-in_configuring-sriov-device[Creating an additional SR-IOV network attachment with the CNI VRF plugin].
+
+include::modules/network-observability-virtualization-configuration.adoc[leveloffset=+1]