neutron

Bug #2071323
Comment #0

Comment 0 for bug 2071323

Revision history for this message

LIU Yulong (dragon889) wrote on 2024-06-27:

What is Flow log:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-basics.html
https://www.alibabacloud.com/help/en/cen/user-guide/configure-a-flow-log

User traffic flow (connection 5-tuple) for one port or ports from one network (VPC) can be monitor and collect to the LOG service. Then it can be used for traffic analysis, attack detection and security.

It is not a port or NIC dimension, one port can have many flows (connections), the flow log will be something like this:
<neutron_port_id> <ip_src> <ip_dst> <l4_port_src> <l4_port_dst> <protocol> <accept/deny> <ingress/egress> <packets> <bytes> <collect_start_time> <collect_end_time>

More details about the Flow log record examples:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html

So for OpenStack Networking Service Neutron, how to:
1. write the security group rules accept/deny connetion statistics (packets/bytes) data (does OVS has such ability, such as sFlow? conntrack is useful for such production?)
2. collect the data (neutron agents can do such work?)
3. report the data (metering-agent can report the data?)