NETOBSERV-1235 Reporter option issues

[jpinsonneau]

Followup to fix #311 issues

• skip dedup on conversations
• metrics queries on ingress by default
• expose FlowDirection as filter to let user choose metrics seen
• mergeFlowReporters 5 tuple + ingress as favorite (FlowDirection filter override this behavior)

See netobserv/network-observability-operator#402 for metrics consistency

[codecov]

Codecov Report

Merging #366 (5a89060) into main (f2a289f) will decrease coverage by 0.60%.
The diff coverage is 53.12%.

❗ Current head 5a89060 differs from pull request most recent head bd7ffc5. Consider uploading reports for the commit bd7ffc5 to get more accurate results

@@            Coverage Diff             @@
##             main     #366      +/-   ##
==========================================
- Coverage   57.83%   57.24%   -0.60%     
==========================================
  Files         166      167       +1     
  Lines        7679     7774      +95     
  Branches      918      924       +6     
==========================================
+ Hits         4441     4450       +9     
- Misses       2971     3056      +85     
- Partials      267      268       +1     

Flag	Coverage Δ
uitests	58.11% <52.00%> (-0.06%)	⬇️
unittests	54.83% <57.14%> (-2.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
...rc/components/dropdowns/query-options-dropdown.tsx	82.35% <ø> (ø)
web/src/components/netflow-traffic.tsx	55.77% <ø> (ø)
web/src/model/filters.ts	72.30% <ø> (ø)
web/src/utils/columns.ts	66.53% <ø> (ø)
web/src/utils/filter-definitions.ts	66.66% <0.00%> (-4.52%)	⬇️
pkg/handler/flows.go	62.02% <25.00%> (-2.45%)	⬇️
web/src/utils/filter-options.ts	51.85% <50.00%> (-0.21%)	⬇️
pkg/model/filters/filters.go	82.22% <100.00%> (ø)
web/src/utils/flows.ts	100.00% <100.00%> (ø)
web/src/utils/ids.ts	94.44% <100.00%> (+0.69%)	⬆️

... and 1 file with indirect coverage changes

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:846bd0a

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=846bd0a make set-plugin-image

[msherif1234]

why would reversing the logic works now, I think u saw that same issue either way ?

[jpinsonneau]

DNS response codes are in INGRESS flows so I want these first and then fill the gap with the EGRESS ones.
pktDrop seems to be more consistent but I also saw differences

[jpinsonneau]

I'm investigating both download / upload from pod cases since I have issue with old implementation and new one

[jpinsonneau]

Here are my tests for consistency:

• using sampling 1
• Download a ubuntu.iso of 1000.73 MB and observe transferts between the IP and Node
• Upload the downloaded image and see the differences with the new IP

--- download ---
curl https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-desktop-amd64.iso --output /tmp/ubuntu.iso

reinterpret + Egress (old implementation)
pod 	1.2GB
node	1.3GB
=> same results using ingress

no reinterpret + Egress
pod 	922.7MB
node	625.1MB

no reinterpret + Ingress (new implementation)
pod 	9.2MB ???
node	630.4MB

--- upload ---
curl bashupload.com -T /tmp/ubuntu.iso

reinterpret + Egress (old implementation)
pod 	2.8GB
node	4.1GB
=> same results using ingress

no reinterpret + Egress
pod 	4.4MB ??
node	2.1GB

no reinterpret + Ingress (new implementation)
pod 	2.1GB
node	2.1GB

Note:

• If you download a file from a pod and set Destination Namespace, you don't see the expected bytes in topology view with my update.
  With the original one it worked:
  

• If you upload a file from a pod and set Source Namespace, you see your flows with my update.
  With the original one it didn't worked:
  

So in conclusion we can't do that simplification as is if we want to keep Src / Dst consistency and track both download & upload amounts !

[jpinsonneau]

see #366 (comment) solution 😸

[msherif1234]

can u explain allconnections check ?

[jpinsonneau]

On frontend side, you can only switch between 'flowLogs' or 'allConnections'.

However, conntrack events doesn't have the "Duplicate" field. It actually doesn't make sense to filter on this so I disable the checkbox in the interface.

FYI the connection tracking automatically skip duplicates while doing the aggregates
https://github.com/netobserv/flowlogs-pipeline/blob/main/pkg/pipeline/extract/conntrack/conntrack.go#L71-L73

[jpinsonneau]

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:c9dbdcb

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=c9dbdcb make set-plugin-image

[jpinsonneau]

I finally got the expected behavior adding the FlowDirection filter and using netobserv/network-observability-operator#402 to remove the reinterpret direction.
That approach is based on Ingress by default but allow the user to add a filter on Ingress, Egress or both.

• Download scenario:
  
  
  

• Upload scenario:
  
  
  

The numbers are also correct here (using sampling 50):

sh-4.4$ curl bashupload.com -T /tmp/ubuntu.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 99 4699M    0     0   99 4688M      0  15.6M  0:05:00  0:04:59  0:00:01 15.2M

92.8*50 = 4640 (node) / 93.2*50 = 4660 (pod) which is almost the expected 4688M

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:27681b6

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=27681b6 make set-plugin-image

[jpinsonneau]

Also took the opportunity to manage routing for topology view bd7ffc5

When both pod <> external & node<>external edges are available, the final render will be pod<>node<>external

Else it will fallback on previous behavior:

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:47254cc

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=47254cc make set-plugin-image

[jotak]

/lgtm
thanks!

[jpinsonneau]

I'm merging this as the impact is quite huge. Let's open followups if needed.

[jpinsonneau]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpinsonneau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jpinsonneau]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment