NETOBSERV-1275: Introduce new "INNER" direction for inner-node traffic

[jotak]

Related PR: netobserv/flowlogs-pipeline#483

The flows (and duplicates) generated for inner-node traffic differs compared to node-to-node traffic, and reinterpret direction isn't able to decide between ingress or egress. This is causing discrepancies with the dedup mechanism that filters out flows where Duplicate=true and also favors ingress over egress, since the Duplicate flag can be set randomly on ingress or on egress.

To fix that, the proposed solution is to create this new INNER direction specifically for this kind of traffic. Deduping this INNER traffic can then rely solely on the Duplicate flag, since that flag was set from a single Agent (single node) there will always be only one Duplicate=false.

[github-actions]

New image:
quay.io/netobserv/network-observability-console-plugin:5ea6d76

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=5ea6d76 make set-plugin-image

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-1275 which is a valid jira issue.

In response to this:

Related PR: netobserv/flowlogs-pipeline#483

The flows (and duplicates) generated for inner-node traffic differs compared to node-to-node traffic, and reinterpret direction isn't able to decide between ingress or egress. This is causing discrepancies with the dedup mechanism that filters out flows where Duplicate=true and also favors ingress over egress, since the Duplicate flag can be set randomly on ingress or on egress.

To fix that, the proposed solution is to create this new INNER direction specifically for this kind of traffic. Deduping this INNER traffic can then rely solely on the Duplicate flag, since that flag was set from a single Agent (single node) there will always be only one Duplicate=false.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jotak]

In Traffic Flows views, new kind of Direction: Inner for on-node traffic:

The "Total bytes" metric on topology (edge labels) now matches the actual bytes count as reported in the Traffic Flows view:

[codecov]

Codecov Report

Patch coverage: 90.90% and project coverage change: -0.77% ⚠️

Comparison is base (1ca3b6a) 57.94% compared to head (2fafef4) 57.17%.
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #378      +/-   ##
==========================================
- Coverage   57.94%   57.17%   -0.77%     
==========================================
  Files         166      167       +1     
  Lines        7725     7885     +160     
  Branches      938      959      +21     
==========================================
+ Hits         4476     4508      +32     
- Misses       2981     3101     +120     
- Partials      268      276       +8     

Flag	Coverage Δ
uitests	58.03% <88.88%> (-0.31%)	⬇️
unittests	54.79% <100.00%> (-2.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
...rc/components/dropdowns/query-options-dropdown.tsx	82.35% <ø> (ø)
web/src/utils/columns.ts	66.53% <ø> (+<0.01%)	⬆️
web/src/utils/filter-definitions.ts	66.66% <ø> (ø)
web/src/utils/filter-options.ts	51.85% <ø> (ø)
web/src/components/netflow-record/record-field.tsx	69.56% <50.00%> (ø)
pkg/model/filters/filters.go	82.22% <100.00%> (ø)
web/src/api/ipfix.ts	100.00% <100.00%> (ø)
web/src/utils/flows.ts	100.00% <100.00%> (ø)

... and 24 files with indirect coverage changes

☔ View full report in Codecov by Sentry.

📢 Have feedback on the report? Share it here.

[jpinsonneau]

Approach seems good, thanks @jotak
Have you tried with conversation tracking ? It would be great to solve all at once. See netobserv/flowlogs-pipeline#483 (review)

[jpinsonneau]

Suggested change

	r.fields.DnsId !== undefined || r.fields.PktDropBytes !== undefined || r.fields.PktDropPackets !== undefined
	r.fields.DnsId !== undefined || r.fields.PktDropPackets !== undefined

I rely on PktDropPackets for this check. Same on FLP side.

[jpinsonneau]

Also need to change the Duplicated flows tooltip if you do that change:
Currently:

A flow might be reported from several interfaces, and from both source and destination nodes, making it appear several times. 
By default, duplicates are hidden in favor of Ingress traffic. Showing duplicates is not possible in Overview and Topology tabs to avoid altering metric calculations. 
Use Direction filter to switch between Ingress / Egress traffic.

[jotak]

Also in the Direction column tooltip, we should probably clarify that it's direction related to the node

[jpinsonneau]

yes, I was even thinking about changing the column name to make it more explicit.

Should we also expose IfDirection as filter / column ?

[jotak]

+1, I created a follow-up: https://issues.redhat.com/browse/NETOBSERV-1280

[jotak]

thanks @jpinsonneau
/approve
will be tested by QE post-merge

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jotak

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jotak]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment