yahoo-eng-team team mailing list archive

[LIU Yulong <2071323@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

What is Flow log:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-basics.html
https://www.alibabacloud.com/help/en/cen/user-guide/configure-a-flow-log

User traffic flow (connection 5-tuple) for one port or ports from one
network (VPC) can be monitor and collect to the LOG service. Then it can
be used for traffic analysis, attack detection and security.

It is not a port or NIC dimension, one port can have many flows (connections), the flow log will be something like this:
<neutron_port_id> <ip_src> <ip_dst> <l4_port_src> <l4_port_dst> <protocol> <accept/deny> <ingress/egress> <packets> <bytes> <collect_start_time> <collect_end_time>

More details about the Flow log record examples:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html

So for OpenStack Networking Service Neutron, how to:
1. write the security group rules accept/deny connection statistics (packets/bytes) data (does OVS have such ability, such as sFlow? conntrack is useful for such production?)
2. collect the data (neutron agents can do such work?)
3. report the data (metering-agent can report the data?)

** Affects: neutron
     Importance: Undecided
         Status: New

** Description changed:

  What is Flow log:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-basics.html
  https://www.alibabacloud.com/help/en/cen/user-guide/configure-a-flow-log
  
  User traffic flow (connection 5-tuple) for one port or ports from one
  network (VPC) can be monitor and collect to the LOG service. Then it can
  be used for traffic analysis, attack detection and security.
  
  It is not a port or NIC dimension, one port can have many flows (connections), the flow log will be something like this:
  <neutron_port_id> <ip_src> <ip_dst> <l4_port_src> <l4_port_dst> <protocol> <accept/deny> <ingress/egress> <packets> <bytes> <collect_start_time> <collect_end_time>
  
  More details about the Flow log record examples:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html
  
  So for OpenStack Networking Service Neutron, how to:
- 1. write the security group rules accept/deny connetion statistics (packets/bytes) data (does OVS has such ability, such as sFlow? conntrack is useful for such production?)
+ 1. write the security group rules accept/deny connection statistics (packets/bytes) data (does OVS has such ability, such as sFlow? conntrack is useful for such production?)
  2. collect the data (neutron agents can do such work?)
  3. report the data (metering-agent can report the data?)

** Description changed:

  What is Flow log:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-basics.html
  https://www.alibabacloud.com/help/en/cen/user-guide/configure-a-flow-log
  
  User traffic flow (connection 5-tuple) for one port or ports from one
  network (VPC) can be monitor and collect to the LOG service. Then it can
  be used for traffic analysis, attack detection and security.
  
  It is not a port or NIC dimension, one port can have many flows (connections), the flow log will be something like this:
  <neutron_port_id> <ip_src> <ip_dst> <l4_port_src> <l4_port_dst> <protocol> <accept/deny> <ingress/egress> <packets> <bytes> <collect_start_time> <collect_end_time>
  
  More details about the Flow log record examples:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html
  
  So for OpenStack Networking Service Neutron, how to:
- 1. write the security group rules accept/deny connection statistics (packets/bytes) data (does OVS has such ability, such as sFlow? conntrack is useful for such production?)
+ 1. write the security group rules accept/deny connection statistics (packets/bytes) data (does OVS have such ability, such as sFlow? conntrack is useful for such production?)
  2. collect the data (neutron agents can do such work?)
  3. report the data (metering-agent can report the data?)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2071323

Title:
  [RFE] Flow logs support for OpenStack Networking

Status in neutron:
  New

Bug description:
  What is Flow log:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-basics.html
  https://www.alibabacloud.com/help/en/cen/user-guide/configure-a-flow-log

  User traffic flow (connection 5-tuple) for one port or ports from one
  network (VPC) can be monitor and collect to the LOG service. Then it
  can be used for traffic analysis, attack detection and security.

  It is not a port or NIC dimension, one port can have many flows (connections), the flow log will be something like this:
  <neutron_port_id> <ip_src> <ip_dst> <l4_port_src> <l4_port_dst> <protocol> <accept/deny> <ingress/egress> <packets> <bytes> <collect_start_time> <collect_end_time>

  More details about the Flow log record examples:
  https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html

  So for OpenStack Networking Service Neutron, how to:
  1. write the security group rules accept/deny connection statistics (packets/bytes) data (does OVS have such ability, such as sFlow? conntrack is useful for such production?)
  2. collect the data (neutron agents can do such work?)
  3. report the data (metering-agent can report the data?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2071323/+subscriptions