Skip to content

Commit

Permalink
Add option to disable flow logging for network instance
Browse files Browse the repository at this point in the history 
Flow-logging is an EVE feature that allows to collect information
about every application network flow. This includes attributes like
src/dst IP, src/dst port, ACL rule applied, packet/byte counters, etc.

However, this feature is always enabled for every network instance and
can produce lot of data which are then uploaded to the cloud.
We have seen cases where this amounted to hundreds of GB each week,
which was a burden for the controller's database.

Another drawback of flow-logging is that the iptables rules that EVE
installs for network instances are considerably more complicated because
of this feature and thus introduce additional packet processing overhead.

This API change introduced a new boolean option to disable flow logging
for a given Network Instance.
It is recommended that the controller disables flow logging unless it is
explicitly enabled by the user.

Signed-off-by: Milan Lenco <milan@zededa.com>
  • Loading branch information
@milan-zededa @eriknordmark
milan-zededa authored and eriknordmark committed Jul 23, 2024
1 parent ed56da4 commit ecaad5b
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions proto/config/netinst.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,4 +297,17 @@ message NetworkInstanceConfig {
// as MTU for air-gapped network instances and the lowest MTU among NI ports for NIs with
// external connectivity.
uint32 mtu = 44;

// Disable flow logging for this network instance.
// When flow logging is enabled, EVE periodically records all application TCP and UDP
// flows. A flow record includes the application UUID, VIF name, open/close timestamps,
// source/destination IP/port/protocol 5-tuple, and packet and byte counters.
// Additionally, EVE records every DNS request made by an application, including
// the request time, the hostname being resolved, and the returned IP address(es).
// The flow logging API can be found in proto/config/flowlog/flowlog.proto
// If flow logging is not needed, it is recommended to disable this feature as it
// can potentially generate a large amount of data, which is then uploaded to the controller.
// Depending on the implementation, it may also introduce additional packet processing
// overhead.
bool disable_flowlog = 50;
}

0 comments on commit ecaad5b

Please sign in to comment.