OpenShift 4.12 — NetFlow export to PRTG

Prerequisite

• installed PRTG (Windows just .exe double click — BAM!)
• OpenShift 4.12 with default CNI (OVN-Kubernetes)
• Cluster status is Healthy

Check network configuration on the cluster

## COMMAND
$ oc get network.operator cluster -o yaml 

## OUTPUT
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  annotations:
    networkoperator.openshift.io/ovn-cluster-initiator: <REDACTED>
  creationTimestamp: <REDACTED>
  generation: 656
  name: cluster
  resourceVersion: "37482612"
  uid: <REDACTED>
spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  defaultNetwork:
    ovnKubernetesConfig:
      egressIPConfig: {}
      gatewayConfig:
        routingViaHost: false
      genevePort: 6081
      mtu: 1400
      policyAuditConfig:
        destination: "null"
        maxFileSize: 50
        rateLimit: 20
        syslogFacility: local0
    type: OVNKubernetes
  deployKubeProxy: false
  disableMultiNetwork: false
  disableNetworkDiagnostics: false
  logLevel: Normal
  managementState: Managed
  observedConfig: null
  operatorLogLevel: Normal
  serviceNetwork:
  - 172.30.0.0/16
  unsupportedConfigOverrides: null
  useMultiNetworkPolicy: false

Configure PRTG to receive NetFlow(Example)

go to Devices -> add sensor -> netflow v5 -> configure
I use UDP port 2056on PRTG(Windows) to be a receiver port.

For me I leave other configuration default.

Configure export NetFlow to NetFlow Receiver

Add the following configuration under the spec section.

...
spec:
  exportNetworkFlows:
    netFlow:
      collectors:
        - 192.168.3.215:2056  -> Netflow Receiver IP and UDP port
...

## COMMAND
$ oc edit network.operator cluster

## FULL YAML for network.operator cluster with NetFlow Receiver
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  annotations:
    networkoperator.openshift.io/ovn-cluster-initiator: <REDACTED>
  creationTimestamp: <REDACTED>
  generation: 656
  name: cluster
  resourceVersion: "37482612"
  uid: <REDACTED>
spec:
  exportNetworkFlows:
    netFlow:
      collectors:
        - 192.168.3.215:2056
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  defaultNetwork:
    ovnKubernetesConfig:
      egressIPConfig: {}
      gatewayConfig:
        routingViaHost: false
      genevePort: 6081
      mtu: 1400
      policyAuditConfig:
        destination: "null"
        maxFileSize: 50
        rateLimit: 20
        syslogFacility: local0
    type: OVNKubernetes
  deployKubeProxy: false
  disableMultiNetwork: false
  disableNetworkDiagnostics: false
  logLevel: Normal
  managementState: Managed
  observedConfig: null
  operatorLogLevel: Normal
  serviceNetwork:
  - 172.30.0.0/16
  unsupportedConfigOverrides: null
  useMultiNetworkPolicy: false

Wait network operators reconcile

Result

The PRTG will show you a NetFlow information and sample graph like top talker top connection top protocol
Anyway, If you see the source and destination IPs are cluster IP in OpenShift it will not automatic translate to the pod name because the IP is registered only in OpenShift’s DNS. If you want to deep in detail I recommend here https://github.com/rcarrillocruz/goflow

Ref and Thank you!:
1. https://rcarrata.com/openshift/traffic-flow-ovn/

2. https://docs.openshift.com/container-platform/4.12/networking/ovn_kubernetes_network_provider/tracking-network-flows.html