Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Track (flow) conversations by application instead of src/dst port

Description

When doing flow processing we currently track conversation by the (location, protocol, host1, port1, host2, port2) tuple, where these hosts and ports are ordered in such a way that flows going in both directions use the same key.

This ends up effectivly tracking TCP (or UDP) sessions, which are relatively short lived. We would like to the modify the tracking to use the tagged application instead of the ports, resulting in a tuple like (location, protocol, host1, host2, application) instead.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Ronny Trommer December 14, 2018 at 4:07 PM

Started testing

David Hustace December 10, 2018 at 1:28 PM

+1 This makes a lot of sense, to me.

fooker December 9, 2018 at 3:43 PM

Jesse White December 8, 2018 at 6:41 PM

This will also require updates to the Helm plugin.

When viewing conversations in the flow deep dive tool (Grafana + Helm), the series graph panel should use the following format for label:
10.0.0.1 <-> 10.0.0.2 [HTTP] (In)
10.0.0.1 <-> 10.0.0.2 [HTTP] (Out)

The table panel should have the following columns:
Source IP, Dest. IP, Application, In, Out

Fixed

Details

Assignee

Reporter

Sprint

Fix versions

Priority

PagerDuty

Created December 8, 2018 at 6:37 PM
Updated February 6, 2019 at 9:37 AM
Resolved January 28, 2019 at 8:11 PM