It must be possible to exclude network traffic which is partition local for example.
This can be achieved by switching network accounting from a interface based accounting to nftables based counters. We must then create counter rules for "ignored" networks and all other networks per vrf id.
The list if ignored networks is stored in the firewall crd. This is done from the gardener-extension-provider-metal which will ask metal-api to get these networks.
It must be possible to exclude network traffic which is partition local for example. This can be achieved by switching network accounting from a interface based accounting to nftables based counters. We must then create counter rules for "ignored" networks and all other networks per vrf id.
The list if ignored networks is stored in the firewall crd. This is done from the gardener-extension-provider-metal which will ask metal-api to get these networks.
@mwennrich @mwindower