The ip label associated with the top_(in|out)_(src_dst)_ips_(bytes|packets) flow metrics can have very high cardinality, primarily because source client IPs can be coming from anywhere. Depending on context, information about individual (client) IP addresses might have limited value, while aggregated measures might still prove useful. This ticket proposes one approach to reduce the cardinality of the ip label based on a list of subnets to summarize.

Instead of reporting on individual IP addresses, we could provide an option to summarize observed IPs based on their associated subnet. For those IP addresses where we would still want better visibility (even if covered by the subnet list), an exclusion list could also be supported.

A sample configuration for this might look like:

summarize_ips_by_subnet: true
subnets_for_summarization:
	- 0.0.0.0/24      # all IPs should be summarized as /24 (a.b.c.0)
exclude_ips_from_summarization:
	- 10.0.0.0/8.     # exclude all IPs in this subnet from summarization
	- 192.168.2.0/24