Overview

Last updated: 2020-09-16 17:10:09

    Traffic mirror provides a traffic collection service that filters and copies desired traffic from ENI to CVM clusters in the same VPC. This feature is applicable to scenarios including security audit, risk monitoring, troubleshooting and business analysis.

    Note:

    However, traffic mirror consumes CVM resources such as CPU, memory and bandwidth pro rata. For example, assume you mirror a ENI that has 1 Gbps of inbound traffic and 1 Gbps of outbound traffic. In this case, the instance needs to handle 1 Gbps of inbound traffic and 3 Gbps of outbound traffic (1 Gbps for the outbound traffic, 1 Gbps for the mirrored inbound traffic and 1 Gbps for the mirrored outbound traffic).

    Procedure

    The following are key components of a traffic mirror, together with its workflow.

    • Source: the specified ENI in the VPC that applies the filter rules such as network, collection range, collection type and traffic filtering.
    • Target: the receiving IPs that get the collected traffic.

    Use Cases

    Security auditing

    A running system may occur unhealthy network traffic or generate an error message due to software exception, hardware fault, computer virus or improper use. To locate causes of these issues, you can use traffic mirror to analyze the network messages.

    Intrusion checking

    To ensure the confidentiality, integrity and availability of network system resources, you can use traffic mirror to copy traffic to CVM clusters for real-time analysis.

    Business analysis

    Use traffic mirror to clearly and visually present the business traffic mode.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help