What is Traffic Mirroring? – Amazon Virtual Private Cloud
Mục Lục
What is Traffic Mirroring?
Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network
interface of type interface
. You can then send the traffic to out-of-band security
and monitoring appliances for:
-
Content inspection
-
Threat monitoring
-
Troubleshooting
The security and monitoring appliances can be deployed as individual instances, or as a
fleet of instances behind either a Network Load Balancer with a UDP listener or a Gateway Load Balancer with a
UDP listener. Traffic Mirroring supports filters and packet truncation, so that you only extract the traffic
of interest to monitor by using monitoring tools of your choice.
Traffic Mirroring concepts
The following are the key concepts for Traffic Mirroring:
-
Source — The network interface to monitor.
-
Target — The destination for mirrored
traffic. -
Filter — A set of rules that defines the traffic
that is copied in a traffic mirror session. -
Session — An entity that describes Traffic Mirroring from a
source to a target using filters.
Working with Traffic Mirroring
You can create, access, and manage your traffic mirror resources using any of the
following:
-
AWS Management Console— Provides a web interface that you
can use to access your traffic mirror resources. -
AWS Command Line Interface (AWS CLI) — Provides commands for a
broad set of AWS services, including Amazon VPC. The AWS CLI is supported on Windows, macOS, and
Linux. For more information, see AWS Command Line Interface. -
AWS SDKs — Provide language-specific APIs.
The AWS SDKs take care of many of the connection details, such as calculating
signatures, handling request retries, and handling errors. For more information, see
AWS SDKs. -
Query API— Provides low-level API actions that
you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC.
However, it requires that your application handle low-level details such as generating the
hash to sign the request and handling errors. For more information, see the
Amazon EC2 API Reference.
Traffic Mirroring benefits
Traffic Mirroring offers the following benefits:
-
Simplified operation — Mirror any range of
your VPC traffic without having to manage packet forwarding agents on your EC2
instances. -
Enhanced security — Capture packets at the
elastic network interface, which cannot be disabled or tampered with from a user
space. -
Increased monitoring options — Send your
mirrored traffic to any security device.
Pricing
For information about pricing, see VPC
pricing.