EU-Vietnam Business Network (EVBN) > Noindex > What is Traffic Mirroring? – Amazon Virtual Private Cloud

What is Traffic Mirroring? – Amazon Virtual Private Cloud

What is Traffic Mirroring?

Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network
interface of type interface. You can then send the traffic to out-of-band security
and monitoring appliances for:

  • Content inspection

  • Threat monitoring

  • Troubleshooting

The security and monitoring appliances can be deployed as individual instances, or as a
fleet of instances behind either a Network Load Balancer with a UDP listener or a Gateway Load Balancer with a
UDP listener. Traffic Mirroring supports filters and packet truncation, so that you only extract the traffic
of interest to monitor by using monitoring tools of your choice.

Traffic Mirroring concepts

The following are the key concepts for Traffic Mirroring:

  • Source — The network interface to monitor.

  • Target — The destination for mirrored
    traffic.

  • Filter — A set of rules that defines the traffic
    that is copied in a traffic mirror session.

  • Session — An entity that describes Traffic Mirroring from a
    source to a target using filters.

Working with Traffic Mirroring

You can create, access, and manage your traffic mirror resources using any of the
following:

  • AWS Management Console— Provides a web interface that you
    can use to access your traffic mirror resources.

  • AWS Command Line Interface (AWS CLI) — Provides commands for a
    broad set of AWS services, including Amazon VPC. The AWS CLI is supported on Windows, macOS, and
    Linux. For more information, see AWS Command Line Interface.

  • AWS SDKs — Provide language-specific APIs.
    The AWS SDKs take care of many of the connection details, such as calculating
    signatures, handling request retries, and handling errors. For more information, see
    AWS SDKs.

  • Query API— Provides low-level API actions that
    you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC.
    However, it requires that your application handle low-level details such as generating the
    hash to sign the request and handling errors. For more information, see the
    Amazon EC2 API Reference.

Traffic Mirroring benefits

Traffic Mirroring offers the following benefits:

  • Simplified operation — Mirror any range of
    your VPC traffic without having to manage packet forwarding agents on your EC2
    instances.

  • Enhanced security — Capture packets at the
    elastic network interface, which cannot be disabled or tampered with from a user
    space.

  • Increased monitoring options — Send your
    mirrored traffic to any security device.

Pricing

For information about pricing, see VPC
pricing.

Bài viết liên quan
Bài viết mới
Thể Thao nổi bật