Traffic mirror sessions
A traffic mirror session establishes a relationship between a traffic mirror source and a traffic mirror target. For more information, see Traffic mirror session concepts.
A traffic mirror session contains the following resources:
You can create a traffic mirror session only if you are the owner of the network interface or the subnet for the traffic mirror source.
Tasks
Create a traffic mirror session
To create a traffic mirror session using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
In the Region selector, choose the Amazon Region that you used when you created the VPCs.
In the navigation pane, choose Traffic Mirroring, Mirror sessions.
-
Choose Create traffic mirror session.
-
(Optional) For Name tag, enter a name for the traffic mirror session.
-
(Optional) For Description, enter a description for the traffic mirror session.
-
For Mirror source, choose the network interface of the mirror source.
-
For Mirror target, choose an existing traffic mirror target or choose Create target to create one. For more information, see Create a traffic mirror target.
If the mirror target is owned by another account and shared with you, you must first accept the resource share.
-
For Additional settings, do the following:
-
For Session number, enter the session number. The valid values are 1 to 32,766, where 1 is the highest priority. Sessions are evaluated based on the priority indicated by this session number.
-
(Optional) For VNI, enter the VXLAN ID to use for the traffic mirror session. For more information about the VXLAN protocol, see RFC 7348
. If you do not enter a value, we assign a random number.
-
(Optional) For Packet Length, enter the number of bytes in each packet to mirror.
To mirror the entire packet, do not enter a value. To mirror only a portion of each packet, set this value to the number of bytes to mirror. For example, if you set this value to 100, the first 100 bytes after the VXLAN header that meet the filter criteria are copied to the target.
-
For Filter, choose an existing traffic mirror filter. Alternatively, choose Create filter. For more information, see Step 2: Create the traffic mirror filter.
-
-
(Optional) For each tag to add, choose Add new tag and enter the tag key and tag value.
-
Choose Create.
To create a traffic mirror session using the Amazon CLI
Use the create-traffic-mirror-session command.
View your traffic mirror sessions
To view your traffic mirror sessions using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
In the navigation pane, choose Traffic Mirroring, Mirror sessions.
-
Select the ID of the traffic mirror session to open its details page.
To view your traffic mirror session using the Amazon CLI
Use the describe-traffic-mirror-sessions command.
Modify your traffic mirror session
To modify your traffic mirror session using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
In the navigation pane, choose Traffic Mirroring, Mirror sessions.
-
Select the radio button for the traffic mirror session.
-
Choose Actions, Modify session.
-
(Optional) For Description, enter a description for the traffic mirror session.
-
For Mirror target, choose an existing traffic mirror target or choose Create target to create one. For more information, see Create a traffic mirror target.
-
For Additional settings, do the following:
-
For Session number, enter the session number. The valid values are 1 to 32,766, where 1 is the highest priority.
-
(Optional) For VNI, enter the VXLAN ID to use for the traffic mirror session. For more information about the VXLAN protocol, see RFC 7348
. If you do not enter a value, we assign a random unused number.
-
(Optional) For Packet Length, enter the number of bytes in each packet to mirror.
To mirror the entire packet, do not enter a value. To mirror only a portion of each packet, set this value to the number of bytes to mirror. For example, if you set this value to 100, the first 100 bytes after the VXLAN header that meet the filter criteria are copied to the target.
-
For Filter, choose the traffic mirror filter that determines what traffic gets mirrored.
-
-
Choose Modify.
To modify your traffic mirror session using the Amazon CLI
Use the modify-traffic-mirror-session command.
Modify traffic mirror session tags
To modify your traffic mirror session tags using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
In the navigation pane, choose Traffic Mirroring, Mirror sessions.
-
Select the ID of the traffic mirror session to open its details page.
-
On the Tags tab, choose Manage tags.
-
(Optional) For each tag to add, choose Add new tag and enter the tag key and tag value. For each tag to remove, choose Remove.
-
Choose Modify.
To modify your traffic mirror session using the Amazon CLI
Use the create-tags command to add a tag. Use the delete-tags command to remove a tag.
Delete a traffic mirror session
You are charged on an hourly basis for each active traffic mirror session. To stop all Traffic Mirroring charges, you must delete all active traffic mirror sessions. If you delete the network interface for the traffic mirror source, the traffic mirror sessions for the source are deleted automatically.
To delete your traffic mirror session using the console
-
Open the Amazon VPC console at https://console.amazonaws.cn/vpc/
. -
On the navigation pane, choose Traffic Mirroring, Mirror sessions.
-
Select the traffic mirror session, and then choose Actions, Delete.
-
When prompted for confirmation, enter
delete, and then choose Delete.
To delete a traffic mirror session using the Amazon CLI
Use the delete-traffic-mirror-session command.