Help Center/ Virtual Private Cloud/ User Guide/ Traffic Mirroring/ Mirror Filters/ Creating a Mirror Filter
Updated on 2024-08-07 GMT+08:00
View PDF
Share

Creating a Mirror Filter

Scenarios

A mirror filter is a set of inbound rules and outbound rules to determine the traffic that is mirrored. You can specify matching criteria, such as priority and action for each rule.

  • Inbound rules match the traffic received by a mirror source.
  • Outbound rules match the traffic sent by a mirror source.

A mirror filter takes effect only after it is associated with mirror sessions.

Mirror Filter Rule Examples

Table 1 shows rules in a mirror filter and describes how the mirror session filters traffic using the mirror filter.
Table 1 Traffic filtering description

Direction

Priority

Protocol

Action

Type

Source

Source Port Range

Destination

Destination Port Range

Filtering Description

Inbound

1

TCP

Accept

IPv4

172.16.0.0/24

10000-10001

10.0.0.3/32

80-80

If traffic enters a network interface of the mirror source, the mirror session will mirror packets that meet the following rule:

TCP (IPv4) packets from source 172.16.0.0/24 over port 10000 or 10001 to destination 10.0.0.3/32 over port 80

Outbound

1

All

Reject

IPv4

192.168.0.0/24

All

10.2.0.0/24

All

If traffic leaves a network interface of the mirror source, the mirror session will not mirror packets that meet the following rule:

IPv4 packets from source 192.168.0.0/24 over any port to destination 10.2.0.0/24 over any port.

Procedure

  1. Go to the mirror filter list page.
  2. In the upper right corner of the mirror filter list, click Create Mirror Filter.

    The Create Mirror Filter page is displayed.

  3. Set basic information about the mirror filter as prompted.
    Table 2 Parameters for configuring basic information

    Parameter

    Description

    Example Value

    Name

    Mandatory

    Enter the name of the mirror filter. The name:
    • Must contain 1 to 64 characters.
    • Can contain letters, digits, underscores (_), hyphens (-), and periods (.).

    mirror-filter-01

    Description

    Optional

    Enter the description of the mirror filter in the text box as required.

    -
  4. Click Add Rule in the Inbound Rules area to add inbound rules.
    You can click to add more inbound rules.
    Table 3 Inbound rule parameter description

    Parameter

    Description

    Example Value

    Priority
    Priority of a mirror filter rule.
    • A priority value can be from 1 to 65535. A smaller value indicates a higher priority.
    • Priorities of inbound rules must be unique for each mirror filter.

    A mirror filter can contain multiple rules and the rules are matched in ascending order of priority.

    For details, see the matching process of mirror filter rules.

    1

    Protocol
    Select a network protocol.
    • If you select TCP, you can customize the source and destination port ranges.
    • If you select UDP, you can customize the source and destination port ranges.
    • If you set Type to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default.
    • If you set Type to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default.
    • If you select All, all network protocols are supported and all ports are specified for source and destination port ranges by default.

    TCP

    Action
    Whether to accept or reject inbound traffic of a mirror source.
    • If you set Action to Accept, the traffic will be mirrored to the mirror target.
    • If you set Action to Reject, the traffic will not be mirrored to the mirror target.

    Accept

    Type
    IP address version of inbound traffic. You can specify:
    • IPv4
    • IPv6

    IPv4

    Source
    Source of inbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    10.0.0.0/24

    Source Port Range
    Source port range of inbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    22-23

    Destination
    Destination of inbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    0.0.0.0/0

    Destination Port Range
    Destination port range of inbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    1-65535

    Description

    Enter the description of the mirror filter rule in the text box as required.

    -
  5. Click OK.
  6. Click Add Rule in the Outbound Rules area to add outbound rules.
    You can click to add more outbound rules.
    Table 4 Outbound rule parameter description

    Parameter

    Description

    Example Value

    Priority
    Priority of a mirror filter rule.
    • A priority value can be from 1 to 65535. A smaller value indicates a higher priority.
    • Priorities of inbound rules must be unique for each mirror filter.

    A mirror filter can contain multiple rules and the rules are matched in ascending order of priority.

    For details, see the matching process of mirror filter rules.

    1

    Protocol
    Select a network protocol.
    • If you select TCP, you can customize the source and destination port ranges.
    • If you select UDP, you can customize the source and destination port ranges.
    • If you set Type to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default.
    • If you set Type to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default.
    • If you select All, all network protocols are supported and all ports are specified for source and destination port ranges by default.

    All

    Action
    Whether to accept or reject outbound traffic of a mirror source.
    • If you set Action to Accept, the traffic will be mirrored to the mirror target.
    • If you set Action to Reject, the traffic will not be mirrored to the mirror target.

    Reject

    Type
    IP address version of outbound traffic. You can specify:
    • IPv4
    • IPv6

    IPv4

    Source
    Source of outbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    192.168.0.0/24

    Source Port Range

    Source port range of outbound traffic.

    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    All

    Destination
    Destination of outbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    10.2.0.0/24

    Destination Port Range
    Destination port range of outbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    All

    Description

    Enter the description of the mirror filter rule in the text box as required.

    -
  7. Click OK.
  8. After setting the parameters, click Create Now.

    The mirror filter list page is displayed.

Follow-up Operations

A mirror filter takes effect only after it is associated with mirror sessions. Each mirror session only can have one mirror filter associated.
Parent Topic: Mirror Filters