Traffic monitor
Updated at:2025-10-16
Traffic Monitor can filter traffic from EIPs based on quintuple conditions, forwarding or copying the traffic to BLB instances for scenarios like security auditing, issue resolution, and business analysis.
Before Configuration, users should understand:
- Mirror Source: Mirror traffic is not restricted by security group policies.
- Mirror destination: Due to security group policy restrictions, the security group containing the mirror destination must allow UDP traffic on destination port 4789 from the mirror destination IP.
- If no filtering rules are defined within the criteria, no traffic will be mirrored.
- Each filter condition supports a maximum of 10 filtering rules.
- A maximum of 50 filter criteria can be set for a single region.
- Each account can support up to 1,000 mirror sessions per region.
- A single mirror source can support the creation of only 1 mirror session.
- A single mirror session allows the addition of only 1 mirror source.
- A single mirror destination can be utilized by a maximum of 200 mirror sessions.
Create filter criteria
- In the Network Diagnostic Services (NDS) console, navigate to Traffic Mirror in the left-side menu, and then select Filter Conditions from the top navigation bar to access the Filter Conditions page.
- Click the Create Filter Criteria button to enter the Configuration page.
- In the Basic Information section, input the filter criteria name and description.
- Under the Ingress and Egress tabs in the rule configuration area, click Add Rule and fill in the following configuration information:
| Parameters | Description |
|---|---|
| Priority | With a range of 1–1,000, lower values represent higher priority. Rule matching occurs in sequence from highest to lowest priority. If two rules are identical except for their policies, the deny rule will override the allow rule. |
| Protocol | Supported protocols: - All protocols: Any protocols. - TCP: Transmission Control Protocol. - UDP: User Datagram Protocol. - ICMP: Internet Control Message Protocol. |
| Source IP | Specify the source address range for network traffic. |
| Source port | Set the source port range for network traffic, within a range of 0–65,535. |
| Destination IP | Specify the destination address range for network traffic. |
| Destination port | Set the destination port range for network traffic, within a range of 0–65,535. |
| Policy | Rule collection strategy: - Collect: Collect network traffic. - Not Collect: Network Traffic is not collected. |
| Remarks | Edit the remark information associated with the rule. |
- Click OK to finalize the creation of the filter criteria.
Create a mirror session.
- In the Network Diagnostic Services (NDS) console, navigate to Traffic Mirror in the left-side menu, and then click on Mirror Session from the top navigation bar to open the Mirror Session page.
- Click the Create Mirror Session button to move to the Configuration page.
- Fill in the following configuration information:
| ConfigMap | Description |
|---|---|
| Name | Personalize the mirror session name. |
| Source type | Supports elastic public IPs and enhanced NAT gateway types. |
| Mirror source | Choose the instance that requires mirrored traffic. |
| Filter criteria | Select the filtering criteria. |
| Destination type | Currently, only load balancer types are supported. |
| Mirror destination | Set a load balancer instance as the mirror destination. Note: The listener for the load balancer must be configured as UDP:4789. |
| Specify VNI | Provide a VXLAN Network Identifier (VNI) to differentiate mirror traffic. The value range is 0–16777215. If not provided, a VNI will be randomly assigned. |
| Packet length | Specify the number of bytes to mirror from each data packet, with a range of 100–1,500. If not specified, the entire packet will be mirrored. |
| Description | Update the description details related to the mirror session. |
Step 4: Click OK to finalize the creation of the filter criteria.
Description:
- After successfully creating a mirror session, it is enabled by default. To stop mirrored traffic, you can manually pause the mirror session if needed.
Suspend mirror session.
- In the Network Diagnostic Services (DNS) console, go to Traffic Mirror in the left-hand navigation bar, and then click on Mirror Session in the navigation options to access the Mirror Session page.
- Choose the mirror session you want to suspend, then click Pause in the Operations menu.
Description:
- After successfully creating a mirror session, it is enabled by default. To stop mirrored traffic, you can manually pause the mirror session if needed.
Enable mirror session
- In the Network Diagnostic Services (DNS) console, go to Traffic Mirror in the left-hand navigation bar, and then click on Mirror Session in the navigation options to access the Mirror Session page.
- Choose the mirror session you want to enable, then click Enable in the Operations menu.
Edit mirror session
- In the Network Diagnostic Services (DNS) console, go to Traffic Mirror in the left-hand navigation bar, and then click on Mirror Session in the navigation options to access the Mirror Session page.
- Choose the mirror session you want to edit, and click Edit in the Operations menu.
- On the edit page, you can modify the name, filter criteria, specified VNI, packet length, and description.
Delete mirror session
- In the Network Diagnostic Services (DNS) console, go to Traffic Mirror in the left-hand navigation bar, and then click on Mirror Session in the navigation options to access the Mirror Session page.
- Select the mirror session you want to delete, and click Delete above the list.
Delete filter criteria
- In the Network Diagnostic Services (NDS) console, navigate to Traffic Mirror in the left-side menu, and then select Filter Conditions from the top navigation bar to access the Filter Conditions page.
- Choose the filter criteria you want to delete, and click Delete in the Operations menu.
Description:
- If a filter criterion is associated with a mirror session, you must first remove the association before deleting it.