How to configure remote traffic mirroring on AR series routers

Remote traffic mirroring is only supported in V200R005C32 and earlier versions.

By configuring remote traffic mirroring, you can replicate specific packets transmitted through an interface to remote monitoring devices for analysis and surveillance.

Before configuring remote traffic mirroring, ensure that the routing protocol and GRE tunnels are configured.

1. Configure the remote observing server.
Procedure
Run the system-view command to enter the system view.
Run the observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ] command to configure the observing server in remote traffic mirroring.
Note:
The destination-ip-address parameter indicates the IP address of the monitoring device. The source-ip-address parameter indicates the IP address of the mirroring interface.

If the IP addresses of the monitoring device and the mirroring interface are private IP addresses, GRE tunnels must be configured first to ensure the interworking between private IP addresses on public networks.

2. Configure traffic mirroring.

Background
In traffic mirroring, the mirroring interface applies a traffic policy that includes traffic mirroring behavior. Packets that are transmitted through the interface and match the traffic classification rules are replicated to the observing interface.

Procedure
a. Configure the traffic classifier.
Run the system-view command to enter the system view.
Run the traffic classifier classifier-name [ operator { and | or } ] command to create a traffic classifier and enter the view of the traffic classifier.
Run the if-match command to configure the matching rule of the traffic classifier.
Run the quit command to quit the view of the traffic classifier.


b. Configure the traffic behavior.
Run the traffic behavior behavior-name command to create traffic behavior and enter the view of the traffic behavior.
Run the mirror to observe-port command to mirror traffic that matches the rule to the specified observing interface.
Run the quit command to quit the view of the traffic behavior.
Run the quit command to quit the system view.

c. Configure the traffic policy.
Run the system-view command to enter the system view.
Run the traffic policy policy-name command to create a traffic policy and enter the view of the traffic policy, or directly enter the view of an existing traffic policy.
Run the classifier classifier-name behavior behavior-name command to configure the traffic behavior of specified traffic classifiers in the traffic policy, that is, bind the traffic behavior to the specified traffic classifier.
Run the quit command to quit the view of the traffic policy.
Run the quit command to quit the system view.

d. Apply the traffic policy.
Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the traffic-policy policy-name { inbound | outbound } to apply the traffic policy in the inbound or outbound direction of the interface.

Scroll to top