Remote flow mirroring configuration method on AR router series?

7

Only the version before V200R005C32 supports remote flow mirroring

By configuring the remote traffic mirroring, specific packets flows through the port can be replicated to the remote monitoring device for analysis and monitoring.

Before you configure remote flow mirroring, you need to configure the route protocol and GRE tunnel.

1.Configure remote viewing server
Operation steps
Run the following command system-view, access the system view.
Run the command observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ], configure the remote mirroring observation of server.
Note:
Destination-ip-address is monitor the device IP address, source-ip-address as a mirrored port IP address.

If the monitoring equipment and mirroring port IP address is the private address, in order to ensure communication between private network address in the public network, you need to configure the GRE tunnel.

2 configuration flow mirroring

Background information
In the traffic mirroring ,mirroring port application contains flow mirroring flow strategy. If the packets passing through a mirrored port matching traffic classification rules, the packet will be copied to the observing port.

Operation steps
a.Configure a traffic classifier.
Run the following command system-view, access the system view.
Run the command traffic classifier classifier-name [ operator { and | or } ], create a flow classification, into the traffic classifier view.
Run the following command if-match configuration according to the actual situation flow classifications of matching rules.
Run the following command quit, quit the traffic classifier view.


b. configuration flow behavior
Run the following command traffic behavior behavior-name, create a flow behavior to display the traffic behavior view.
Run the following command mirror to observe-port, will meet the rules of the traffic mirroring to the specified observing port.
Run the following command quit, exit the flow behavior view.
Run the following command quit, exit the system view.

c configuration flow strategy
Run the following command system-view, access the system view.
Run the following command traffic policy policy-name, create a flow policy and access the policy view, or by entering the name of an existing traffic policy view.
Run the following command classifier classifier-name behavior behavior-name, in the flow policy for the specified flow classification configuration flow behavior, which is required to bind the traffic classifier and traffic behavior.
Run the following command quit, exit the flow policy view.
Run the following command quit, exit the system view.

d application flow policy
Run the following command system-view, access the system view.
Run the command interface interface-type interface-number [.subinterface-number ], to enter the interface view.
Run the command traffic-policy policy-name { inbound | outbound }, at the outbound or inbound direction application flow policy.

Other related questions:
How to configure remote traffic mirroring on AR series routers
Remote traffic mirroring is only supported in V200R005C32 and earlier versions. By configuring remote traffic mirroring, you can replicate specific packets transmitted through an interface to remote monitoring devices for analysis and surveillance. Before configuring remote traffic mirroring, ensure that the routing protocol and GRE tunnels are configured. 1. Configure the remote observing server. Procedure Run the system-view command to enter the system view. Run the observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ] command to configure the observing server in remote traffic mirroring. Note: The destination-ip-address parameter indicates the IP address of the monitoring device. The source-ip-address parameter indicates the IP address of the mirroring interface. If the IP addresses of the monitoring device and the mirroring interface are private IP addresses, GRE tunnels must be configured first to ensure the interworking between private IP addresses on public networks. 2. Configure traffic mirroring. Background In traffic mirroring, the mirroring interface applies a traffic policy that includes traffic mirroring behavior. Packets that are transmitted through the interface and match the traffic classification rules are replicated to the observing interface. Procedure a. Configure the traffic classifier. Run the system-view command to enter the system view. Run the traffic classifier classifier-name [ operator { and | or } ] command to create a traffic classifier and enter the view of the traffic classifier. Run the if-match command to configure the matching rule of the traffic classifier. Run the quit command to quit the view of the traffic classifier. b. Configure the traffic behavior. Run the traffic behavior behavior-name command to create traffic behavior and enter the view of the traffic behavior. Run the mirror to observe-port command to mirror traffic that matches the rule to the specified observing interface. Run the quit command to quit the view of the traffic behavior. Run the quit command to quit the system view. c. Configure the traffic policy. Run the system-view command to enter the system view. Run the traffic policy policy-name command to create a traffic policy and enter the view of the traffic policy, or directly enter the view of an existing traffic policy. Run the classifier classifier-name behavior behavior-name command to configure the traffic behavior of specified traffic classifiers in the traffic policy, that is, bind the traffic behavior to the specified traffic classifier. Run the quit command to quit the view of the traffic policy. Run the quit command to quit the system view. d. Apply the traffic policy. Run the system-view command to enter the system view. Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view. Run the traffic-policy policy-name { inbound | outbound } to apply the traffic policy in the inbound or outbound direction of the interface.

How to configure remote interface mirroring on AR series routers
Remote interface mirroring is only supported in V200R005C32 and earlier versions. By configuring remote interface mirroring, you can replicate the packets transmitted through the interface to remote monitoring devices for analysis and surveillance. Before configuring remote interface mirroring, ensure that the routing protocol and GRE tunnels are configured. 1. Configure the remote observing server. Procedure Run the system-view command to enter the system view. Run the observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ] command to configure the observing server in remote interface mirroring. Note: The destination-ip-address parameter indicates the IP address of the monitoring device. The source-ip-address parameter indicates the IP address of the mirroring interface. If the IP addresses of the monitoring device and the mirroring interface are private IP addresses, GRE tunnels must be configured first to ensure the interworking between private IP addresses on public networks. 2. Configure the remote mirroring interface. Background A mirroring interface can be an IP-Trunk interface, an Ethernet interface, or an Eth-Trunk interface. - If an Eth-trunk interface is configured as a mirroring interface, a member interface of the Eth-trunk interface cannot be configured as a mirroring interface separately. If you want to configure a member interface of the Eth-trunk as a mirroring interface, you must unbind the member interface from the Eth-trunk interface. - If a member interface of an Eth-trunk is configured as a mirroring interface, the Eth-trunk interface cannot be configured as a mirroring interface. If you want to configure the Eth-trunk interface as a mirroring interface, you must unbind the member interface that is configured as the mirroring interface from the Eth-trunk interface. Procedure Run the system-view command to enter the system view. Run the interface interface-type interface-number command to enter the interface view. Run the mirror to observe-server{ both | inbound | outbound } command to configure the remote mirroring interface.

The configuration method of the remote port mirroring session on AR series router ?
Only the version before V200R005C32 supports remote port mirroring session. By configuring the remote port mirroring session, you can copy flows through the port of the packets to the remote monitoring device for analysis and monitoring. Before configure the remote port mirroring session , you need to configure the routing protocol and GRE tunnel. 1.Configure remote viewing server Operation steps Run the following command system-view, access the system view. Run the command observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ], configure the remote mirroring observation server. Note: Destination-ip-address is IP address of monitor the device , source-ip-address is a mirrored port IP address. If the monitoring equipment and mirroring port IP address is the private address, in order to ensure communication between private network address in the public network, you need to configure the GRE tunnel. Configure remote mirroring port 2 Background information The mirroring port can be IP-Trunk interface, ethernet interface or Eth-Trunk interface. Eth-trunk -if you have already configured as the mirroring port, it is impossible to separate configuration its member port as a mirrored port. If you want to configure a member port as a mirrored port, you need to cancel the binding function. -If a member port the of Eth-trunk is configured as a mirrored port, it is impossible to configuration Eth-trunk as the mirror port. If you want to configure the Eth-trunk as a mirrored port, you need to first cancle the mirroring port on the member interfaces . Operation steps Run the following command system-view, access the system view. Run the following command interface interface-type interface-number, access the interface view. Run the command mirror to observe-server{ both | inbound | outbound }, configure remote mirroring port.

How to configure local interface mirroring on AR series routers
By configuring local interface mirroring, you can replicate the packets transmitted through the interface to local monitoring devices for analysis and surveillance. Before configuring local interface mirroring, ensure that the link protocol state of the interface is Up. 1. Configure the local observing interface. Background In local interface mirroring, monitoring devices are directly connected to the observing interface. It is recommended that other configurations should not be performed on an interface that is configured as the observing interface to prevent its mirroring function from being affected: - If not only the mirroring packets but also the packets of other services are transmitted through the observing interface, the source of the packets cannot be distinguished. - If traffic congests on the observing interface, mirroring packets may be discarded because the priority of the mirroring packets is lower. Procedure Run the system-view command to enter the system view. Run the observe-port interface interface-type interface-number command to configure the local observing interface. 2. Configure the local mirroring interface. Background An interface of any type can be configured as a mirroring interface. If an Eth-trunk interface is configured as a mirroring interface, a member interface of the Eth-trunk interface cannot be configured as a mirroring interface separately. If you want to configure a member interface of the Eth-trunk as a mirroring interface, you must unbind the member interface from the Eth-trunk interface. If a member interface of an Eth-trunk is configured as a mirroring interface, the Eth-trunk interface cannot be configured as a mirroring interface. If you want to configure the Eth-trunk interface as a mirroring interface, you must unbind the member interface that is configured as the mirroring interface from the Eth-trunk interface. Procedure Run the system-view command to enter the system view. Run the interface interface-type interface-number command to enter the interface view. Run the mirror to observe-port { both | inbound | outbound } [ exclude-link-head ] command to configure the local mirroring interface.

How to configure local traffic mirroring on AR series routers
By configuring local traffic mirroring, you can replicate specific packets transmitted through an interface to local monitoring devices for analysis and surveillance. Prerequisites Before configuring local traffic mirroring, ensure that the link protocol state of the interface is Up. 1. Configure the local observing interface. Background In local traffic mirroring, monitoring devices are directly connected to the observing interface. It is recommended that other configurations should not be performed on an interface that is configured as the observing interface to prevent its mirroring function from being affected: - If not only the mirroring packets but also the packets of other services are transmitted through the observing interface, the source of the packets cannot be distinguished. - If traffic congests on the observing interface, mirroring packets may be discarded because the priority of the mirroring packets is lower. Procedure Run the system-view command to enter the system view. Run the observe-port interface interface-type interface-number command to configure the local observing interface. 2. Configure traffic mirroring. Background In traffic mirroring, the mirroring interface applies a traffic policy that includes traffic mirroring behavior. Packets that are transmitted through the interface and match the traffic classification rules are replicated to the observing interface. Procedure a. Configure the traffic classifier. Run the system-view command to enter the system view. Run the traffic classifier classifier-name [ operator { and | or } ] command to create a traffic classifier and enter the view of the traffic classifier. Run the if-match command to configure the matching rule of the traffic classifier based on actual requirements. Run the quit command to quit the view of the traffic classifier. b. Configure the traffic behavior. Run the traffic behavior behavior-name command to create traffic behavior and enter the view of the traffic behavior. Run the mirror to observe-port command to mirror traffic that matches the rule to the specified observing interface. Run the quit command to quit the view of the traffic behavior. Run the quit command to quit the system view. c. Configure the traffic policy. Run the system-view command to enter the system view. Run the traffic policy policy-name command to create a traffic policy and enter the view of the traffic policy, or directly enter the view of an existing traffic policy. Run the classifier classifier-name behavior behavior-name command to configure the traffic behavior of specified traffic classifiers in the traffic policy, that is, bind the traffic behavior to the specified traffic classifier. Run the quit command to quit the view of the traffic policy. Run the quit command to quit the system view. d. Apply the traffic policy. Run the system-view command to enter the system view. Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view. Run the traffic-policy policy-name { inbound | outbound } to apply the traffic policy in the inbound or outbound direction of the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top