How to Configure AWS VPC Traffic Mirroring

Learn how to seamlessly deploy this significant new capability for AWS cloud environments

The AWS Virtual Private Cloud (VPC) traffic mirroring feature lets you capture traffic from a specific ENI (Elastic Network Interface) to another ENI or to an AWS Load Balancer.

This is a step-by-step guide to configure AWS VPC traffic mirroring network traffic capture from an ENI to another ENI.

The steps involved are:

  1. Identify the source and destination ENIs
  2. Configure a Mirror Target
  3. Configure a Mirror Filter
  4. Configure the Mirror Session

Identify the source and destination ENIs

When you want to capture traffic from one EC2 ENI (an ENI is nothing more than a network interface card) and send it to a Skylight sensor’s ENI, you have to first identify them.

First, go to the AWS EC2 management view by clicking on the EC2 menu.

Then go to the Running Instances view to see all deployed EC2 instances.

Let’s assume that you want to monitor the OpenVPN EC2 ENI and send the corresponding traffic to the eth2 of the Skylight sensor’s PVX Datastore.

Select the source ENI (the OpenVPN EC2), click on the eth0 and take note of the corresponding interface ID.

Follow the same process to identify the eth2 interface of the Skylight sensor.

Configure the “Mirror Target”

Go the VPC management view.

Go to the Mirror Targets view.

Click on Create traffic mirror target.

You can provide an optional name tag as well as a description.

Then choose the target ENI corresponding to the Skylight sensor eth2 interface previously identified.

You can add optional tags, and when done, click on Create.

The target ENI is now configured.

Configure the “Mirror Filter”

Even if you do not want to filter any traffic from the source ENI, you still have to create a filter (which will on our case keep all traffic).

Go to the Mirror Filters menu and click on Create traffic mirror filter.

You can fill an optional name tag and if you do not need to filter any traffic, just click on Create.

The filter is created. Click on Close.

Configure the “Mirror Session”

The last step consists of configuring the mirror session.

Go to the Mirror Sessions view and click on Create traffic mirror session.

Fill in optional name tag and description and select the source ENI.

Select the previously configured mirror target.

Provide a session number (mandatory).

Optionally you can specify a VNI that will be used in the VXLAN encapsulated traffic.

Finally, select the previously configured filter and click on Create.

The traffic capture is now successfully created and is automatically enabled.

The corresponding traffic will be sent through VXLAN encapsulation.

Accedian is an AWS Partner and as such provides outstanding value for AWS monitoring. Accedian’s Skylight solution can be coupled with AWS VPC Traffic Mirroring to provide complete visibility for all “east-west” and “north-south” transaction traffic in the cloud. This enables you to rapidly detect performance degradations, anomalous behaviour, and other issues that can negatively impact your cloud applications.

Learn how Accedian Skylight provides outstanding value as an AWS monitoring solution.

For more information VPC traffic mirroring with AWS, visit: AWS VPC Traffic Mirroring