< Home

Concepts of Mirroring

Definition

Mirroring copies (or mirrors) traffic received or sent (or both) on a specified source to a destination port for analysis. The specified source is called mirrored source, the destination port is called observing port, and the copied traffic is called mirrored traffic.

Mirroring sends a copy of the traffic through an observing port on a switch to a monitoring device for service analysis, without affecting the processing of original traffic on the source.

Figure 1 Example of mirroring

Mirrored Port and Observing Port

In Figure 1, all original traffic on the two source ports (mirrored ports) is mirrored to a destination port (the observing port), and the observing port sends the mirrored traffic to monitoring device. Observing ports are classified into three types based on how observing ports are connected to the monitoring device.

  • Local observing port: is directly connected to a monitoring device. These ports are used for local mirroring.
  • Layer 2 remote observing port: is connected to a monitoring device across a Layer 2 network. These ports are used for Layer 2 remote mirroring.
  • Layer 3 remote observing port: is connected to a monitoring device across a Layer 3 network. These ports are used for Layer 3 remote mirroring. Huawei S series fixed switches do not support Layer 3 remote mirroring.

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other.

If mirroring is deployed on many ports of a switch, a great deal of internal forwarding bandwidth will be occupied, affecting the forwarding of other services. Additionally, if mirrored and observing ports provide different bandwidths, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port may fail to forward all mirrored traffic in a timely manner due to insufficient bandwidth, leading to packet loss.

Mirrored Source

Mirrored sources can be any one of the following:
  • Port: Traffic received or sent on a specified port is copied to an observing port. This mirroring function is port mirroring.
  • VLAN: Traffic received on all active ports in a specified VLAN is copied to an observing port. This mirroring function is VLAN mirroring.
  • MAC address: Traffic with a specified source or destination MAC address in a given VLAN is copied to an observing port. This mirroring function is MAC address mirroring.
  • Traffic: Traffic matching specified rules is copied to an observing port. This mirroring function is traffic mirroring.

Mirroring Directions

Mirroring directions define whether received or sent (or both) traffic is copied from mirrored ports to observing ports:

  • Inbound: The switch sends a copy of traffic received by mirrored ports to observing ports. This mirroring function is inbound mirroring.

  • Outbound: The switch sends a copy of traffic sent by mirrored ports to observing ports. This mirroring function is outbound mirroring.

  • Both: The switch sends a copy of traffic received and sent by mirrored ports to observing ports.

Parent Topic: Mirroring Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >