Defining a Traffic Policy for Mirrored Traffic

Configure a traffic classifier to define flows to be mirrored, configure a traffic behavior as enabling flow mirroring, and associate the traffic classifier with traffic behavior in a traffic policy.

Procedure

Define a traffic classifier.
1. Enter the system view.
  system-view
2. Define a traffic classifier and enter the traffic classifier view.
  traffic classifier classifier-name [ operator { and | or } ]
  
  The classifier name specified by the classifier-name parameter cannot be a predefined classifier name in the system. For details about traffic classification, see HUAWEI NetEngine 8000 F Series Router Configuration Guide - QoS.
3. Run the following commands based on the networking:
  - To define a rule to match traffic with a specified 802.1p priority value in VLAN packets, run the if-match 8021p 8021p-value command.
  - To define an ACL rule, run the if-match [ ipv6 ] acl { acl-number | name acl-name } command.
  - To define a rule to match all packets, run the if-match [ ipv6 ] any command.
  - To define a rule to match traffic with a specified destination MAC address, run the if-match destination-mac mac-address command.
  - To define a rule to match traffic with a specified destination IPv6 address, run the if-match ipv6 destination-address ipv6-address prefix-length command.
  - To define a rule to match traffic with a specified source IPv6 address, run the if-match ipv6 source-address ipv6-address prefix-length command.
  - To define a rule to match traffic with a specified DSCP value, run the if-match [ ipv6 ] dscp dscp-value command.
  - To define a rule to match traffic with a specified MPLS EXP value, run the if-match mpls-exp exp-value command.
  - To define a rule to match traffic with a specified IP packet priority value, run the if-match ip-precedence ip-precedence command.
  - To define a rule to match traffic based on the next header field in IPv6 packets, run the if-match ipv6 next-header header-number first-next-header command.
  - To define a rule to match traffic with a specified source MAC address, run the if-match source-mac mac-address command.
  - To define a rule to match traffic based on the IPv4 TCP flag, run the if-match tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg | ece | cwr | ns } } command.
  - To define a rule to match traffic based on the IPv6 TCP flag, run the if-match ipv6 tcp syn-flag { tcpflag-value [ mask tcpflag-mask ] | bit-match { established | fin | syn | rst | psh | ack | urg } } command.
  You can configure one or several rules in Step 3 as needed.
  On a device functioning as a PE, run either or both of the following commands as needed:
  To apply a rule to match against IP layer information carried in packets that leave the public network, run the traffic-policy match-ip-layer mpls-pop command in the slot view.
  
  To apply a rule to match against IP layer information carried in packets that enter the public network, run the traffic-policy match-ip-layer mpls-push command in the slot view.
4. Commit the configuration.
  commit
5. Return to the user view.
  return
Define the traffic behavior and enable flow mirroring.
1. Enter the system view.
  system-view
2. Configure a traffic behavior and enter the traffic behavior view.
  traffic behavior behavior–name
3. Enable flow mirroring.
  port-mirroring enable
4. (Optional) Configure the CAR rate limit for mirrored traffic.
  port-mirroring car cir cir-value [ pir pir-value ] [ cbs cbs-value [ pbs pbs-value ] ]
5. (Optional) Set the length of packet content to be mirrored.
  port-mirroring slice-size slice-size-value
6. Commit the configuration.
  commit
7. Return to the user view.
  return
Define a traffic policy to associate the traffic classifier with the traffic behavior.
1. Enter the system view.
  system-view
2. Configure a traffic policy and enter the traffic policy view.
  traffic policy policy-name
3. Associate the traffic behavior with the traffic classifier in the traffic policy.
  classifier classifier-name behavior behavior-name
4. Commit the configuration.
  commit