Defining a Mirroring Traffic Policy and Applying It Globally

This section describes how to use a traffic classifier to define the traffic to be mirrored, specify flow mirroring for a traffic behavior, define a traffic policy that associates the traffic classifier with the traffic behavior, and apply the traffic policy globally.

Context

When more precise analysis of user traffic is required, you can configure a mirroring traffic policy and apply it globally. In this way, only the packets that meet specified filtering conditions are copied to the observing port for analysis.

Procedure

Configure an ACL.
1. Run system-view
  The system view is displayed.
2. Run acl name ucl-acl-name ucl [ match-order { auto | config } ]
  A named ACL is created, and the corresponding ACL view is displayed.
3. Run rule [ rule-id ] [ name rule-name ] { deny | permit } ip [ destination { destination-ip-address { destination-wildcard | 0 } | any } | source { source-ip-address { source-wildcard | 0 } | any } ] ^*
  An advanced ACL is created in the advanced ACL view.
4. Run return
  Return to the user view.
Define a traffic classifier.
1. Run system-view
  The system view is displayed.
2. Run traffic classifier classifier-name [ operator { and | or } ]
  A traffic classifier is defined, and the traffic classifier view is displayed.
  
  The classifier name specified by the classifier-name parameter cannot be predefined by the system. For configuration details, see HUAWEI NetEngine 8000 F Series Router Configuration Guide > QoS.
3. Run if-match [ ipv6 ] acl { acl-number | name acl-name }
  An ACL-based filtering rule is defined.
4. Run commit
  The configuration is committed.
5. Run return
  Return to the user view.
Define a traffic behavior and enable flow mirroring.
1. Run system-view
  The system view is displayed.
2. Run traffic behavior behavior-name
  A traffic behavior is defined and the traffic behavior view is displayed.
3. Run port-mirroring enable
  Local flow mirroring is enabled.
4. (Optional) Run port-mirroring car cir cir-value [ pir pir-value ] [ cbs cbs-value [ pbs pbs-value ] ]
  The CAR function is enabled for mirrored traffic.
5. Run commit
  The configuration is committed.
6. Run return
  Return to the user view.
Define a traffic policy that associates a traffic classifier with a traffic behavior.
1. Run system-view
  The system view is displayed.
2. Run traffic policy policy-name
  A traffic policy is defined, and the traffic policy view is displayed.
3. Run classifier classifier-name behavior behavior-name
  A traffic behavior is specified for a traffic classifier in the traffic policy.
4. Run commit
  The configuration is committed.
5. Run return
  Return to the user view.
Create a mirroring service policy and bind it to a service group.
1. Run system-view
  The system view is displayed.
2. Run service-policy name policy-name mirror
  A mirroring traffic policy is created and the service policy view is displayed.
3. Run service-group service-group-name [ inbound | outbound ] [ priority priority ]
  A service group is bound to the service policy.
4. Run commit
  The configuration is committed.
5. Run return
  Return to the user view.
Configure the mapping between the Option 82 attribute and a service policy.
1. Run system-view
  The system view is displayed.
2. Run mirror rule [ rule-number ] service-policy service-policy service-policy service-policy [ partial-match ] { circuit-id | remote-id } description-text
  The mapping between a traffic policy and the Option 82 attribute is configured.
3. Run commit
  The configuration is committed.
Apply the traffic policy globally.
1. Run traffic-policy policy-name { inbound | outbound }
  The traffic policy is applied globally to filter BAS-side user packets.
  
  In VS mode, this command is supported only by the admin VS.
2. Run commit
  The configuration is committed.