Understand traffic mirror session concepts - Amazon Virtual Private Cloud
Traffic mirror sources

Understand traffic mirror session concepts

A traffic mirror session establishes a relationship between a traffic mirror source and a traffic mirror target. Traffic mirror sessions are evaluated based on the ascending session number that you define when you create the session.

A traffic mirror session contains the following resources:

Each packet is mirrored once. However, you can use multiple traffic mirror sessions on the same mirror source. This is useful if you want to send a subset of the mirrored traffic from a traffic mirror source to multiple tools. For example, you can filter HTTP traffic in a higher priority traffic mirror session and send it to a specific monitoring appliance. At the same time, you can filter all other TCP traffic in a lower priority traffic mirror session and send it to another monitoring appliance.

Traffic mirror sources

A traffic mirror source is the network interface of type interface. For example, a network interface for an EC2 instance or an RDS instance.

A network interface can't be used as a traffic mirror source if the same Elastic network interface is already in use in an existing traffic mirror target.

Traffic Mirroring is not available on all instance types.

Instance types

The following limitations only apply to only the traffic mirroring source instance type.

  • Traffic Mirroring is not available on the following virtualized Nitro instance types:

    • General purpose: M8g, M6a, M6i, M6id, M6idn, M6in, M7a, M7g, M7gd, M7i, M7i-flex

    • Compute optimized: C8g, C6a, C6gd, C6gn, C6i, C6id, C6in, C7a, C7g, C7gd, C7gn, C7i

    • Memory optimized: R8g, R6a, R6i, R6id, R6idn, R6in, R7a, R7g, R7gd, R7i, R7iz, X8g, X2idn, X2iedn, X2iezn

    • Storage optimized: I4g, I4i, Im4gn, Is4gen

    • Accelerated computing: Inf2, P5, Trn1, Trn1n

    • High-performance computing: Hpc6a, Hpc6id, Hpc7a, Hpc7g

  • Traffic Mirroring is not available on bare metal instances.

  • Traffic Mirroring is available only on the following non-Nitro instances types: C4, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, and X1e. Note that this does not include T2 instances.