Creates a filter for traffic mirroring.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates a sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateTrafficMirrorFilter

The operation that you want to perform. Set the value to CreateTrafficMirrorFilter.

RegionId String Yes cn-hongkong

The ID of the region to which the mirrored traffic belongs. You can call the DescribeRegions operation to query the most recent region list. For more information about regions that support traffic mirroring, see Overview of traffic mirroring.

TrafficMirrorFilterDescription String No this is a filter.

The description of the filter. The description must be 2 to 256 characters in length. It must start with a letter and cannot start with http:// or https://.

TrafficMirrorFilterName String No abc

The name of the filter.

The name must be 2 to 128 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.

ClientToken String No 123e4567-e89b-12d3-a456-4266****

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken supports only ASCII characters. It can contain up to 64 ASCII characters. For more information, see How can I ensure idempotence?

DryRun Boolean No false

Specifies whether to precheck this request. Valid values:

  • true: only prechecks the request. The filter is note created. The system prechecks the required parameters, request format, and service limits. If the request fails the precheck, the corresponding error code is returned. If the request passes the precheck, the DryRunOperation error code is returned.
  • false: sends the request. This is the default value. If the request passes the precheck, a 2XX HTTP status code is returned and the filter is created.
IngressRules.N.Priority Integer No 1

The priority of the inbound rule. A smaller value indicates a higher priority.

The maximum value of N is 10, which indicates that you can configure at most 10 inbound rules for a filter.

IngressRules.N.Action String No accept

The collection policy of the inbound rule. Valid values:

  • accept: collects network traffic.
  • drop: does not collect network traffic.
IngressRules.N.Protocol String No TCP

The transport protocol used by inbound traffic that needs to be mirrored. Valid values:

  • ALL: all protocols
  • ICMP: Internet Control Message Protocol (ICMP)
  • TCP: TCP
  • UDP: UDP
IngressRules.N.DestinationCidrBlock String No 10.0.0.0/24

The destination CIDR block of the inbound traffic.

IngressRules.N.SourceCidrBlock String No 10.0.0.0/24

The source CIDR block of the inbound traffic.

IngressRules.N.DestinationPortRange String No 80/120

The destination port range of the inbound traffic. Valid values: 1 to 65535. Separate the first port and last port with a forward slash (/), for example, 1/200 or 80/80. A value of -1/-1 indicates that all ports are available. Therefore, do not set the value to -1/-1.

Note When IngressRules.N.Protocol is set to ICMP, ignore this parameter.
IngressRules.N.SourcePortRange String No 80/120

The source port range of the inbound traffic. Valid values: 1 to 65535. Separate the first port and last port with a forward slash (/), for example, 1/200 or 80/80. A value of -1/-1 indicates that all ports are available. Therefore, do not set the value to -1/-1.

Note When IngressRules.N.Protocol is set to ICMP, ignore this parameter.
EgressRules.N.Priority Integer No 1

The priority of the outbound rule. A smaller value indicates a higher priority.

The maximum value of N is 10, which indicates that you can configure at most 10 outbound rules for a filter.

EgressRules.N.Action String No accept

The collection policy of the outbound rule. Valid values:

  • accept: collects network traffic.
  • drop: does not collect network traffic.
EgressRules.N.Protocol String No TCP

The transport protocol used by outbound traffic that needs to be mirrored. Valid values:

  • ALL: all protocols
  • ICMP: ICMP
  • TCP: TCP
  • UDP: UDP
EgressRules.N.DestinationCidrBlock String No 10.0.0.0/24

The destination CIDR block of the outbound traffic.

EgressRules.N.SourceCidrBlock String No 10.0.0.0/24

The source CIDR block of the outbound traffic.

EgressRules.N.DestinationPortRange String No 22/40

The destination CIDR block of the outbound traffic. Valid values: 1 to 65535. Separate the first port and last port with a forward slash (/), for example, 1/200 or 80/80. A value of -1/-1 indicates that all ports are available. Therefore, do not set the value to -1/-1.

Note When EgressRules.N.Protocol is set to ICMP, ignore this parameter.
EgressRules.N.SourcePortRange String No 22/40

The source port range of the outbound traffic. Valid values: 1 to 65535. Separate the first port and last port with a forward slash (/), for example, 1/200 or 80/80. A value of -1/-1 indicates that all ports are available. Therefore, do not set the value to -1/-1.

Note When EgressRules.N.Protocol is set to ICMP, ignore this parameter.

Response parameters

Parameter Type Example Description
RequestId String 28DB147D-217B-43E8-9E94-A3F6837DDC8A

The ID of the request.

TrafficMirrorFilterId String tmf-j6cmls82xnc86vtpe****

The ID of the filter.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateTrafficMirrorFilter
&RegionId=cn-hongkong
&<Common request parameters>

Sample success responses

XML format

<CreateTrafficMirrorFilterResponse>
  <RequestId>28DB147D-217B-43E8-9E94-A3F6837DDC8A</RequestId>
  <TrafficMirrorFilterId>tmf-j6cmls82xnc86vtpe****</TrafficMirrorFilterId>
</CreateTrafficMirrorFilterResponse>

JSON format

{
    "RequestId": "28DB147D-217B-43E8-9E94-A3F6837DDC8A",
    "TrafficMirrorFilterId": "tmf-j6cmls82xnc86vtpe****"
}

Error codes

HttpCode Error code Error message Description
400 IncorrectBusinessStatus.TrafficMirror The business status of traffic mirror is incorrect. The error message returned because the mirrored traffic is in an invalid state.
400 OptInRequired.TrafficMirror You need to subscribe to the traffic mirror service first. The error message returned because traffic mirroring is not enabled.
400 QuotaExceeded.TrafficMirrorFilter The maximum number of traffic image filters is exceeded. The error message returned because the number of filters has reached the upper limit.
400 DuplicatedParam.Priority The specified priority conflicts with the existing priority. The error message returned because the specified priority is the same as an existing one.
400 UnsupportedRegion The feature is not supported in current region. The error message returned because this feature is not supported in the current region.

For a list of error codes, visit the API Error Center.