All Products
Search

This Product

    :CreateTrafficMirrorFilter

    Document Center

    :CreateTrafficMirrorFilter

    最終更新日:Aug 21, 2023

    Creates a filter for traffic mirroring.

    Usage notes

    CreateTrafficMirrorFilter is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the ListTrafficMirrorFilters operation to query the status of a filter.

    • If the filter is in the Creating state, the filter is being created.
    • If the filter is in the Created state, the filter is created.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter Type Required Example Description
    Action String Yes CreateTrafficMirrorFilter

    The operation that you want to perform. Set the value to CreateTrafficMirrorFilter.

    TrafficMirrorFilterDescription String No this is a filter.

    The description of the filter.

    The description must be 1 to 256 characters in length, and cannot start with http:// or https://.

    TrafficMirrorFilterName String No abc

    The name of the filter.

    The name must be 1 to 128 characters in length and cannot start with http:// or https://.

    ClientToken String No 123e4567-e89b-12d3-a456-426655440000

    The client token that is used to ensure the idempotence of the request.

    You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.

    Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
    DryRun Boolean No false

    Specifies whether to perform only a dry run, without performing the actual request. Valid values:

    • true: performs only a dry run. The system checks the request for potential issues, including missing parameter values, incorrect request syntax, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the DryRunOperation error code is returned.
    • false (default): performs a dry run and performs the actual request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed.
    IngressRules.N.Action String Yes accept

    The action of the inbound rule. Valid values:

    • accept
    • drop
    IngressRules.N.SourceCidrBlock String No 10.0.0.0/24

    The source CIDR block of the inbound traffic.

    IngressRules.N.Protocol String Yes TCP

    The protocol that is used by the inbound traffic to be mirrored. Valid values:

    • ALL
    • ICMP
    • TCP
    • UDP
    IngressRules.N.DestinationPortRange String No 80/120

    The destination port range of the inbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80.

    Note If you set IngressRules.N.Protocol to ALL or ICMP, you do not need to specify this parameter. In this case, all ports are available.
    IngressRules.N.Priority Integer No 1

    The priority of the inbound rule. A smaller value indicates a higher priority.

    The maximum value of N is 10. You can configure up to 10 inbound rules for a filter.

    IngressRules.N.DestinationCidrBlock String No 10.0.0.0/24

    The destination CIDR block of the inbound traffic.

    IngressRules.N.SourcePortRange String No 80/120

    The source port range of the inbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80.

    Note If you set IngressRules.N.Protocol to ALL or ICMP, you do not need to specify this parameter. In this case, all ports are available.
    EgressRules.N.Action String Yes accept

    The action of the outbound rule. Valid values:

    • accept
    • drop: does not collect network traffic.
    EgressRules.N.SourceCidrBlock String No 10.0.0.0/24

    The source CIDR block of the outbound traffic.

    EgressRules.N.Protocol String Yes TCP

    The protocol that is used by the outbound traffic to be mirrored. Valid values:

    • ALL
    • ICMP
    • TCP
    • UDP
    EgressRules.N.DestinationPortRange String No 22/40

    The destination port range of the outbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80. You cannot set this parameter to only -1/-1. The value -1/-1 specifies all ports.

    Note If you set EgressRules.N.Protocol to ALL or ICMP, you do not need to specify this parameter. In this case, all ports are available.
    EgressRules.N.Priority Integer No 1

    The priority of the outbound rule. A smaller value indicates a higher priority.

    The maximum value of N is 10. You can configure up to 10 outbound rules for a filter.

    EgressRules.N.DestinationCidrBlock String No 10.0.0.0/24

    The destination CIDR block of the outbound traffic.

    EgressRules.N.SourcePortRange String No 22/40

    The source port range of the outbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80. You cannot set this parameter to only -1/-1. The value -1/-1 specifies all ports.

    Note If you set EgressRules.N.Protocol to ALL or ICMP, you do not need to specify this parameter. In this case, all ports are available.
    RegionId String Yes cn-hongkong

    The ID of the region to which the mirrored traffic belongs.

    You can call the DescribeRegions operation to query the most recent region list. For more information about regions that support traffic mirroring, see Overview of traffic mirroring.

    ResourceGroupId String No rg-bp67acfmxazb4ph****

    The ID of the resource group to which the mirrored traffic belongs.

    Tag.N.Key String No FinanceDept

    The key of the tag. You can specify at most 20 tag keys. The tag key cannot be an empty string.

    The tag key can be at most 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

    Tag.N.Value String No FinanceJoshua

    The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string.

    The tag value can be up to 128 characters in length, and cannot contain http:// or https://. The tag value cannot start with aliyun or acs:.

    Response parameters

    Parameter Type Example Description
    TrafficMirrorFilterId String tmf-j6cmls82xnc86vtpe****

    The ID of the traffic mirror filter.

    RequestId String 28DB147D-217B-43E8-9E94-A3F6837DDC8A

    The request ID.

    ResourceGroupId String rg-bp67acfmxazb4ph****

    The ID of the resource group to which the mirrored traffic belongs.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=CreateTrafficMirrorFilter
&TrafficMirrorFilterDescription=this is a filter.
&TrafficMirrorFilterName=abc
&ClientToken=123e4567-e89b-12d3-a456-426655440000
&DryRun=false
&IngressRules=[{"Action":"accept","SourceCidrBlock":"10.0.0.0/24","Protocol":"TCP","DestinationPortRange":"80/120","Priority":1,"DestinationCidrBlock":"10.0.0.0/24","SourcePortRange":"80/120"}]
&EgressRules=[{"Action":"accept","SourceCidrBlock":"10.0.0.0/24","Protocol":"TCP","DestinationPortRange":"22/40","Priority":1,"DestinationCidrBlock":"10.0.0.0/24","SourcePortRange":"22/40"}]
&RegionId=cn-hongkong
&ResourceGroupId=rg-bp67acfmxazb4ph****
&Tag=[{"Key":"FinanceDept","Value":"FinanceJoshua"}]
&Common request parameters

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<CreateTrafficMirrorFilterResponse>
    <TrafficMirrorFilterId>tmf-j6cmls82xnc86vtpe****</TrafficMirrorFilterId>
    <RequestId>28DB147D-217B-43E8-9E94-A3F6837DDC8A</RequestId>
    <ResourceGroupId>rg-bp67acfmxazb4ph****</ResourceGroupId>
</CreateTrafficMirrorFilterResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "TrafficMirrorFilterId" : "tmf-j6cmls82xnc86vtpe****",
  "RequestId" : "28DB147D-217B-43E8-9E94-A3F6837DDC8A",
  "ResourceGroupId" : "rg-bp67acfmxazb4ph****"
}

    Error codes

    HttpCode Error code Error message Description
    400 UnsupportedFeature.IpVersion The ipversion type is not supported. ipVersion is set to an invalid value.
    400 IncorrectBusinessStatus.TrafficMirror The business status of traffic mirror is incorrect. Traffic mirroring is in an invalid state.
    400 OptInRequired.TrafficMirror You need to subscribe to the traffic mirror service first. Traffic mirroring is disabled.
    400 QuotaExceeded.TrafficMirrorFilter The maximum number of traffic image filters is exceeded. The number of filters has reached the upper limit.
    400 DuplicatedParam.Priority The specified priority conflicts with the existing priority. The specified priority is the same as an existing one.
    400 UnsupportedRegion The feature is not supported in current region. The feature is not supported in the current region.
    400 IllegalParamFormat.SrcCidrBlock The format of the specified source CIDR block is invalid. The format of the source CIDR block is invalid.

    For a list of error codes, see Service error codes.