Hyper Converged Infrastructure (HCI/aSV)

Sangfor HCI and aSV provide a unified infrastructure combining compute, storage, networking, and built-in security to simplify deployment, operations, and services.

6.11.1R1

{{item.code}}

Release Notes

Overview

Upgrade Path

Post Upgrade Check

Rollback

Upgrade Guide

Upgrade Instructions

Pre-upgrade Check

Upgrade Procedure

Abnormalities Troubleshooting

User Manual

Product Description

Installation And Deployment

Networking Installation Introduction

Preparation Before Installation

Switch Configuration Requirements

Witness Node System Installation (Optional)

Stretched Clusters

Preventing Split-Brain in Dual-Host Clusters

Service Packs

HCI Cluster Initialization

New virtual Machine

Deploying VM

Virtual Machine Management

Installing VmTools

Uninstall VmTools

Configuring Virtual Network

Configuring Edge Network

Creating a Virtual Network Device

Storage Configuration Guide

Handling Slow Disk

Handling Read-Only Disk

Other Storage Configuration Guide

Reliability Configuration Guide

Memory ECC Isolation

Fast Backup and Recovery

CDP Backup and Recovery

Agentless Backup

aSecurity Configuration Guide

Security Capabilities

HCI Platform Configuration Guide

VMware Management

Host Monitoring

Platform Operation and Maintenance

Operation and Maintenance tools/modules

Daily Operation and Maintenance Module

Troubleshooting Module

Platform Daily/Weekly/Monthly Operations and Maintenance.

Basic Business Change

Powering On and Off the System

Platform Hardware Maintenance

Platform High-Risk Operations

Interface Configuration High-risk Operations

Hardware Hazardous Operations

Network Port Table

Hyper Converged Infrastructure (HCI/aSV)

User Manual

Configuring Virtual Network

Configuring Traffic Mirroring

{{sendMatomoQuery("Hyper Converged Infrastructure (HCI/aSV)","Configuring Traffic Mirroring")}}

Configuring Traffic Mirroring

{{ $t('productDocDetail.updateTime') }}: 2026-01-05

Description

In the operation and maintenance scenario, the production virtual machines' network traffic must mirror the security auditing device to achieve traffic filtering and monitoring. Sangfor HCI supports replicating and forwarding virtual machines/network traffic to the egress interface to mirror external devices. It requires configuring traffic mirroring on the intermediate switch.

Precautions

A mirror source policy object can select up to 1024 network interfaces.

The mirror target object can only select one virtual machine or network device network interface.
If a virtual machine/network device network interface or physical node edge interface is used as a mirror source object, it can only belong to one traffic mirroring policy; if it is used as a mirror target object, it can belong to multiple traffic mirroring policies.
Traffic mirroring from the physical network to the virtual network is not supported.
As the number of policies increases, the latency of production network traffic increases, and the throughput decrease. It is recommended to configure less than 100 policies.
The virtual machine referenced by the traffic mirroring supports intra-cluster migration, and the traffic mirroring would still take effect after the migration.
Support configuring traffic mirror for separate physical egress interface. In the scenario of mirroring virtual network traffic to an external device, the mirrored traffic utilizes the edge interface; when mirroring across nodes in a cluster, the mirrored traffic utilizes the VXLAN interface. Planning an independent physical interface for traffic mirroring and forwarding is recommended.
When the traffic mirroring is through the physical edge interface, a VLAN must be configured, and the VLAN must be the same as the VLAN allowed on the physical switch (truck port) connected to the physical egress interface. The mirrored traffic cannot include the traffic of this VLAN.
When the edge-connected interface to the physical egress interface is used in the mirroring policy, when the edge-connected interface to the physical egress is modified, the corresponding physical egress interface in the traffic mirroring policy is also changed.
Cross-resource pool mirroring is only supported in connected domain scenarios.
Even traffic intercepted by DFW and traffic restricted by QoS will be captured and forwarded by traffic mirroring.
When the network interface is multiplexed, and the network interface is used as the mirror source, only edge traffic is captured.

Prerequisites

N/A.

Steps

Navigate to Networking, click Traffic Mirroring, and then click New to create the traffic mirroring policy.

Graphical user interface, website Description automatically generated

Sangfor HCI supports configuring three traffic mirroring policies: VM Interface, NFV Device Interface, and Edge-connected Interface.

• Mirror Source:

VM Interface: Specify the network interface of the virtual machine/network device.

NFV Device Interface: specify the virtual machine/network device network Interface.

Edge-Connected Interface: Specify the edge interface of the physical node.

• Mirror Target:

VM Interface: Specify the network interface of the virtual machine/network device.

NFV Device Interface: specify the virtual machine/network device network Interface.

Edge-Connected Interface: Specify the edge interface of the physical node.

• VLAN ID:

VM Interface: not required.

NFV Device Interface: Specifies the VLAN ID tagged in the mirrored packets.

Edge-Connected Interface: Specifies the VLAN ID tagged in the mirrored packets.

• Mirror Percent:

Percentage of the traffic to be mirrored. By default, it is 100%, which means all the traffic will be mirrored.

• Traffic Direction:

The direction of the source object's traffic.

All: Mirroring the traffic received and sent by the source object.

Inbound: Only mirroring the traffic received by the source object.

Outbound: Only mirroring the traffic sent by the source object.

• Policy Status:

Check Enabled to enable the policy to take effect.

Graphical user interface, text, application, email Description automatically generated

After the policy configuration is complete, the network traffic at the source can be monitored on the destination device.

{{ $t('index.defaultHeader.logo') }}

Hyper Converged Infrastructure (HCI/aSV)

Configuring Traffic Mirroring