Skip to main content

Version: 3.11.0

Implement Traffic Mirroring

Traffic mirroring is a mechanism that duplicates the traffic flowing through the API gateway and forwards the duplicated traffic to a designated upstream, without interrupting the regular services. The mechanism benefits a few use cases, including troubleshooting, security inspection, analytics, and more.

This guide will walk you through the process of implementing traffic mirroring in APISIX using the proxy-mirror plugin.

Prerequisite(s)

Start Sample Service to Receive Mirrored Traffic

Start a sample NGINX server for receiving mirrored traffic:

docker run -p 8081:80 --name nginx nginx

You should see NGINX access log and error log on the terminal session.

Configure APISIX

Open a new terminal session. Save the IP address of your host to an environment variable:

export HOST_IP=192.168.42.145   # replace with your host IP

Create a route with the proxy-mirror plugin and configure the address for mirrored traffic:

curl "http://127.0.0.1:9180/apisix/admin/routes" -X PUT -d '
{
"id": "traffic-mirror-route",
"uri": "/get",
"plugins": {
"proxy-mirror": {
"host": "http://'"$HOST_IP"':8081"
}
},
"upstream": {
"nodes": {
"httpbin.org": 1
},
"type": "roundrobin"
}
}'

Verify Mirroring

Send a request to the route:

curl -i "http://127.0.0.1:9080/get"

You should receive an HTTP/1.1 200 OK response.

Navigating back to the NGINX terminal session, you should see the following access log entry:

172.17.0.1 - - [29/Jan/2024:23:11:01 +0000] "GET /get HTTP/1.1" 404 153 "-" "curl/7.64.1" "-"

The HTTP response status is 404 and expected, since the sample NGINX server does not implement the route. This verifies that APISIX has mirrored the request to the NGINX server.

Next Steps

You have now learned how to mirror all ingress traffic to a different upstream. The proxy-mirror plugin also supports mirroring partial traffic and customization on the mirroring timeout values. See plugin doc for more information.


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation