Simple reference that shows how to setup traffic mirroring from a source NLB to target NLB on a private network. The EC2 instances are running a simulated listener port on 8888 using Netcat. VXLAN encapsulated traffic is mirrored from the source NLB to the target NLB on port 4789. A VXLAN interface is created on the target instance to capture unencapsulated traffic from the traffic mirroing session.

This was developed and tested with Terraform v0.13.2

In order for the EC2 instance to launch successfully, you must first create an SSH key pair in the 'keys' directory named mykey.

ssh-keygen -t rsa -f ./keys/mykey -N ""

Set the desired AWS region and change any default variables in the variables.tf file.

terraform init  ## initialize Teraform
terraform plan  ## Review what terraform will do
terraform apply ## Deploy the resources

Tear-down the resources in the stack

$ terraform destroy

Add your newly created SSH key to your key store

ssh-add -K keys/mykey

Using the bastion public dns name that is output'd by terraform, SSH to the bastion.

ssh -A ec2-user@<bastion_pub_DNS_name>

Once logged into the bastion, you can then SSH to both EC2 instances behind the NLBs. Jumping from the bastion:

ssh ec2-user@<private_ip_src_instance>

Test port 8888 is open through the src NLB

ncat -v <src_nlb_dns_name> 8888

Confirm VXLAN traffic over the primary network interface

sudo tcpdump -nni eth0 |grep VXLAN

Run a packet capture on the vxlan1 interface to see unencapsulated PCAP info. See the user-data script for the target instance to see how the vxlan interface is configured.

sudo tcpdump -nni vxlan1

The tcpdump output should show traffic from the src NLB network interface to the private IP address of the target instance