Traffic Mirroring
For analysis.
What traffic mirroring is
Production traffic is duplicated and sent to a parallel system. The original request is processed normally; the mirror is processed for analysis or testing.
Mirror does not affect production. The original response goes back to the user; the mirror's response is captured but not returned.
Used for: pre-prod load testing with real traffic, security inspection, ML inference comparison, schema migration validation.
AWS Traffic Mirroring
VPC Traffic Mirroring captures packets from ENIs and sends to a mirror target. Layer 4 mirroring; full packet contents.
Cost: per-ENI hourly plus per-GB. Can be expensive at high volume. Use sampling (1-5%) for cost-effective coverage.
Targets are typically NLB or a fleet of inspection instances. Each captures, processes, optionally reassembles into HTTP for analysis.
Application-level mirroring
Service mesh (Istio, Linkerd) supports HTTP-level mirroring. Configurable per route. Mirror to a shadow service; observe behaviour.
Envoy proxy supports request mirroring directly. Configure via filter chain; specify mirror destination cluster.
Application-level mirroring lets the mirror process application logic, not just packets. Easier to derive value from.
Common use cases
Pre-prod load testing. New version receives real traffic shape; original version still serves users. Catch regressions before promotion.
Security inspection. Mirror to IDS/IPS for deep analysis. Full visibility without affecting latency on the production path.
ML evaluation. New model version evaluates against real traffic; compare outputs to current model. Champion/challenger pattern.
Limits and gotchas
PII implications. Mirrored traffic contains customer data. Compliance review required; encryption in transit; restricted access.
Stateful systems are hard. Mirror that writes to a database creates duplicate writes. Use read-only or shadow databases.
Cost at scale. Full mirroring of high-volume traffic is expensive. Sample where statistical confidence is sufficient.