Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

show ddos-protection protocols parameters

Syntax

show ddos-protection protocols <protocol-group> parameters <brief | detail | terse>

Release Information

Command introduced in Junos OS Release 11.2.

Description

Display DDoS protection configuration information for all protocol groups or for a particular protocol group.

Options

none

Display information for all protocol groups.

brief | detail | terse

(Optional) Display the specified level of output.

  • brief—Display basic function information.
  • detail—Add information to the brief output; it is identical to the output displayed when you choose no option. The brief and detail options display information for all protocol groups, which can be a long list.
  • terse—Display the same level of information as the brief option but only for active protocol groups—groups that show traffic in the Received (packets) column.
protocol-group

(Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups.

Required Privilege Level

view

 

Related Documentation

 

List of Sample Output

show ddos-protection protocols parameters
show ddos-protection protocols parameters brief
show ddos-protection protocols dhcpv4 parameters brief
show ddos-protection protocols dhcpv4 parameters terse
show ddos-protection protocols dhcpv4 parameters

Output Fields

Table 1 lists the output fields for the show ddos-protection protocols parameters command. Output fields are listed in the approximate order in which they appear.

Table 1: show ddos-protection protocols parameters Output Fields

Field Name

Field Description

Level of Output

Protocol Group

Name of protocol group.

All levels

Packet type

Name of packet type in protocol group.

All levels

Bandwidth

Bandwidth policer value; number of packets per second that is allowed before a violation is declared.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Burst

Burst policer value; the maximum number of packets that is allowed in a burst before a violation is declared.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Priority

Priority of the packet type in the event of traffic congestion: low, medium, or high. Lower priority packets can be dropped when insufficient bandwidth is available.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Recover time

Time that must pass since the last violation before the traffic flow is considered to have recovered from the attack. A notification is generated when the timer expires.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Enabled

State of the policer, enabled (Yes) or disabled (No).

detail none

Bypass aggregate

State of the bypass aggregate configuration:

  • Yes—The aggregate policer is bypassed.
  • No—The aggregate policer is enforced.

This field appears only for individual policers.

detail none

FPC slot information

The following configuration information for the card in the indicated slot:

  • Bandwidth—Bandwidth scale and the number of packets per second that is allowed before a violation is declared
  • Burst—Burst scale and the maximum number of packets that is allowed in a burst before a violation is declared
  • enabled or disabled—State of the line card policer

detail none

Number of policers modified

Number of policers that have been changed from the default configuration.

An asterisk by a particular value indicates that value has been modified.

brief terse

Policer Enabled

State of the policer, enabled (Yes), disabled (No), or partially disabled (part.); part. indicates that only some of the policer instances are disabled for the policer.

brief terse

Bypass aggr.

State of the bypass aggregate configuration:

  • Yes—The aggregate policer is bypassed.
  • No—The aggregate policer is enforced.

Dashes indicate that the bypass aggregate configuration is not available; this is possible only for aggregate policers.

brief terse

FPC Mod

Indicates whether configuration has changed from the default for any line cards.

  • No—The default configuration has not changed from the default for the packet type.
  • Yes—The default configuration has changed from the default for the packet type

brief terse

Sample Output

show ddos-protection protocols parameters

user@host> show ddos-protection protocols parameters
Protocol Group: IPv4-Unclassified

  Packet type: aggregate (Aggregate for unclassified host-bound IPv4 traffic)
    Aggregate policer configuration:
      Bandwidth:        20000 pps
      Burst:            20000 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
    FPC slot 1 information:
      Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled

Protocol Group: IPv6-Unclassified

  Packet type: aggregate (Aggregate for unclassified host-bound IPv6 traffic)
    Aggregate policer configuration:
      Bandwidth:        20000 pps
      Burst:            20000 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
    FPC slot 1 information:
      Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled

...

Protocol Group: PPPoE

  Packet type: aggregate (Aggregate for all PPPoE control traffic)
    Aggregate policer configuration:
      Bandwidth:        800 pps
      Burst:            2000 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
    FPC slot 1 information:
      Bandwidth: 100% (800 pps), Burst: 100% (2000 packets), enabled

  Packet type: padi (PPPoE PADI)
    Individual policer configuration:
      Bandwidth:        500 pps
      Burst:            500 packets
      Priority:         low
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled

  Packet type: pado (PPPoE PADO)
    Individual policer configuration:
      Bandwidth:        0 pps
      Burst:            0 packets
      Priority:         low
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (0 pps), Burst: 100% (0 packets), enabled

  Packet type: padr (PPPoE PADR)
    Individual policer configuration:
      Bandwidth:        500 pps
      Burst:            500 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled

show ddos-protection protocols parameters brief

user@host> show ddos-protection protocols parameters brief
Number of policers modified: 3
Protocol    Packet      Bandwidth Burst  Priority Recover   Policer Bypass FPC
group       type        (pps)     (pkts)          time(sec) enabled aggr.  mod
ipv4-uncls  aggregate   20000     20000  medium   300       yes     --     no 
ipv6-uncls  aggregate   20000     20000  medium   300       yes     --     no 
dynvlan     aggregate   1000      500    low      300       yes     --     no 
ppp         aggregate   16000     16000  medium   300       yes     --     no 
ppp         unclass     1000      500    low      300       yes     no     no 
ppp         lcp         12000     12000  low      300       yes     no     no 
ppp         auth        2000      2000   medium   300       yes     no     no 
ppp         ipcp        2000      2000   high     300       yes     no     no 
ppp         ipv6cp      2000      2000   high     300       yes     no     no 
ppp         mplscp      2000      2000   high     300       yes     no     no 
ppp         isis        2000      2000   high     300       yes     no     no 
pppoe       aggregate   800*      2000   medium   300       part.*  --     no 
pppoe       padi        500       500    low      300       part.   no     no 
pppoe       pado        0         0      low      300       part.   no     no 
pppoe       padr        500       500    medium   300       part.   no     no 
pppoe       pads        0         0      low      300       part.   no     no 
pppoe       padt        1000      1000   high     300       part.   no     no 
pppoe       padm        0         0      low      300       part.   no     no 
pppoe       padn        0         0      low      300       part.   no     no 
dhcpv4      aggregate   669*      5000   medium   300       yes     --     no 
dhcpv4      unclass..   300       150    low      300       yes     no     no 
dhcpv4      discover    100*      500    low      300       yes     no     no 
dhcpv4      offer       1000      1000   low      300       yes     no     no 
dhcpv4      request     1000      1000   medium   300       yes     no     no 
dhcpv4      decline     500       500    low      300       yes     no     no 
dhcpv4      ack         500       500    medium   300       yes     no     no 
dhcpv4      nak         500       500    low      300       yes     no     no 
dhcpv4      release     2000      2000   high     300       yes     no     no 
dhcpv4      inform      500       500    low      300       yes     no     no 
dhcpv4      renew       2000      2000   high     300       yes     no     no 
dhcpv4      forcerenew  2000      2000   high     300       yes     no     no 
dhcpv4      leasequery  2000      2000   high     300       yes     no     no 
dhcpv4      leaseuna..  2000      2000   high     300       yes     no     no 
dhcpv4      leaseunk..  2000      2000   high     300       yes     no     no 
dhcpv4      leaseact..  2000      2000   high     300       yes     no     no 
dhcpv4      bootp       300       300    low      300       yes     no     no 
dhcpv4      no-msgtype  0         0      low      300       yes     no     no 
dhcpv4      bad-pack..  0         0      low      300       yes     no     no 

...

icmp        aggregate   20000     20000  high     300       yes     --     no 
igmp        aggregate   20000     20000  high     300       yes     --     no 
ospf        aggregate   20000     20000  high     300       yes     --     no 
rsvp        aggregate   20000     20000  high     300       yes     --     no 
pim         aggregate   20000     20000  high     300       yes     --     no 
rip         aggregate   20000     20000  high     300       yes     --     no 
ptp         aggregate   20000     20000  high     300       yes     --     no 
bfd         aggregate   20000     20000  high     300       yes     --     no 
lmp         aggregate   20000     20000  high     300       yes     --     no 
ldp         aggregate   20000     20000  high     300       yes     --     no 
msdp        aggregate   20000     20000  high     300       yes     --     no 
bgp         aggregate   20000     20000  low      300       yes     --     no 
vrrp        aggregate   20000     20000  high     300       yes     --     no 
telnet      aggregate   20000     20000  low      300       yes     --     no 
ftp         aggregate   20000     20000  low      300       yes     --     no 
ssh         aggregate   20000     20000  low      300       yes     --     no 
snmp        aggregate   20000     20000  low      300       yes     --     no 
ancp        aggregate   20000     20000  low      300       yes     --     no 

...

show ddos-protection protocols dhcpv4 parameters brief

user@host> show ddos-protection protocols dhcpv4 parameters brief
Number of policers modified: 2
Protocol    Packet      Bandwidth Burst  Priority Recover   Policer Bypass FPC
group       type        (pps)     (pkts)          time(sec) enabled aggr.  mod
dhcpv4      aggregate   669*      5000   medium   300       yes     --     no 
dhcpv4      unclass..   300       150    low      300       yes     no     no 
dhcpv4      discover    100*      500    low      300       yes     no     no 
dhcpv4      offer       1000      1000   low      300       yes     no     no 
dhcpv4      request     1000      1000   medium   300       yes     no     no 
dhcpv4      decline     500       500    low      300       yes     no     no 
dhcpv4      ack         500       500    medium   300       yes     no     no 
dhcpv4      nak         500       500    low      300       yes     no     no 
dhcpv4      release     2000      2000   high     300       yes     no     no 
dhcpv4      inform      500       500    low      300       yes     no     no 
dhcpv4      renew       2000      2000   high     300       yes     no     no 
dhcpv4      forcerenew  2000      2000   high     300       yes     no     no 
dhcpv4      leasequery  2000      2000   high     300       yes     no     no 
dhcpv4      leaseuna..  2000      2000   high     300       yes     no     no 
dhcpv4      leaseunk..  2000      2000   high     300       yes     no     no 
dhcpv4      leaseact..  2000      2000   high     300       yes     no     no 
dhcpv4      bootp       300       300    low      300       yes     no     no 
dhcpv4      no-msgtype  0         0      low      300       yes     no     no 
dhcpv4      bad-pack..  0         0      low      300       yes     no     no

show ddos-protection protocols dhcpv4 parameters terse

user@host> show ddos-protection protocols dhcpv4 parameters terse
Number of policers modified: 2
Protocol    Packet      Bandwidth Burst  Priority Recover   Policer Bypass FPC
group       type        (pps)     (pkts)          time(sec) enabled aggr.  mod
dhcpv4      aggregate   669*      5000   medium   300       yes     --     no 
dhcpv4      discover    100*      500    low      300       yes     no     no

show ddos-protection protocols dhcpv4 parameters

user@host> show ddos-protection protocols dhcpv4 parameters
Protocol Group: DHCPv4

  Packet type: aggregate (aggregate for all DHCPv4 traffic)
    Aggregate policer configuration:
      Bandwidth:        669 pps
      Burst:            5000 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
    FPC slot 1 information:
      Bandwidth: 100% (669 pps), Burst: 100% (5000 packets), enabled

  Packet type: unclassified (Unclassified DHCPv4 traffic)
    Individual policer configuration:
      Bandwidth:        300 pps
      Burst:            150 packets
      Priority:         low
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (300 pps), Burst: 100% (150 packets), enabled

  Packet type: discover (DHCPv4 DHCPDISCOVER)
    Individual policer configuration:
      Bandwidth:        100 pps
      Burst:            500 packets
      Priority:         low
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (100 pps), Burst: 100% (500 packets), enabled

  Packet type: offer (DHCPv4 DHCPOFFER)
    Individual policer configuration:
      Bandwidth:        1000 pps
      Burst:            1000 packets
      Priority:         low
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (1000 pps), Burst: 100% (1000 packets), enabled

  Packet type: request (DHCPv4 DHCPREQUEST)
    Individual policer configuration:
      Bandwidth:        1000 pps
      Burst:            1000 packets
      Priority:         medium
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    FPC slot 1 information:
      Bandwidth: 100% (1000 pps), Burst: 100% (1000 packets), enabled

...

Published: 2013-07-24

Previous Page Next Page