show ddos-protection protocols culprit-flows
Syntax
show ddos-protection protocols <protocol-group (aggregate | packet-type)> culprit-flows
Description
Display culprit flow information for protocol groups or individual packet types.
Options
| none | Display information for all protocol groups and packet types. |
| brief | detail | (Optional) Display the specified level of output. |
| fpc-slot | (Optional) Display information for the specified Flexible PIC Concentrator (FPC) slot.
|
| summary | (Optional) Display flow information summary. |
| aggregate | (Optional) Display DDoS protection information for the aggregate policer. The |
| packet-type | (Optional) Display information for the specified packet type in the protocol group. The available packet types vary by protocol group. See show ddos-protection protocols for a list of available packet types. |
| protocol-group | (Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show ddos-protection protocols culprit-flows command. Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Number of active flows that are being tracked as culprit flows by flow detection. |
All levels |
|
Total number of culprit flows that have been detected, including those that have recovered or timed out. |
All levels |
|
Name of protocol group. |
|
|
Name of packet type in protocol group. |
|
|
Logical interface on which the traffic flow arrived. |
|
|
Shows the flow_id, such as flow_id 0001000000000022 |
|
|
Source address of the traffic flow, either a MAC address or an IP address. |
|
|
Destination address of the traffic flow, either a MAC address or an IP address. |
|
|
Source port number. |
|
|
Destination port number. |
|
|
Rate of the traffic flow in packets per second. |
|
|
Rate of the traffic flow in packets per second. |
|
|
Number of packets received in the traffic flow. |
|
|
Number of packets received in the traffic flow. |
|
Additional information |
Flow ID numbers automatically assigned to flow, with embedded slot ID. The flow ID is prefixed by Timestamp that identifies when the flow arrived on the interface. |
|
Sample Output
- show ddos-protection protocols culprit-flows brief
- show ddos-protection protocols culprit-flows for all protocols
- show ddos-protection protocols culprit-flows detail (Specific Protocol Group)
- show expanded format for dhcpv4 discover packet type
- show dhcpv4 flow detection information
- show dhcpv4 flow detection information in brief format
- show global statistics
- show ddos-protection protocols culprit-flows fpc-slot
show ddos-protection protocols culprit-flows brief
user@host> show ddos-protection protocols culprit-flows brief Currently tracked flows: 1000, Total detected flows: 1000 Protocol Packet Arriving Source Address group type Interface MAC or IP ndpv6 router-adv ge-1/1/0.0 2001:db8::03d4 sub:0001000000000384 2015-03-13 00:21:07 PDT pps:72 pkts:547072 ndpv6 router-adv ge-1/1/0.0 2001:db8::013f sub:0001000000000385 2015-03-13 00:21:07 PDT pps:72 pkts:552704 ndpv6 router-adv ge-1/1/0.0 2001:db8::02e4 sub:0001000000000386 2015-03-13 00:21:07 PDT pps:72 pkts:726784 ndpv6 router-adv ge-1/1/0.0 2001:0db8::0102 sub:0001000000000387 2015-03-13 00:21:07 PDT pps:72 pkts:762880
show ddos-protection protocols culprit-flows for all protocols
user@host> show ddos-protection protocols culprit-flows Currently tracked flows: 1003, Total detected flows: 1003 Protocol group Packet type Arriving Interface Source Address MAC or IP pppoe padi ge-1/3/0.0 00:10:94:00:00:02 flow_id:0001000000000003 2017-09-12 16:48:58 PDT pps:2000 pkts:153606295 dhcpv4 discover ge-1/2/0.100 -- -- -- flow_id:0001000000000000 2017-09-12 16:48:56 PDT pps:1000 pkts:76805613 dhcpv4 discover ge-1/2/0.100 192.85.1.2 flow_id:0001000000000001 2017-09-12 16:48:56 PDT pps:1000 pkts:76805603 bfd aggregate ge-1/2/0.100 192.85.1.2 flow_id:0001000000000002 2017-09-12 16:48:57 PDT pps:30 pkts:2303747286 bfd aggregate ge-1/2/0.100 192.85.2.249 flow_id:0001000000000004 2017-09-13 14:08:53 PDT pps:30 pkts:203 bfd a ggregate ge-1/2/0.100 192.85.1.36 flow_id:0001000000000005 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.1.211 flow_id:0001000000000006 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.4.79 flow_id:0001000000000007 2017-09-13 14:08:53 PDT pps:30 pkts:205 bfd aggregate ge-1/2/0.100 192.85.4.219 flow_id:0001000000000008 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.2.134 flow_id:0001000000000009 2017-09-13 14:08:53 PDT pps:30 pkts:204
show ddos-protection protocols culprit-flows detail (Specific Protocol Group)
user@host> show ddos-protection protocols pppoe culprit-flows detail Currently tracked flows: 2, Total detected flows: 1000 Protocol group Packet type Arriving Interface Aggr Flow Id level pppoe padi ge-1/1/0.1 flow_id 0001000000000022 Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 00:10:94:00:00:02 Destination Address: FF:FF:FF:FF:FF:FF Found at: 2017-10-07 07:11:27 PDT Last Violation: 2017-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546724 ppoe padi ge-1/1/0.1 flow_id 000100000000031c Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 00:10:94:00:00:03 Destination Address: FF:FF:FF:FF:FF:FF Found at: 2017-10-07 07:11:27 PDT Last Violation: 2017-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546715 user@host> show ddos-protection protocols pppoe culprit-flows detail Currently tracked flows: 1, Total detected flows: 1000 Protocol Packet Arriving Aggr Flow Id group type Interface level pppoe padi ge-1/1/0.1 sub 0001000000000022 Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 2001:db8::02 Destination Address: 2001:db8::FF Found at: 2014-10-07 07:11:27 PDT Last Violation: 2014-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546724 user@host> show ddos-protection protocols ndpv6 culprit-flows detail Currently tracked flows: 1, Total detected flows: 1 Protocol Packet Arriving Aggr Flow Id group type Interface level ndpv6 router-sol ge-1/1/0.2 sub 0001000000000001 Source Address: 2001:db8::03 Destination Address: 2001:0db8::0111 Type: 133 Code: 0 Found at: 2014-10-23 11:55:20 PDT Last Violation: 2014-10-23 11:55:21 PDT Rate: 30000 pps received packets: 43469
show expanded format for dhcpv4 discover packet type
user@host> show ddos-protection protocols dhcpv4 discover Currently tracked flows: 0, Total detected flows: 0 * = User configured value Protocol Group: DHCPv4 Packet type: discover (DHCPv4 DHCPDISCOVER) Individual policer configuration: Bandwidth: 500 pps Burst: 500 packets Priority: Low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 500 pps System-wide information: Bandwidth is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Routing Engine information: Bandwidth: 500 pps, Burst: 500 packets, enabled Policer is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Dropped by aggregate policer: 0 FPC slot 1 information: Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled Policer is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Dropped by aggregate policer: 0 Dropped by flow suppression: 0
show dhcpv4 flow detection information
user@host> show ddos-protection protocols dhcpv4 flow-detection Packet types: 19, Modified: 0 * = User configured value Protocol Group: DHCPv4 Packet type: aggregate Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 5000 pps Packet type: unclassified Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 300 pps Packet type: discover Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 500 pps Packet type: offer Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps
show dhcpv4 flow detection information in brief format
user@host> show ddos-protection protocols dhcpv4 flow-detection brief Packet types: 19, Modified: 0 * = User configured value Detection mode(Op): a = automatic Flow control mode(Fc): d = drop o = on k = keep x = off p = police Protocol Packet Op Policer Aggr lvl Op:Fc:BWidth(pps)Log Time group type mode BW(pps) sub ifl ifd flow out ____________________________________________________________________ dhcpv4 aggregate auto 5000 a:d:10 a:d:10 a:d:5000 Yes No dhcpv4 unclass.. auto 300 a:d:10 a:d:10 a:d:300 Yes No dhcpv4 discover auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 offer auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 request auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 decline auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 ack auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 nak auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 release auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 inform auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 renew auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 forcerenew auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leasequery auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseuna.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseunk.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseact.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 bootp auto 300 a:d:10 a:d:10 a:d:300 Yes No dhcpv4 no-msgtype auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 bad-pack.. auto 0 a:d:10 a:d:10 a:d:0 Yes No
show global statistics
user@host> show ddos-protection statistics DDOS protection global statistics: Policing on routing engine: Yes Policing on FPC: Yes Flow detection: No Logging: Yes Policer violation report rate: 100 Flow report rate: 100 Currently violated packet types: 0 Packet types have seen violations: 0 Total violation counts: 0 Currently tracked flows: 0 Total detected flows: 0
show ddos-protection protocols culprit-flows fpc-slot
user@host> show ddos-protection protocols ndpv6 culprit-flows fpc-slot 1 Currently tracked flows: 2, Total detected flows: 2
Release Information
Command introduced in Junos OS Release 12.3.
Support for Enhanced Subscriber Management added in Junos OS Release 17.3R1.