show ddos-protection protocols flow-detection

Syntax

Description

Display flow detection information for all protocol groups or for a particular protocol group.

Options

none

Display information for all protocol groups.

brief | detail | terse

(Optional) Display the specified level of output.

brief—Display basic function information.
detail—Add information to the brief output; it is identical to the output displayed when you choose no option. The brief and detail options display information for all protocol groups, which can be a long list.
terse—Display the same level of information as the brief option but only for active protocol groups.

protocol-group

(Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show ddos-protection protocols flow-detection command. Output fields are listed in the approximate order in which they appear.

Table 1: show ddos-protection protocols flow-detection Output Fields
Field Name	Field Description	Level of Output
`Packet types`	Number of packet types.	All levels
`Modified`	Number of packets for which policer values have been modified from the default.	All levels
`Protocol Group`	Name of protocol group.	All levels
`Packet type`	Name of packet type in protocol group.	All levels
`Flow detection configuration`	Configuration of flow detection at the packet level.	`detail` none
`Detection mode` or `Op mode`	Mode of operation for flow detection at the packet level: `Automatic` or `a`—Search flows only when a policer is being violated. `Off` or `x`—Never search flows even when a policer is being violated. `On` or `o`—Search flows even when no policer is being violated.	All levels
Policer BW (pps)	Bandwidth allowed at the packet level.	`briefterse`
`Detect time`	Time in seconds that a suspicious flow that has exceeded the bandwidth allowed for the packet type must remain in violation to be confirmed as a culprit flow.	`detail` none
`Log flows` or `Log flow`	State of automatic logging of suspicious traffic flows for the packet type: on (`Yes`) or off (`No`).	All levels
`Recover time`	Time in seconds that must pass before a culprit flow for the packet type is considered to have returned to normal. The period starts when the flow drops below the threshold that triggered the last violation.	`detail` none
`Timeout flows` or `Time out`	State of timeout enabling for culprit flows: `Yes`—Enabled; flows can time out (released from suppression) when a timeout period expires, regardless of whether flow is still in violation. `No`—Disabled; flows are not allowed to time out.	All levels
`Timeout time`	Time in seconds that a culprit flow is suppressed. On expiration, the flow times out even if it is still violating the bandwidth limit.	`detail` none
`Flow aggregation level configuration`	Configuration of flow detection for each flow aggregation level.	`detail` none
`Aggregation level` or `Agg level`	One of three levels of flow aggregation `Subscriber` or `sub` `Logical interface` or `ifl` `Physical interface` or `ifd`	All levels
`Detection mode` or `Op`	Mode of operation for flow detection at the flow aggregation level: `Automatic`—Search flows only when a policer is being violated. `Off`—Never search flows even when a policer is being violated. `On`—Search flows even when no policer is being violated.	All levels
`Control mode` or `Fc`	Mode by which traffic in a culprit flow is handled. `drop`—Drop all traffic in flow. `keep`—Keep all traffic in flow. `police`—Police the traffic to within its allowed bandwidth.	All levels
`Flow rate` or BWidth (pps)	Bandwidth allowed at the flow aggregation level.	`briefterse`

Sample Output

show ddos-protection protocols flow-detection
show ddos-protection protocols flow-detection brief (Parameters for a Specific Protocol)