close

keyboard_arrow_left

Table of Contents Expand all

list Table of Contents

English

show ddos-protection protocols statistics

date_range 19-Nov-23

arrow_backward

arrow_forward

Syntax

content_copy zoom_out_map
show ddos-protection protocols <protocol-group> statistics
 <brief | detail | terse>

Description

Display traffic statistics and DDoS policer violation statistics for all protocol groups or for a particular protocol group.

Note:

DDoS protection policers act on the system’s traffic queues. The QFX5100 and QFX5200 lines of switches manage traffic for more protocols than the number of queues, so the system often must map more than one protocol to the same queue. When traffic for one protocol shares a queue with other protocols and violates DDoS protection policer limits, this command reports a violation on that queue for all mapped protocols because the system doesn’t distinguish which protocol’s traffic specifically caused the violation. You can use what you know about the types of traffic flowing through your network to identify which of the reported protocols actually triggered the violation.

Options

none

Display information for all protocol groups.

brief | detail | terse

(Optional) Display the specified level of output.

brief—Display basic function information.
detail—Add information to the brief output; it is identical to the output displayed when you choose no option. The brief and detail options display information for all protocol groups, which can be a long list.
terse—Display the same level of information as the brief option but only for active protocol groups—groups that show traffic in the Received (packets) column.

protocol-group

(Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show ddos-protection protocols statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show ddos-protection protocols statistics Output Fields
Field Name	Field Description	Level of Output
`Protocol Group`	Name of protocol group.	All levels
`Packet type`	Name of packet type in protocol group.	All levels
`System-wide information`	The following information collected for the router: A message indicates whether the policer has been violated. No. of FPCs currently receiving excess traffic—Number of cards that are currently in violation of a policer. No. of FPCs that have received excess traffic—Number of cards that have at some point been in violation of a policer. Violation first detected at—Timestamp of the first violation. Violation last seen at—Timestamp of the last observed violation. Duration of violation—Length of the violation. Number of violations—Number of times the violation has occurred. Received—Number of packets received at all card slots and the Routing Engine. Dropped—Number of packets dropped regardless of where they were dropped. Arrival rate—Current traffic rate for packets arriving from all cards and at the Routing Engine. Max arrival rate—Highest traffic rate for packets arriving from all cards and at the Routing Engine.	`detail` none
`Routing Engine information`	The following information collected for the Routing Engine: A message indicates whether the policer has been violated; the policer might be passed at the individual cards, but the combined rate of packets arriving at the Routing Engine can exceed the configured policer value. Violation first detected at—Timestamp of the first violation. Violation last seen at—Timestamp of the last observed violation. Duration of violation—Length of the violation. Number of violations—Number of times the violation has occurred. Received—Number of packets received at the Routing Engine from all cards. Dropped—Number of packets dropped at the Routing Engine; includes packets dropped by the aggregate policer and by individual protocol policers. Arrival rate—Current traffic rate for packets arriving at the Routing Engine from all cards. Max arrival rate—Highest traffic rate for packets arriving at the Routing Engine from all cards. Dropped by aggregate policer—Number of packets dropped by the aggregate policer. Dropped by individual policers—Number of packets dropped by individual policer.	`detail` none
`FPC slot information`	The following information collected for the card in the indicated slot: A message indicates whether the policer has been violated Violation first detected at—Timestamp of the first violation Violation last seen at—Timestamp of the last observed violation Duration of violation—Length of the violation Number of violations—Number of times the violation has occurred Received—Number of packets received on the line card Dropped—Number of packets dropped at the line card; includes packets dropped by the aggregate policer and by individual protocol policers Arrival rate—Current traffic rate for packets arriving at the line card Max arrival rate—Highest traffic rate for packets arriving at the line card Dropped by this policer—Number of packets dropped by the individual policer Dropped by aggregate policer—Number of packets dropped by the aggregate policer	`detail` none
`Received (packets)`	Number of packets of this packet type or protocol group received at all cards and the Routing Engine.	`briefterse`
`Dropped (packets)`	Number of packets dropped for this packet type or protocol group, regardless of where the packets were dropped.	`briefterse`
`Rate (pps)`	Highest observed traffic rate for this packet type or protocol group.	`briefterse`
`Violation counts`	Number of violations of the policer bandwidth.	`briefterse`
`State`	Violation state of the packet type: `ok`—Policer has not been violated for this packet type `viol`—Policer has been violated for this packet type	`briefterse`

Sample Output

show ddos-protection protocols statistics
show ddos-protection protocols statistics brief
show ddos-protection protocols statistics terse
show ddos-protection protocols pppoe statistics
show ddos-protection protocols pppoe statistics brief