show ddos-protection protocols statistics
Syntax
show ddos-protection protocols <protocol-group> statistics<brief | detail | terse>
Description
Display traffic statistics and DDoS policer violation statistics for all protocol groups or for a particular protocol group.
DDoS protection policers act on the system’s traffic queues. The QFX5100 and QFX5200 lines of switches manage traffic for more protocols than the number of queues, so the system often must map more than one protocol to the same queue. When traffic for one protocol shares a queue with other protocols and violates DDoS protection policer limits, this command reports a violation on that queue for all mapped protocols because the system doesn’t distinguish which protocol’s traffic specifically caused the violation. You can use what you know about the types of traffic flowing through your network to identify which of the reported protocols actually triggered the violation.
Options
| none | Display information for all protocol groups. |
| brief | detail | terse | (Optional) Display the specified level of output.
|
| protocol-group | (Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show ddos-protection protocols statistics command. Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Name of protocol group. |
All levels |
|
Name of packet type in protocol group. |
All levels |
|
The following information collected for the router:
|
|
|
The following information collected for the Routing Engine:
|
|
|
The following information collected for the card in the indicated slot:
|
|
|
Number of packets of this packet type or protocol group received at all cards and the Routing Engine. |
|
|
Number of packets dropped for this packet type or protocol group, regardless of where the packets were dropped. |
|
|
Highest observed traffic rate for this packet type or protocol group. |
|
|
Number of violations of the policer bandwidth. |
|
|
Violation state of the packet type:
|
|
Sample Output
- show ddos-protection protocols statistics
- show ddos-protection protocols statistics brief
- show ddos-protection protocols statistics terse
- show ddos-protection protocols pppoe statistics
- show ddos-protection protocols pppoe statistics brief
show ddos-protection protocols statistics
user@host> show ddos-protection protocols statistics
Protocol Group: IPv4-Unclassified
Packet type: aggregate
System-wide information:
Aggregate bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Aggregate policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by individual policers: 0
FPC slot 1 information:
Aggregate policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by individual policers: 0
Protocol Group: IPv6-Unclassified
Packet type: aggregate
System-wide information:
Aggregate bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Aggregate policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by individual policers: 0
FPC slot 1 information:
Aggregate policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by individual policers: 0
Protocol Group: PPPoE
Packet type: aggregate
System-wide information:
Aggregate bandwidth is never violated
Received: 61961244 Arrival rate: 4000 pps
Dropped: 0 Max arrival rate: 4002 pps
Routing Engine information:
Aggregate policer is never violated
Received: 15488871 Arrival rate: 1001 pps
Dropped: 0 Max arrival rate: 1011 pps
Dropped by individual policers: 0
FPC slot 1 information:
Aggregate policer is never violated
Received: 61961244 Arrival rate: 4000 pps
Dropped: 46473017 Max arrival rate: 4002 pps
Dropped by individual policers: 46473017
Packet type: padi
System-wide information:
Bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:41:23 PDT
Duration of violation: 04:18:06 Number of violations: 1
Received: 30980622 Arrival rate: 2000 pps
Dropped: 23236505 Max arrival rate: 2001 pps
Routing Engine information:
Policer is never violated
Received: 7744433 Arrival rate: 500 pps
Dropped: 0 Max arrival rate: 505 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is currently being violated!
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:41:23 PDT
Duration of violation: 04:18:06 Number of violations: 1
Received: 30980622 Arrival rate: 2000 pps
Dropped: 23236505 Max arrival rate: 2001 pps
Dropped by this policer: 23236505
Dropped by aggregate policer: 0
Packet type: pado
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padr
System-wide information:
Bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:43:23 PDT
Duration of violation: 04:20:06 Number of violations: 1
Received: 31220846 Arrival rate: 2000 pps
Dropped: 23416690 Max arrival rate: 2001 pps
Routing Engine information:
Policer is never violated
Received: 7806417 Arrival rate: 499 pps
Dropped: 0 Max arrival rate: 506 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is currently being violated!
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:43:23 PDT
Duration of violation: 04:20:06 Number of violations: 1
Received: 31220846 Arrival rate: 2000 pps
Dropped: 23416690 Max arrival rate: 2001 pps
Dropped by this policer: 23416690
Dropped by aggregate policer: 0
Packet type: pads
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padt
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padm
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padn
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
...show ddos-protection protocols statistics brief
user@host> show ddos-protection protocols statistics brief Protocol Packet Received Dropped Rate Violation State group type (packets) (packets) (pps) counts ipv4-uncls aggregate 0 0 0 0 ok ipv6-uncls aggregate 0 0 0 0 ok dynvlan aggregate 0 0 0 0 ok ppp aggregate 0 0 0 0 ok ppp unclass 0 0 0 0 ok ppp lcp 0 0 0 0 ok ppp auth 0 0 0 0 ok ppp ipcp 0 0 0 0 ok ppp ipv6cp 0 0 0 0 ok ppp mplscp 0 0 0 0 ok ppp isis 0 0 0 0 ok pppoe aggregate 61561238 0 4000 0 ok pppoe padi 30780619 23086506 2000 1 viol pppoe pado 0 0 0 0 ok pppoe padr 30780619 23086499 2000 1 viol pppoe pads 0 0 0 0 ok pppoe padt 0 0 0 0 ok pppoe padm 0 0 0 0 ok pppoe padn 0 0 0 0 ok dhcpv4 aggregate 0 0 0 0 ok dhcpv4 unclass.. 0 0 0 0 ok dhcpv4 discover 0 0 0 0 ok dhcpv4 offer 0 0 0 0 ok dhcpv4 request 0 0 0 0 ok dhcpv4 decline 0 0 0 0 ok dhcpv4 ack 0 0 0 0 ok dhcpv4 nak 0 0 0 0 ok dhcpv4 release 0 0 0 0 ok dhcpv4 inform 0 0 0 0 ok dhcpv4 renew 0 0 0 0 ok dhcpv4 forcerenew 0 0 0 0 ok dhcpv4 leasequery 0 0 0 0 ok dhcpv4 leaseuna.. 0 0 0 0 ok dhcpv4 leaseunk.. 0 0 0 0 ok dhcpv4 leaseact.. 0 0 0 0 ok dhcpv4 bootp 0 0 0 0 ok dhcpv4 no-msgtype 0 0 0 0 ok dhcpv4 bad-pack.. 0 0 0 0 ok ... icmp aggregate 0 0 0 0 ok igmp aggregate 0 0 0 0 ok ospf aggregate 0 0 0 0 ok rsvp aggregate 0 0 0 0 ok pim aggregate 0 0 0 0 ok rip aggregate 0 0 0 0 ok ptp aggregate 0 0 0 0 ok bfd aggregate 0 0 0 0 ok lmp aggregate 0 0 0 0 ok ldp aggregate 0 0 0 0 ok msdp aggregate 0 0 0 0 ok bgp aggregate 0 0 0 0 ok vrrp aggregate 0 0 0 0 ok telnet aggregate 0 0 0 0 ok ...
show ddos-protection protocols statistics terse
user@host> show ddos-protection protocols statistics terse Protocol Packet Received Dropped Rate Violation State group type (packets) (packets) (pps) counts ipv4-uncls aggregate 241 0 0 0 ok icmp aggregate 20 0 0 0 ok igmp aggregate 55 0 0 0 ok ospf aggregate 956 0 0 0 ok rsvp aggregate 784 0 0 0 ok ldp aggregate 2984 0 0 0 ok bgp aggregate 312 0 0 0 ok lacp aggregate 1744 0 0 0 ok stp aggregate 9791 0 0 0 ok arp aggregate 19 0 0 0 ok pvstp aggregate 393 0 0 0 ok mlp aggregate 624774 0 0 0 ok mlp packets 1714371 223937 0 3 ok mcast-copy aggregate 3018038 0 0 0 ok igmp-snoop aggregate 43 0 0 0 ok fw-host aggregate 95547 0 0 0 ok uncls aggregate 10000 0 0 0 ok
show ddos-protection protocols pppoe statistics
user@host> show ddos-protection protocols pppoe statistics
Protocol Group: PPPoE
Packet type: aggregate
System-wide information:
Aggregate bandwidth is never violated
Received: 60381200 Arrival rate: 4000 pps
Dropped: 0 Max arrival rate: 4002 pps
Routing Engine information:
Aggregate policer is never violated
Received: 15095242 Arrival rate: 1001 pps
Dropped: 0 Max arrival rate: 1011 pps
Dropped by individual policers: 0
FPC slot 1 information:
Aggregate policer is never violated
Received: 60381200 Arrival rate: 4000 pps
Dropped: 45287921 Max arrival rate: 4002 pps
Dropped by individual policers: 45287921
Packet type: padi
System-wide information:
Bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:34:48 PDT
Duration of violation: 04:11:31 Number of violations: 1
Received: 30190600 Arrival rate: 2000 pps
Dropped: 22643960 Max arrival rate: 2001 pps
Routing Engine information:
Policer is never violated
Received: 7547621 Arrival rate: 499 pps
Dropped: 0 Max arrival rate: 505 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is currently being violated!
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:34:48 PDT
Duration of violation: 04:11:31 Number of violations: 1
Received: 30190600 Arrival rate: 2000 pps
Dropped: 22643960 Max arrival rate: 2001 pps
Dropped by this policer: 22643960
Dropped by aggregate policer: 0
Packet type: pado
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padr
System-wide information:
Bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:34:48 PDT
Duration of violation: 04:11:31 Number of violations: 1
Received: 30190600 Arrival rate: 2000 pps
Dropped: 22643961 Max arrival rate: 2001 pps
Routing Engine information:
Policer is never violated
Received: 7547621 Arrival rate: 501 pps
Dropped: 0 Max arrival rate: 506 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is currently being violated!
Violation first detected at: 2011-04-19 08:23:17 PDT
Violation last seen at: 2011-04-19 12:34:48 PDT
Duration of violation: 04:11:31 Number of violations: 1
Received: 30190600 Arrival rate: 2000 pps
Dropped: 22643961 Max arrival rate: 2001 pps
Dropped by this policer: 22643961
Dropped by aggregate policer: 0
Packet type: pads
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padt
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Routing Engine information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padm
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
Packet type: padn
System-wide information:
Bandwidth is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
FPC slot 1 information:
Policer is never violated
Received: 0 Arrival rate: 0 pps
Dropped: 0 Max arrival rate: 0 pps
Dropped by aggregate policer: 0
show ddos-protection protocols pppoe statistics brief
user@host> show ddos-protection protocols pppoe statistics brief Protocol Packet Received Dropped Rate Violation State group type (packets) (packets) (pps) counts pppoe aggregate 60901227 0 4000 0 ok pppoe padi 30450613 22838981 2000 1 viol pppoe pado 0 0 0 0 ok pppoe padr 30450614 22838977 2000 1 viol pppoe pads 0 0 0 0 ok pppoe padt 0 0 0 0 ok pppoe padm 0 0 0 0 ok pppoe padn 0 0 0 0 ok
Release Information
Command introduced in Junos OS Release 11.2.