show ddos-protection protocols violations
Syntax
show ddos-protection protocols <protocol-group> violations
Description
Display information about control plane DDoS protection policer violations for all protocol groups or for a particular protocol group.
Control plane DDoS protection policers act on the system’s traffic queues. The QFX5100 and QFX5200 lines of switches manage traffic for more protocols than the number of queues, so the system often must map more than one protocol to the same queue. When traffic for one protocol shares a queue with other protocols and violates DDoS protection policer limits, this command reports a violation on that queue for all mapped protocols because the system doesn’t distinguish which protocol’s traffic specifically caused the violation. You can use what you know about the types of traffic flowing through your network to identify which of the reported protocols actually triggered the violation.
Options
| none | Display information for all protocol groups. |
| protocol-group | (Optional) Name of a particular protocol group. See show ddos-protection protocols for a list of available groups. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show ddos-protection protocols violations command. Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number of individual policers and aggregate policers that are currently being violated |
|
Name of protocol group |
|
Name of packet type in protocol group |
|
Policer bandwidth |
|
Current traffic rate for packets arriving from all cards and at the Routing Engine |
|
Highest traffic rate for packets arriving from all cards and at the Routing Engine |
|
Timestamp of the policer violation |
|
Slot number of the card on which the violation was detected |
Sample Output
- show ddos-protection protocols violations
- show ddos-protection protocols lldp violations
- show ddos-protection protocols pppoe violations
show ddos-protection protocols violations
user@host> show ddos-protection protocols violations
Number of packet types that are being violated: 2
Protocol Packet Bandwidth Arrival Peak Policer bandwidth
group type (pps) rate(pps) rate(pps) violation detected at
pppoe padi 500 2000 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
pppoe padr 500 1999 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
show ddos-protection protocols lldp violations
user@host> show ddos-protection protocols lldp violations Number of packet types that are being violated: 0
show ddos-protection protocols pppoe violations
user@host> show ddos-protection protocols pppoe violations
Number of packet types that are being violated: 2
Protocol Packet Bandwidth Arrival Peak Policer bandwidth
group type (pps) rate(pps) rate(pps) violation detected at
pppoe padi 500 2000 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
pppoe padr 500 1999 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
Release Information
Command introduced in Junos OS Release 11.2.