Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show ddos-protection protocols parameters

Syntax

Description

Display DDoS protection configuration information for all protocol groups or for a particular protocol group.

Starting in Junos OS Release 22.3R1, on MX Series and EX9200 Series devices, we’ve updated the default bandwidth value from 20000 to 100 pps and burst policer value from 20000 to 100 packets. This enhancement avoids the CPU usage of eventd and snmpd reaching more than 100%. Earlier to this release, when the system receives a violated traffic for SNMP along with other protocols traffic, the CPU usage of eventd and snmpd was reaching more than 100% with an error.

Starting in Junos OS Evolved Release 23.2R2, on PTX Series devices, the show ddos-protection protocols statistics displays the Max arrival rate and Arrival rate output values as expected. Earlier to this release, the Max arrival rate and Arrival rate output values were displayed larger than expected.

Options

none

Display information for all protocol groups.

brief | detail | terse

(Optional) Display the specified level of output.

  • brief—Display basic function information.

  • detail—Add information to the brief output; it is identical to the output displayed when you choose no option. The brief and detail options display information for all protocol groups, which can be a long list.

  • terse—Display the same level of information as the brief option but only for active protocol groups—groups that show traffic in the Received (packets) column.

protocol-group

(Optional) Display information for a particular protocol group. See show ddos-protection protocols for a list of available groups.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show ddos-protection protocols parameters command. Output fields are listed in the approximate order in which they appear.

Table 1: show ddos-protection protocols parameters Output Fields

Field Name

Field Description

Level of Output

Protocol Group

Name of protocol group.

All levels

Packet type

Name of packet type in protocol group.

All levels

Bandwidth

Bandwidth policer value; number of packets per second that is allowed before a violation is declared.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Burst

Burst policer value; the maximum number of packets that is allowed in a burst before a violation is declared.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Priority

Priority of the packet type in the event of traffic congestion: low, medium, or high. Lower priority packets can be dropped when insufficient bandwidth is available.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Recover time

Time that must pass since the last violation before the traffic flow is considered to have recovered from the attack. A notification is generated when the timer expires.

In the brief output, an asterisk indicates the value has been modified from the default.

All levels

Enabled

State of the policer, enabled (Yes) or disabled (No).

detail none

Bypass aggregate

State of the bypass aggregate configuration:

  • Yes—The aggregate policer is bypassed.

  • No—The aggregate policer is enforced.

This field appears only for individual policers.

detail none

FPC slot information

The following configuration information for the card in the indicated slot:

  • Bandwidth—Bandwidth scale and the number of packets per second that is allowed before a violation is declared

  • Burst—Burst scale and the maximum number of packets that is allowed in a burst before a violation is declared

  • enabled or disabled—State of the line card policer

detail none

Number of policers modified

Number of policers that have been changed from the default configuration.

An asterisk by a particular value indicates that value has been modified.

briefterse

Policer Enabled

State of the policer, enabled (Yes), disabled (No), or partially disabled (part.); part. indicates that only some of the policer instances are disabled for the policer.

briefterse

Bypass aggr.

State of the bypass aggregate configuration:

  • Yes—The aggregate policer is bypassed.

  • No—The aggregate policer is enforced.

Dashes indicate that the bypass aggregate configuration is not available; this is possible only for aggregate policers.

briefterse

FPC Mod

Indicates whether configuration has changed from the default for any line cards.

  • No—The default configuration has not changed from the default for the packet type.

  • Yes—The default configuration has changed from the default for the packet type

briefterse

Sample Output

show ddos-protection protocols parameters

show ddos-protection protocols parameters brief

show ddos-protection protocols dhcpv4 parameters brief

show ddos-protection protocols dhcpv4 parameters terse

show ddos-protection protocols dhcpv4 parameters

show ddos-protection protocols snmp parameters (Starting in Junos OS Release 22.3R1)

Release Information

Command introduced in Junos OS Release 11.2.