show ddos-protection protocols culprit-flows
语法
show ddos-protection protocols <protocol-group (aggregate | packet-type)> culprit-flows
描述
显示协议组或单个数据包类型的罪魁祸首流量信息。
选项
none | 显示所有协议组和数据包类型的信息。 |
brief | detail | (选答)显示指定的输出级别。 |
fpc-slot | (选答)显示指定灵活 PIC 集中器 (FPC) 插槽的信息。
|
summary | (选答)显示流信息摘要。 |
aggregate | (选答)显示聚合监管器的 DDoS 保护信息。该 |
packet-type | (选答)显示协议组中指定数据包类型的信息。可用的数据包类型因协议组而异。 有关可用数据包类型的列表,请参阅 显示 DDoS 保护协议 。 |
protocol-group | (选答)显示特定协议组的信息。 有关可用组的列表,请参阅 show ddos-protection protocols 。 |
所需权限级别
视图
输出字段
表 1 列出了命令 show ddos-protection protocols culprit-flows
的输出字段。输出字段按其出现的大致顺序列出。
字段名称 |
字段说明 |
输出级别 |
---|---|---|
|
通过流量检测作为罪魁祸首流进行跟踪的活动流数。 |
所有级别 |
|
已检测到的罪魁祸首流总数,包括已恢复或超时的罪魁祸首流。 |
所有级别 |
|
协议组的名称。 |
|
|
协议组中数据包类型的名称。 |
|
|
流量到达的逻辑接口。 |
|
|
显示flow_id,例如flow_id 0001000000000022 |
|
|
流量的源地址,可以是 MAC 地址,也可以是 IP 地址。 |
|
|
流量的目标地址,可以是 MAC 地址,也可以是 IP 地址。 |
|
|
源端口号。 |
|
|
目标端口号。 |
|
|
每秒数据包中的流量速率。 |
|
|
每秒数据包中的流量速率。 |
|
|
流量中接收的数据包数。 |
|
|
流量中接收的数据包数。 |
|
其他信息: |
自动分配给流的流 ID 号,其中包含嵌入的插槽 ID。流 ID 以 时间戳,用于标识流到达接口的时间。 |
|
示例输出
- 显示 DDoS 保护协议罪魁祸首简述
- 显示 DDoS 保护协议 所有协议的罪魁祸首流
- show ddos protection protocols culprit-flows detail(特定协议组)
- 显示 DHCPv4 的扩展格式 发现数据包类型
- 显示 DHCPv4 流量检测信息
- 以简短格式显示 DHCPv4 流检测信息
- 显示全局统计数据
- 显示 DDoS 保护协议 罪魁祸首流 FPC 插槽
显示 DDoS 保护协议罪魁祸首简述
user@host> show ddos-protection protocols culprit-flows brief Currently tracked flows: 1000, Total detected flows: 1000 Protocol Packet Arriving Source Address group type Interface MAC or IP ndpv6 router-adv ge-1/1/0.0 2001:db8::03d4 sub:0001000000000384 2015-03-13 00:21:07 PDT pps:72 pkts:547072 ndpv6 router-adv ge-1/1/0.0 2001:db8::013f sub:0001000000000385 2015-03-13 00:21:07 PDT pps:72 pkts:552704 ndpv6 router-adv ge-1/1/0.0 2001:db8::02e4 sub:0001000000000386 2015-03-13 00:21:07 PDT pps:72 pkts:726784 ndpv6 router-adv ge-1/1/0.0 2001:0db8::0102 sub:0001000000000387 2015-03-13 00:21:07 PDT pps:72 pkts:762880
显示 DDoS 保护协议 所有协议的罪魁祸首流
user@host> show ddos-protection protocols culprit-flows Currently tracked flows: 1003, Total detected flows: 1003 Protocol group Packet type Arriving Interface Source Address MAC or IP pppoe padi ge-1/3/0.0 00:10:94:00:00:02 flow_id:0001000000000003 2017-09-12 16:48:58 PDT pps:2000 pkts:153606295 dhcpv4 discover ge-1/2/0.100 -- -- -- flow_id:0001000000000000 2017-09-12 16:48:56 PDT pps:1000 pkts:76805613 dhcpv4 discover ge-1/2/0.100 192.85.1.2 flow_id:0001000000000001 2017-09-12 16:48:56 PDT pps:1000 pkts:76805603 bfd aggregate ge-1/2/0.100 192.85.1.2 flow_id:0001000000000002 2017-09-12 16:48:57 PDT pps:30 pkts:2303747286 bfd aggregate ge-1/2/0.100 192.85.2.249 flow_id:0001000000000004 2017-09-13 14:08:53 PDT pps:30 pkts:203 bfd a ggregate ge-1/2/0.100 192.85.1.36 flow_id:0001000000000005 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.1.211 flow_id:0001000000000006 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.4.79 flow_id:0001000000000007 2017-09-13 14:08:53 PDT pps:30 pkts:205 bfd aggregate ge-1/2/0.100 192.85.4.219 flow_id:0001000000000008 2017-09-13 14:08:53 PDT pps:30 pkts:204 bfd aggregate ge-1/2/0.100 192.85.2.134 flow_id:0001000000000009 2017-09-13 14:08:53 PDT pps:30 pkts:204
show ddos protection protocols culprit-flows detail(特定协议组)
user@host> show ddos-protection protocols pppoe culprit-flows detail Currently tracked flows: 2, Total detected flows: 1000 Protocol group Packet type Arriving Interface Aggr Flow Id level pppoe padi ge-1/1/0.1 flow_id 0001000000000022 Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 00:10:94:00:00:02 Destination Address: FF:FF:FF:FF:FF:FF Found at: 2017-10-07 07:11:27 PDT Last Violation: 2017-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546724 ppoe padi ge-1/1/0.1 flow_id 000100000000031c Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 00:10:94:00:00:03 Destination Address: FF:FF:FF:FF:FF:FF Found at: 2017-10-07 07:11:27 PDT Last Violation: 2017-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546715 user@host> show ddos-protection protocols pppoe culprit-flows detail Currently tracked flows: 1, Total detected flows: 1000 Protocol Packet Arriving Aggr Flow Id group type Interface level pppoe padi ge-1/1/0.1 sub 0001000000000022 Ethertype: 0x0 outer-vlan: 100 inner-vlan: --- Source Address: 2001:db8::02 Destination Address: 2001:db8::FF Found at: 2014-10-07 07:11:27 PDT Last Violation: 2014-10-07 07:43:24 PDT Rate: 9995 pps received packets: 18546724 user@host> show ddos-protection protocols ndpv6 culprit-flows detail Currently tracked flows: 1, Total detected flows: 1 Protocol Packet Arriving Aggr Flow Id group type Interface level ndpv6 router-sol ge-1/1/0.2 sub 0001000000000001 Source Address: 2001:db8::03 Destination Address: 2001:0db8::0111 Type: 133 Code: 0 Found at: 2014-10-23 11:55:20 PDT Last Violation: 2014-10-23 11:55:21 PDT Rate: 30000 pps received packets: 43469
显示 DHCPv4 的扩展格式 发现数据包类型
user@host> show ddos-protection protocols dhcpv4 discover Currently tracked flows: 0, Total detected flows: 0 * = User configured value Protocol Group: DHCPv4 Packet type: discover (DHCPv4 DHCPDISCOVER) Individual policer configuration: Bandwidth: 500 pps Burst: 500 packets Priority: Low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 500 pps System-wide information: Bandwidth is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Routing Engine information: Bandwidth: 500 pps, Burst: 500 packets, enabled Policer is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Dropped by aggregate policer: 0 FPC slot 1 information: Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled Policer is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Dropped by aggregate policer: 0 Dropped by flow suppression: 0
显示 DHCPv4 流量检测信息
user@host> show ddos-protection protocols dhcpv4 flow-detection Packet types: 19, Modified: 0 * = User configured value Protocol Group: DHCPv4 Packet type: aggregate Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 5000 pps Packet type: unclassified Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 300 pps Packet type: discover Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps Physical interface Automatic Drop 500 pps Packet type: offer Flow detection configuration: Detection mode: Automatic Detect time: 3 seconds Log flows: Yes Recover time: 60 seconds Timeout flows: No Timeout time: 300 seconds Flow aggregation level configuration: Aggregation level Detection mode Control mode Flow rate Subscriber Automatic Drop 10 pps Logical interface Automatic Drop 10 pps
以简短格式显示 DHCPv4 流检测信息
user@host> show ddos-protection protocols dhcpv4 flow-detection brief Packet types: 19, Modified: 0 * = User configured value Detection mode(Op): a = automatic Flow control mode(Fc): d = drop o = on k = keep x = off p = police Protocol Packet Op Policer Aggr lvl Op:Fc:BWidth(pps)Log Time group type mode BW(pps) sub ifl ifd flow out ____________________________________________________________________ dhcpv4 aggregate auto 5000 a:d:10 a:d:10 a:d:5000 Yes No dhcpv4 unclass.. auto 300 a:d:10 a:d:10 a:d:300 Yes No dhcpv4 discover auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 offer auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 request auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 decline auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 ack auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 nak auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 release auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 inform auto 500 a:d:10 a:d:10 a:d:500 Yes No dhcpv4 renew auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 forcerenew auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leasequery auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseuna.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseunk.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 leaseact.. auto 2000 a:d:10 a:d:10 a:d:2000 Yes No dhcpv4 bootp auto 300 a:d:10 a:d:10 a:d:300 Yes No dhcpv4 no-msgtype auto 1000 a:d:10 a:d:10 a:d:1000 Yes No dhcpv4 bad-pack.. auto 0 a:d:10 a:d:10 a:d:0 Yes No
显示全局统计数据
user@host> show ddos-protection statistics DDOS protection global statistics: Policing on routing engine: Yes Policing on FPC: Yes Flow detection: No Logging: Yes Policer violation report rate: 100 Flow report rate: 100 Currently violated packet types: 0 Packet types have seen violations: 0 Total violation counts: 0 Currently tracked flows: 0 Total detected flows: 0
显示 DDoS 保护协议 罪魁祸首流 FPC 插槽
user@host> show ddos-protection protocols ndpv6 culprit-flows fpc-slot 1 Currently tracked flows: 2, Total detected flows: 2
发布信息
在 Junos OS 12.3 版中引入的命令。
在 Junos OS 17.3R1 版中添加了对增强型订阅者管理的支持。