show ddos-protection protocols parameters
语法
show ddos-protection protocols <protocol-group> parameters
<brief | detail | terse>
描述
显示所有协议组或特定协议组的 DDoS 防护配置信息。
从 Junos OS 版本 22.3R1 开始,在 MX 系列和 EX9200 系列设备上,我们已将默认带宽值从 20000 更新为 100 pps,将突发监管器值从 20000 更新为 100 个数据包。此增强功能避免了 CPU 使用率eventd
snmpd
并达到 100% 以上。在此版本的早期版本中,当系统收到 SNMP 的违规流量以及其他协议流量时,和snmpd
的 eventd
CPU 使用率达到 100% 以上并出现错误。
选项
none | 显示所有协议组的信息。 |
brief | detail | terse | (可选)显示指定的输出级别。
|
protocol-group | (可选)显示特定协议组的信息。有关可用组的列表,请参阅 显示 DDoS 保护协议 。 |
所需权限级别
视图
输出字段
表 1 列出了命令 show ddos-protection protocols parameters
的输出字段。输出字段按其出现的大致顺序列出。
字段名称 |
字段说明 |
输出级别 |
---|---|---|
|
协议组的名称。 |
所有级别 |
|
协议组中数据包类型的名称。 |
所有级别 |
|
带宽监管器值;在声明冲突之前每秒允许的数据包数。 在输出中 |
所有级别 |
|
突发监管器值;在声明冲突之前突发中允许的最大数据包数。 在输出中 |
所有级别 |
|
发生流量拥堵时数据包类型的优先级: 在输出中 |
所有级别 |
|
自上次违规以来必须经过的时间,然后流量才被视为已从攻击中恢复。计时器过期时将生成通知。 在输出中 |
所有级别 |
|
监管器的状态,启用 ( |
|
|
绕过聚合配置的状态:
此字段仅对单个监管器显示。 |
|
|
指示插槽中卡的以下配置信息:
|
|
|
已从默认配置更改的监管器数。 特定值的星号表示该值已被修改。 |
|
|
监管器的状态、已启用 ( |
|
|
绕过聚合配置的状态:
破折号表示旁路聚合配置不可用;这仅适用于聚合监管器。 |
|
|
指示配置是否已从任何线卡的默认值更改。
|
|
示例输出
- 显示 DDoS 防护协议参数
- 显示 DDoS 防护协议参数简介
- 显示 DDoS 防护协议 DHCPv4 参数简介
- 显示 DDoS 防护协议 DHCPv4 参数简洁
- 显示 DDoS 防护协议 DHCPv4 参数
- 显示 DDoS 防护协议 SNMP 参数(从 Junos OS 22.3R1 版开始)
显示 DDoS 防护协议参数
user@host> show ddos-protection protocols parameters Protocol Group: IPv4-Unclassified Packet type: aggregate (Aggregate for unclassified host-bound IPv4 traffic) Aggregate policer configuration: Bandwidth: 20000 pps Burst: 20000 packets Priority: medium Recover time: 300 seconds Enabled: Yes FPC slot 1 information: Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled Protocol Group: IPv6-Unclassified Packet type: aggregate (Aggregate for unclassified host-bound IPv6 traffic) Aggregate policer configuration: Bandwidth: 20000 pps Burst: 20000 packets Priority: medium Recover time: 300 seconds Enabled: Yes FPC slot 1 information: Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled ... Protocol Group: PPPoE Packet type: aggregate (Aggregate for all PPPoE control traffic) Aggregate policer configuration: Bandwidth: 800 pps Burst: 2000 packets Priority: medium Recover time: 300 seconds Enabled: Yes FPC slot 1 information: Bandwidth: 100% (800 pps), Burst: 100% (2000 packets), enabled Packet type: padi (PPPoE PADI) Individual policer configuration: Bandwidth: 500 pps Burst: 500 packets Priority: low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled Packet type: pado (PPPoE PADO) Individual policer configuration: Bandwidth: 0 pps Burst: 0 packets Priority: low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (0 pps), Burst: 100% (0 packets), enabled Packet type: padr (PPPoE PADR) Individual policer configuration: Bandwidth: 500 pps Burst: 500 packets Priority: medium Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (500 pps), Burst: 100% (500 packets), enabled
显示 DDoS 防护协议参数简介
user@host> show ddos-protection protocols parameters brief Number of policers modified: 3 Protocol Packet Bandwidth Burst Priority Recover Policer Bypass FPC group type (pps) (pkts) time(sec) enabled aggr. mod ipv4-uncls aggregate 20000 20000 medium 300 yes -- no ipv6-uncls aggregate 20000 20000 medium 300 yes -- no dynvlan aggregate 1000 500 low 300 yes -- no ppp aggregate 16000 16000 medium 300 yes -- no ppp unclass 1000 500 low 300 yes no no ppp lcp 12000 12000 low 300 yes no no ppp auth 2000 2000 medium 300 yes no no ppp ipcp 2000 2000 high 300 yes no no ppp ipv6cp 2000 2000 high 300 yes no no ppp mplscp 2000 2000 high 300 yes no no ppp isis 2000 2000 high 300 yes no no pppoe aggregate 800* 2000 medium 300 part.* -- no pppoe padi 500 500 low 300 part. no no pppoe pado 0 0 low 300 part. no no pppoe padr 500 500 medium 300 part. no no pppoe pads 0 0 low 300 part. no no pppoe padt 1000 1000 high 300 part. no no pppoe padm 0 0 low 300 part. no no pppoe padn 0 0 low 300 part. no no dhcpv4 aggregate 669* 5000 medium 300 yes -- no dhcpv4 unclass.. 300 150 low 300 yes no no dhcpv4 discover 100* 500 low 300 yes no no dhcpv4 offer 1000 1000 low 300 yes no no dhcpv4 request 1000 1000 medium 300 yes no no dhcpv4 decline 500 500 low 300 yes no no dhcpv4 ack 500 500 medium 300 yes no no dhcpv4 nak 500 500 low 300 yes no no dhcpv4 release 2000 2000 high 300 yes no no dhcpv4 inform 500 500 low 300 yes no no dhcpv4 renew 2000 2000 high 300 yes no no dhcpv4 forcerenew 2000 2000 high 300 yes no no dhcpv4 leasequery 2000 2000 high 300 yes no no dhcpv4 leaseuna.. 2000 2000 high 300 yes no no dhcpv4 leaseunk.. 2000 2000 high 300 yes no no dhcpv4 leaseact.. 2000 2000 high 300 yes no no dhcpv4 bootp 300 300 low 300 yes no no dhcpv4 no-msgtype 0 0 low 300 yes no no dhcpv4 bad-pack.. 0 0 low 300 yes no no ... icmp aggregate 20000 20000 high 300 yes -- no igmp aggregate 20000 20000 high 300 yes -- no ospf aggregate 20000 20000 high 300 yes -- no rsvp aggregate 20000 20000 high 300 yes -- no pim aggregate 20000 20000 high 300 yes -- no rip aggregate 20000 20000 high 300 yes -- no ptp aggregate 20000 20000 high 300 yes -- no bfd aggregate 20000 20000 high 300 yes -- no lmp aggregate 20000 20000 high 300 yes -- no ldp aggregate 20000 20000 high 300 yes -- no msdp aggregate 20000 20000 high 300 yes -- no bgp aggregate 20000 20000 low 300 yes -- no vrrp aggregate 20000 20000 high 300 yes -- no telnet aggregate 20000 20000 low 300 yes -- no ftp aggregate 20000 20000 low 300 yes -- no ssh aggregate 20000 20000 low 300 yes -- no snmp aggregate 20000 20000 low 300 yes -- no ancp aggregate 20000 20000 low 300 yes -- no ...
显示 DDoS 防护协议 DHCPv4 参数简介
user@host> show ddos-protection protocols dhcpv4 parameters brief Number of policers modified: 2 Protocol Packet Bandwidth Burst Priority Recover Policer Bypass FPC group type (pps) (pkts) time(sec) enabled aggr. mod dhcpv4 aggregate 669* 5000 medium 300 yes -- no dhcpv4 unclass.. 300 150 low 300 yes no no dhcpv4 discover 100* 500 low 300 yes no no dhcpv4 offer 1000 1000 low 300 yes no no dhcpv4 request 1000 1000 medium 300 yes no no dhcpv4 decline 500 500 low 300 yes no no dhcpv4 ack 500 500 medium 300 yes no no dhcpv4 nak 500 500 low 300 yes no no dhcpv4 release 2000 2000 high 300 yes no no dhcpv4 inform 500 500 low 300 yes no no dhcpv4 renew 2000 2000 high 300 yes no no dhcpv4 forcerenew 2000 2000 high 300 yes no no dhcpv4 leasequery 2000 2000 high 300 yes no no dhcpv4 leaseuna.. 2000 2000 high 300 yes no no dhcpv4 leaseunk.. 2000 2000 high 300 yes no no dhcpv4 leaseact.. 2000 2000 high 300 yes no no dhcpv4 bootp 300 300 low 300 yes no no dhcpv4 no-msgtype 0 0 low 300 yes no no dhcpv4 bad-pack.. 0 0 low 300 yes no no
显示 DDoS 防护协议 DHCPv4 参数简洁
user@host> show ddos-protection protocols dhcpv4 parameters terse Number of policers modified: 2 Protocol Packet Bandwidth Burst Priority Recover Policer Bypass FPC group type (pps) (pkts) time(sec) enabled aggr. mod dhcpv4 aggregate 669* 5000 medium 300 yes -- no dhcpv4 discover 100* 500 low 300 yes no no
显示 DDoS 防护协议 DHCPv4 参数
user@host> show ddos-protection protocols dhcpv4 parameters Protocol Group: DHCPv4 Packet type: aggregate (aggregate for all DHCPv4 traffic) Aggregate policer configuration: Bandwidth: 669 pps Burst: 5000 packets Priority: medium Recover time: 300 seconds Enabled: Yes FPC slot 1 information: Bandwidth: 100% (669 pps), Burst: 100% (5000 packets), enabled Packet type: unclassified (Unclassified DHCPv4 traffic) Individual policer configuration: Bandwidth: 300 pps Burst: 150 packets Priority: low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (300 pps), Burst: 100% (150 packets), enabled Packet type: discover (DHCPv4 DHCPDISCOVER) Individual policer configuration: Bandwidth: 100 pps Burst: 500 packets Priority: low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (100 pps), Burst: 100% (500 packets), enabled Packet type: offer (DHCPv4 DHCPOFFER) Individual policer configuration: Bandwidth: 1000 pps Burst: 1000 packets Priority: low Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (1000 pps), Burst: 100% (1000 packets), enabled Packet type: request (DHCPv4 DHCPREQUEST) Individual policer configuration: Bandwidth: 1000 pps Burst: 1000 packets Priority: medium Recover time: 300 seconds Enabled: Yes Bypass aggregate: No FPC slot 1 information: Bandwidth: 100% (1000 pps), Burst: 100% (1000 packets), enabled ...
显示 DDoS 防护协议 SNMP 参数(从 Junos OS 22.3R1 版开始)
Packet types: 1, Modified: 0 * = User configured value Protocol Group: SNMP Packet type: aggregate (Aggregate for all snmp traffic) Aggregate policer configuration: Bandwidth: 100 pps Burst: 100 packets Priority: Low Recover time: 300 seconds Enabled: Yes Routing Engine information: Bandwidth: 100 pps, Burst: 100 packets, enabled
发布信息
Junos OS 11.2 版中引入的命令。