show ddos-protection protocols violations
Syntax
Release Information
Command introduced in Junos OS Release 11.2.
Description
Display information about control plane DDoS protection policer violations for all protocol groups or for a particular protocol group.
Control plane DDoS protection policers act on the system’s traffic queues. The QFX5100 and QFX5200 lines of switches manage traffic for more protocols than the number of queues, so the system often must map more than one protocol to the same queue. When traffic for one protocol shares a queue with other protocols and violates DDoS protection policer limits, this command reports a violation on that queue for all mapped protocols because the system doesn’t distinguish which protocol’s traffic specifically caused the violation. You can use what you know about the types of traffic flowing through your network to identify which of the reported protocols actually triggered the violation.
Options
Required Privilege Level
view
Related Documentation
List of Sample Output
show ddos-protection protocols violationsshow ddos-protection protocols lldp violations
show ddos-protection protocols pppoe violations
Output Fields
Table 1 lists the output fields for the show ddos-protection protocols violations command. Output fields are listed in the approximate order in which they appear.
Table 1: show ddos-protection protocols violations Output Fields
Field Name | Field Description |
|---|---|
Number of packet types that are being violated | Number of individual policers and aggregate policers that are currently being violated |
Protocol Group | Name of protocol group |
Packet type | Name of packet type in protocol group |
Bandwidth (pps) | Policer bandwidth |
Arrival rate (pps) | Current traffic rate for packets arriving from all cards and at the Routing Engine |
Peak rate (pps) | Highest traffic rate for packets arriving from all cards and at the Routing Engine |
Policer bandwidth violation detected at | Timestamp of the policer violation |
Detected on | Slot number of the card on which the violation was detected |
Sample Output
show ddos-protection protocols violations
user@host> show ddos-protection protocols violationsNumber of packet types that are being violated: 2
Protocol Packet Bandwidth Arrival Peak Policer bandwidth
group type (pps) rate(pps) rate(pps) violation detected at
pppoe padi 500 2000 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
pppoe padr 500 1999 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
show ddos-protection protocols lldp violations
user@host> show ddos-protection protocols lldp
violationsNumber of packet types that are being violated: 0
show ddos-protection protocols pppoe violations
user@host> show ddos-protection protocols pppoe
violationsNumber of packet types that are being violated: 2
Protocol Packet Bandwidth Arrival Peak Policer bandwidth
group type (pps) rate(pps) rate(pps) violation detected at
pppoe padi 500 2000 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1
pppoe padr 500 1999 2001 2011-04-19 08:23:17 PDT
Detected on: FPC-1