Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show ddos-protection protocols violations

 

Syntax

Release Information

Command introduced in Junos OS Release 11.2.

Description

Display information about control plane DDoS protection policer violations for all protocol groups or for a particular protocol group.

Note

Control plane DDoS protection policers act on the system’s traffic queues. The QFX5100 and QFX5200 lines of switches manage traffic for more protocols than the number of queues, so the system often must map more than one protocol to the same queue. When traffic for one protocol shares a queue with other protocols and violates DDoS protection policer limits, this command reports a violation on that queue for all mapped protocols because the system doesn’t distinguish which protocol’s traffic specifically caused the violation. You can use what you know about the types of traffic flowing through your network to identify which of the reported protocols actually triggered the violation.

Options

noneDisplay information for all protocol groups.
protocol-group(Optional) Name of a particular protocol group. See show ddos-protection protocols for a list of available groups.

Required Privilege Level

view

List of Sample Output

show ddos-protection protocols violations

show ddos-protection protocols lldp violations

show ddos-protection protocols pppoe violations

Output Fields

Table 1 lists the output fields for the show ddos-protection protocols violations command. Output fields are listed in the approximate order in which they appear.

Table 1: show ddos-protection protocols violations Output Fields

Field Name

Field Description

Number of packet types that are being violated

Number of individual policers and aggregate policers that are currently being violated

Protocol Group

Name of protocol group

Packet type

Name of packet type in protocol group

Bandwidth (pps)

Policer bandwidth

Arrival rate (pps)

Current traffic rate for packets arriving from all cards and at the Routing Engine

Peak rate (pps)

Highest traffic rate for packets arriving from all cards and at the Routing Engine

Policer bandwidth violation detected at

Timestamp of the policer violation

Detected on

Slot number of the card on which the violation was detected

Sample Output

show ddos-protection protocols violations

user@host> show ddos-protection protocols violations

show ddos-protection protocols lldp violations

user@host> show ddos-protection protocols lldp violations

show ddos-protection protocols pppoe violations

user@host> show ddos-protection protocols pppoe violations