show security flow session tunnel
Syntax
Release Information
Command introduced in Junos OS Release 8.5; Filter and view options introduced in Junos OS Release 10.2. Fragmentation counters options introduced in Junos OS Release 15.1X49-90.
Only show security flow session tunnel extensive and show security flow session tunnel summary provide fragmentation counters output.
Description
Display information about all tunnel sessions.
Options
none—Display the brief (default) level of output.
Required Privilege Level
view
Related Documentation
List of Sample Output
show security flow session tunnelshow security flow session tunnel brief
show security flow session tunnel extensive
show security flow session tunnel summary extensive (with fragmentation counters output)
show security flow session tunnel summary
show security flow session tunnel summary (with fragmentation counters output)
Output Fields
Table 1 lists the output fields for the show security flow session tunnel command. Output fields are listed in the approximate order in which they appear.
Table 1: show security flow session tunnel Output Fields
Field Name | Field Description |
|---|---|
Session ID | Number that identifies the session. You can use this ID to get additional information about the session. |
Policy name | Policy that permitted the traffic. NA (Not Applicable) for a tunnel session. |
Source NAT pool | The name of the source pool where NAT is used. |
Timeout | Idle timeout after which the session expires. NA (Not Applicable) for a tunnel session. |
In | Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, encapsulation and authentication header fragments generated, inner IPv4 fragments generated, inner IPv6 fragments generated, port sequence, FIN sequence, FIN state, packets and bytes). |
Total sessions | Total number of sessions. |
Status | Session status. |
Flags | Internal flag depicting the state of the session, used for debugging purposes. |
Source NAT pool | The name of the source pool where NAT is used. |
Application | Name of the application. |
Maximum timeout | Maximum session timeout. |
Current timeout | Remaining time for the session unless traffic exists in the session. |
Encryption | Encryption traffic name. |
Session State | Session state. |
Start time | Time when the session was created, offset from the system start time. |
Session token | Internal token derived from the virtual routing instance. |
Route | Internal next hop of the route to be used by the flow. |
Valid sessions | Number of valid sessions. |
Pending sessions | Number of pending sessions. |
Invalidated sessions | Number of invalidated sessions. |
Sessions in other states | Number of sessions in other states. |
ESP/AH frag Rx: number, Generated: number | For IPsec tunnels, the number of Encapsulating Security Payload (ESP) or Authentication Header (AH) fragments that were received and the number that were generated. |
Inner IPv4 frag Rx: number, Tx: number, Generated: number | For tunnels with IPv4 fragments, the number of fragments associated with the tunnel that were received, transmitted, and generated. |
Inner IPv6 frag Rx: number, Tx: number, Generated: number | For tunnels with IPv6 fragments, the number of fragments associated with the tunnel that were received, transmitted, and generated. |
Sample Output
show security flow session tunnel
root> show security flow session tunnelFlow Sessions on FPC10 PIC1: Session ID: 410000001, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/43405 --> 60.0.0.3/494;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 410000002, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC2: Session ID: 420000003, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 420000004, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC3: Session ID: 430000005, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 430000006, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2
show security flow session tunnel brief
root> show security flow session tunnel briefFlow Sessions on FPC10 PIC1: Session ID: 410000001, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/43405 --> 60.0.0.3/494;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 410000002, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC2: Session ID: 420000003, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 420000004, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC3: Session ID: 430000005, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 430000006, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2
show security flow session tunnel extensive
root> show security flow session tunnel extensive Flow Sessions on FPC10 PIC1:
Session ID: 410000001, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3548, Duration: 797
In: 60.0.0.2/43405 --> 60.0.0.3/494;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x80100621
Route: 0x60010, Gateway: 60.0.0.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 4, Tx: 4, Generated: 4,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 410000002, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3548, Duration: 797
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x60010, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
Flow Sessions on FPC10 PIC2:
Session ID: 420000003, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 798
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 420000004, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 798
In: 60.0.0.2/0 --> 60.0.0.3/0;ah,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
Flow Sessions on FPC10 PIC3:
Session ID: 430000005, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 799
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 430000006, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 799
In: 60.0.0.2/0 --> 60.0.0.3/0;ah,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
show security flow session tunnel summary extensive (with fragmentation counters output)
root> show security flow session tunnel extensivenode0:
Flow Sessions on FPC2 PIC1:
Session ID: 90000004, Status: Normal, State: Active
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 6251, Duration: 167168
In: 2.2.2.2/0 --> 2.2.2.1/10203;esp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x7, Flag: 0x80100621
Route: 0x867f3c1, Gateway: 2.2.2.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 27, Tx: 27, Generated: 18,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 90000000
Session ID: 90000005, Status: Normal, State: Active
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A,
Current timeout: N/A
Session State: Valid
Start time: 6251, Duration: 167168
In: 2.2.2.2/0 --> 2.2.2.1/0;esp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x7, Flag: 0x100621
Route: 0x867f3c1, Gateway: 2.2.2.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 0, Tx: 0, Generated: 0,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0,
FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 90000000
Total sessions: 2
show security flow session tunnel summary
root> show security flow session tunnel summaryFlow Sessions on FPC10 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Flow Sessions on FPC10 PIC2: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Flow Sessions on FPC10 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2
show security flow session tunnel summary (with fragmentation counters output)
root> show security flow session tunnel summarynode0: Flow Sessions on FPC2 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 1 (27) Tunnels with IPv4 frag Tx: 1 (27) Tunnels with IPv4 frag generated: 1 (18) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Flow Sessions on FPC2 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 0 (0) Tunnels with IPv4 frag Tx: 0 (0) Tunnels with IPv4 frag generated: 0 (0) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Flow Sessions on FPC2 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 0 (0) Tunnels with IPv4 frag Tx: 0 (0) Tunnels with IPv4 frag generated: 0 (0) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 1 (27) Tunnels with IPv4 frag Tx: 1 (27) Tunnels with IPv4 frag generated: 1 (18) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0)