show security flow session tunnel
Syntax
show security flow session tunnel
[brief | extensive | summary]
Description
Display information about all tunnel sessions.
Options
none—Display the brief (default) level of output.
brief—Display the specified brief level of output.
extensive—Display the information about all current active sessions.
summary—Display the session information on each FPC.
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security flow session tunnel command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Number that identifies the session. You can use this ID to get additional information about the session. |
|
Policy that permitted the traffic. NA (Not Applicable) for a tunnel session. |
|
The name of the source pool where NAT is used. |
|
Idle timeout after which the session expires. NA (Not Applicable) for a tunnel session. |
|
Incoming flow (source and destination IP addresses, application protocol, interface, session token, route, gateway, tunnel, encapsulation and authentication header fragments generated, inner IPv4 fragments generated, inner IPv6 fragments generated, port sequence, FIN sequence, FIN state, packets and bytes). |
|
Total number of sessions. |
|
Session status. |
|
Internal flag depicting the state of the session, used for debugging purposes. |
|
The name of the source pool where NAT is used. |
|
Name of the application. |
|
Maximum session timeout. |
|
Remaining time for the session unless traffic exists in the session. |
|
Encryption traffic name. |
|
Session state. |
|
Time when the session was created, offset from the system start time. |
|
Internal token derived from the virtual routing instance. |
|
Internal next hop of the route to be used by the flow. |
|
Number of valid sessions. |
|
Number of pending sessions. |
|
Number of invalidated sessions. |
|
Number of sessions in other states. |
|
For IPsec tunnels, the number of Encapsulating Security Payload (ESP) or Authentication Header (AH) fragments that were received and the number that were generated. |
|
For tunnels with IPv4 fragments, the number of fragments associated with the tunnel that were received, transmitted, and generated. |
|
For tunnels with IPv6 fragments, the number of fragments associated with the tunnel that were received, transmitted, and generated. |
Sample Output
- show security flow session tunnel
- show security flow session tunnel brief
- show security flow session tunnel extensive
- show security flow session tunnel summary extensive (with fragmentation counters output)
- show security flow session tunnel summary (with fragmentation counters output)
show security flow session tunnel
root> show security flow session tunnel Flow Sessions on FPC10 PIC1: Session ID: 410000001, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/43405 --> 60.0.0.3/494;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 410000002, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC2: Session ID: 420000003, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 420000004, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC3: Session ID: 430000005, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 430000006, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2
show security flow session tunnel brief
root> show security flow session tunnel brief Flow Sessions on FPC10 PIC1: Session ID: 410000001, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/43405 --> 60.0.0.3/494;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 410000002, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC2: Session ID: 420000003, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 420000004, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2 Flow Sessions on FPC10 PIC3: Session ID: 430000005, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;esp, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Session ID: 430000006, Policy name: N/A, Timeout: N/A, Valid In: 60.0.0.2/0 --> 60.0.0.3/0;ah, If: ge-7/1/1.0, Pkts: 0, Bytes: 0, CP Session ID: 420000000 Total sessions: 2
show security flow session tunnel extensive
root> show security flow session tunnel extensive
Flow Sessions on FPC10 PIC1:
Session ID: 410000001, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3548, Duration: 797
In: 60.0.0.2/43405 --> 60.0.0.3/494;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x80100621
Route: 0x60010, Gateway: 60.0.0.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 4, Tx: 4, Generated: 4,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 410000002, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3548, Duration: 797
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x60010, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
Flow Sessions on FPC10 PIC2:
Session ID: 420000003, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 798
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 420000004, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 798
In: 60.0.0.2/0 --> 60.0.0.3/0;ah,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
Flow Sessions on FPC10 PIC3:
Session ID: 430000005, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 799
In: 60.0.0.2/0 --> 60.0.0.3/0;esp,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Session ID: 430000006, Status: Normal
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 3513, Duration: 799
In: 60.0.0.2/0 --> 60.0.0.3/0;ah,
Interface: ge-7/1/1.0,
Session token: 0x7, Flag: 0x621
Route: 0x0, Gateway: 60.0.0.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 420000000
Total sessions: 2
show security flow session tunnel summary extensive (with fragmentation counters output)
root> show security flow session tunnel extensive
node0:
Flow Sessions on FPC2 PIC1:
Session ID: 90000004, Status: Normal, State: Active
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A, Current timeout: N/A
Session State: Valid
Start time: 6251, Duration: 167168
In: 2.2.2.2/0 --> 2.2.2.1/10203;esp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x7, Flag: 0x80100621
Route: 0x867f3c1, Gateway: 2.2.2.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 27, Tx: 27, Generated: 18,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 90000000
Session ID: 90000005, Status: Normal, State: Active
Flags: 0x10000/0x0/0x1
Policy name: N/A
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: N/A,
Current timeout: N/A
Session State: Valid
Start time: 6251, Duration: 167168
In: 2.2.2.2/0 --> 2.2.2.1/0;esp,
Conn Tag: 0x0, Interface: reth1.0,
Session token: 0x7, Flag: 0x100621
Route: 0x867f3c1, Gateway: 2.2.2.2, Tunnel: 0
ESP/AH frag Rx: 0, Generated: 0
Inner IPv4 frag Rx: 0, Tx: 0, Generated: 0,
Inner IPv6 frag Rx: 0, Tx: 0, Generated: 0
Port sequence: 0,
FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
CP Session ID: 90000000
Total sessions: 2
show security flow session tunnel summary (with fragmentation counters output)
root> show security flow session tunnel summary node0: Flow Sessions on FPC2 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 1 (27) Tunnels with IPv4 frag Tx: 1 (27) Tunnels with IPv4 frag generated: 1 (18) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Flow Sessions on FPC2 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 0 (0) Tunnels with IPv4 frag Tx: 0 (0) Tunnels with IPv4 frag generated: 0 (0) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Flow Sessions on FPC2 PIC3: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 0 (0) Tunnels with IPv4 frag Tx: 0 (0) Tunnels with IPv4 frag generated: 0 (0) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0) Tunnel fragment summary: Tunnels with ESP/AH frag Rx: 0 (0) Tunnels with ESP/AH frag generated: 0 (0) Tunnels with IPv4 frag Rx: 1 (27) Tunnels with IPv4 frag Tx: 1 (27) Tunnels with IPv4 frag generated: 1 (18) Tunnels with IPv6 frag Rx: 0 (0) Tunnels with IPv6 frag Tx: 0 (0) Tunnels with IPv6 frag generated: 0 (0)
Release Information
Command introduced in Junos OS Release 8.5; Filter and view options introduced in Junos OS Release 10.2. Fragmentation counters options introduced in Junos OS Release 15.1X49-90.
Only show security flow session tunnel extensive and show security flow session tunnel summary provide fragmentation counters output.