Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show services service-sets statistic screen-session-limit-counters (Next Gen Services)

Syntax

Description

Display counters for session drops and packet drops resulting from session-limit checks performed by an IDS rule on an MS-MPC or MS-MIC.

Options

none

Display statistics for all configured services interfaces.
interface interface-name

(Optional) Display statistics for the specified services interface.
service service-set

Display statistics for the specified service set.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services service-set statistics ids session-limits counters command. Output fields are listed in the approximate order in which they appear.

Table 1: show services service-sets statistics ids session-limits counters Output Fields

Field Name

Field Description
   
   
   

TCP Counters

Session-limit TCP counters in the ingress direction for the following:

  • Sessions allowed—Number of TCP sessions allowed by the IDS rule.

  • Sessions ignored—Number of TCP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of TCP sessions dropped because the number of TCP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of TCP sessions dropped because the number of TCP connections per second exceeded the limit.

  • Packets allowed—Number of TCP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of TCP packets dropped because the number of TCP packets per second exceeded the limit.

UDP Counters

Session-limit UDP counters in the ingress direction for the following:

  • Sessions allowed—Number of UDP sessions allowed by the IDS rule.

  • Sessions ignored—Number of UDP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of UDP sessions dropped because the number of UDP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of UDP sessions dropped because the number of UDP connections per second exceeded the limit.

  • Packets allowed—Number of UDP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of UDP packets dropped because the number of TCP packets per second exceeded the limit.

ICMP Counters

Session-limit ICMP counters in the ingress direction for the following:

  • Sessions allowed—Number of ICMP sessions allowed by the IDS rule.

  • Sessions ignored—Number of ICMP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of ICMP sessions dropped because the number of ICMP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of ICMP sessions dropped because the number of ICMP connections per second exceeded the limit.

  • Packets allowed—Number of ICMP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of ICMP packets dropped because the number of ICMP packets per second exceeded the limit.

Other-Protocols Counters

Session-limit counters in the ingress direction for protocols other than TCP, UDP, and ICMP for the following:

  • Sessions allowed—Number of sessions allowed by the IDS rule.

  • Sessions ignored—Number of sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of sessions dropped because the number of sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of sessions dropped because the number of connections per second exceeded the limit.

  • Packets allowed—Number of packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of packets dropped because the number of packets per second exceeded the limit.

Egress General Info

Information for IDS rules for the service set in the egress direction.

  • Match-direction—Displays output.

  • Rule name—Name of the IDS rule.

  • Term name—Name of the term in the IDS rule.

Egress TCP Counters

Session-limit TCP counters in the egress direction for the following:

  • Sessions allowed—Number of TCP sessions allowed by the IDS rule.

  • Sessions ignored—Number of TCP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of TCP sessions dropped because the number of TCP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of TCP sessions dropped because the number of TCP connections per second exceeded the limit.

  • Packets allowed—Number of TCP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of TCP packets dropped because the number of TCP packets per second exceeded the limit.

Egress UDP Counters

Session-limit UDP counters in the egress direction for the following:

  • Sessions allowed—Number of UDP sessions allowed by the IDS rule.

  • Sessions ignored—Number of UDP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of UDP sessions dropped because the number of UDP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of UDP sessions dropped because the number of UDP connections per second exceeded the limit.

  • Packets allowed—Number of UDP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of UDP packets dropped because the number of TCP packets per second exceeded the limit.

Egress ICMP Counters

Session-limit ICMP counters in the egress direction for the following:

  • Sessions allowed—Number of ICMP sessions allowed by the IDS rule.

  • Sessions ignored—Number of ICMP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of ICMP sessions dropped because the number of ICMP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of ICMP sessions dropped because the number of ICMP connections per second exceeded the limit.

  • Packets allowed—Number of ICMP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of ICMP packets dropped because the number of ICMP packets per second exceeded the limit.

Egress Other-Protocols Counters

Session-limit counters in the egress direction for protocols other than TCP, UDP, and ICMP for the following:

  • Sessions allowed—Number of sessions allowed by the IDS rule.

  • Sessions ignored—Number of sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of sessions dropped because the number of sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of sessions dropped because the number of connections per second exceeded the limit.

  • Packets allowed—Number of packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of packets dropped because the number of packets per second exceeded the limit.

Sample Output

show services service-sets statistic screen-session-limit-counters

Release Information

Support added in Junos OS Release 19.3R2 for Next Gen Services on MX Series routers MX240, MX480 and MX960 with the MX-SPC3 services card.