display cpu-defend statistics

Function

The display cpu-defend statistics command displays information about the attack defense, including the total number of packets, number of passed packets, and number of dropped packets. The statistics are displayed in categories.

Format

display cpu-defend car whitelist-v6 [ bgpv6 | ospfv3 ] statistics [ slot slot-id ]

display cpu-defend car { user-defined-flow flow-id } statistics [ slot slot-id ]

display cpu-defend total-packet statistics [ slot slot-id ]

display cpu-defend { all | application-apperceive | tcpip-defend | urpf } statistics [ slot slot-id ]

display cpu-defend car index index statistics [ slot slot-id ]

display cpu-defend car { fragment | tcpsyn } statistics [ slot slot-id ]

display cpu-defend car { blacklist | whitelist } statistics [ slot slot-id ]

display cpu-defend car whitelist { bgp | ldp | ospf | radius | rsvp | isis } statistics [ slot slot-id ]

display cpu-defend tcpip-defend-v6 statistics [ slot slot-id ]

display cpu-defend car protocol atm-inarp statistics [ slot slot-id ]

display cpu-defend car protocol { 802.1ag | arp | bfd | bgp | bpdu | dhcp | dns-client | ftp-client | ftp-server | hwtacacs | icmp | igmp | isis | lacp | ldp | lspping | msdp | ntp | ospf | pim | portal | radius | rip | rsvp | snmp | ssh-client | ssh-server | telnet-client | telnet-server | tftp | vrrp | web | ipv4-fib-miss | ipv4-multicast-fib-miss | ipv4-ttl-expire | ipv6-ttl-expire | ipv6-fib-miss | ipv6-nd-miss | mpls-arp-miss | mpls-ttl-expire | arp-miss | lldp | syslog | bgpv6 | ospfv3 | ftpv6-server | ftpv6-client | tftpv6-client | icmpv6 | dnsv6 | pimv6 | sshv6-server | telnetv6-client | telnetv6-server | eapol | netstream | snmpv6 | dhcpv6 | ra | mld | rs | ns | na | web-auth-server | diameter | openflow | http-redirect-chasten | unicast-vrrp | soft-gre | traffic-behavior-log | icmp-broadcast-address-echo | mka | pcep | vrrpv6 | radiusv6 | hwtacacsv6 | lsppingv6 | syslogv6 | web-auth-serverv6 } statistics [ slot slot-id ]

Parameters

Parameter Description Value
802.1ag

802.1ag protocol.

-
arp

ARP protocol.

-
bfd

BFD protocol.

-
bgp

BGP protocol.

-
bpdu

Bpdu protocol.

-
dhcp

DHCP protocol.

-
dns-client

DNS client protocol.

-
ftp-client

FTP client protocol.

-
ftp-server

FTP server protocol.

-
hwtacacs

HWTACACS protocol.

-
icmp

ICMP protocol.

-
igmp

IGMP protocol.

-
isis

ISIS protocol.

-
lacp

LACP protocol.

-
ldp

LDP protocol.

-
lspping

LSPPING protocol.

-
msdp

MSDP protocol.

-
ntp

NTP protocol.

-
ospf

OSPF protocol.

-
pim

PIM protocol.

-
portal

Specify portal packet.

-
radius

RADIUS protocol.

-
rip

RIP protocol.

-
rsvp

RSVP protocol.

-
snmp

SNMP protocol.

-
ssh-client

SSH client protocol.

-
ssh-server

SSH server protocol.

-
telnet-client

TELNET client protocol.

-
telnet-server

TELNET server protocol.

-
tftp

TFTP protocol.

-
vrrp

VRRP protocol.

-
web

Specify web packet.

-
ipv4-fib-miss

IPV4 FIB miss.

-
ipv4-multicast-fib-miss

IPV4 multicast FIB miss.

-
ipv4-ttl-expire

IPV4 TTL expires packets.

-
ipv6-ttl-expire

IPV6 TTL expires packets.

-
ipv6-fib-miss

IPV6 FIB miss.

-
ipv6-nd-miss

IPV6 ND miss.

-
mpls-arp-miss

MPLS ARP miss.

-
mpls-ttl-expire

MPLS TTL expires packets.

-
arp-miss

ARP miss.

-
lldp

LLDP protocol.

-
syslog

SYSLOG protocol.

-
bgpv6

BGPV6 protocol.

-
ospfv3

OSPFV3 protocol.

-
ftpv6-server

FTPV6 server protocol.

-
ftpv6-client

FTPV6 client protocol.

-
tftpv6-client

TFTPV6 client protocol.

-
icmpv6

ICMPV6 protocol.

-
dnsv6

DNSV6 protocol.

-
pimv6

PIMV6 protocol.

-
sshv6-server

SSHV6 server protocol.

-
telnetv6-client

TELNETV6 client protocol.

-
telnetv6-server

TELNETV6 server protocol.

-
eapol

Eapol protocol.

-
netstream

Netstream protocol.

-
snmpv6

SNMPV6 protocol.

-
dhcpv6

DHCPV6 protocol.

-
ra

IPV6 RA protocol.

-
mld

IPV6 MLD protocol.

-
rs

IPV6 RS protocol.

-
ns

IPV6 NS protocol.

-
na

IPV6 NA protocol.

-
web-auth-server

Specify web-auth-server.

-
diameter

DIAMETER protocol.

-
openflow

OPENFLOW protocol.

-
http-redirect-chasten

Http-redirect packet of chasten user.

-
unicast-vrrp

UNICAST VRRP protocol.

-
soft-gre

Soft-gre packet.

-
traffic-behavior-log

Traffic-behavior-log protocol.

-
icmp-broadcast-address-echo

Specify Icmp Broadcast Address Echo Reply Packets configuration information.

-
mka

MKA protocol.

-
pcep

PCEP protocol.

-
vrrpv6

VRRPV6 protocol.

-
radiusv6

RADIUSV6 protocol.

-
hwtacacsv6

HWTACACSV6 protocol.

-
lsppingv6

LSPPINGV6 protocol.

-
syslogv6

SYSLOGV6 protocol.

-
web-auth-serverv6

WEB-AUTH-SERVERV6 protocol.

-
statistics

Defend Statistics.

-
slot slot-id

Specifies the slot ID.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported.
display

Display.

-
cpu-defend

Configure CPU defend policy.

-
car

Committed access rate.

-
whitelist-v6

Whitelist ipv6.

-
user-defined-flow flow-id

Specifies the ID of the user-defined flow.

The value is an integer that ranges from 1 to 64.
total-packet

Configure the total rate of packet sent to CPU.

-
fragment

Vicious fragmentflood packet.

-
tcpsyn

Vicious TCPSYN packet.

-
blacklist

Blacklist.

-
whitelist

Whitelist.

-
index index

Specifies a protocol index.

The value is an integer ranging from 35 to 1658.
protocol

Protocol.

-
all

All.

-
tcpip-defend

TCPIP defend.

-
tcpip-defend-v6

Tcpip defend packet.

-
application-apperceive

Application apperceive defend.

-
urpf

Urpf function.

-
atm-inarp

ATM INARP protocol.

-

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name Operations
cpu-defend read

Usage Guidelines

Usage Scenario

To check the number of the dropped packets of each protocol to be sent to the CPU, run the display cpu-defend statistics command.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display whitelist statistics on the board in slot 1.
<HUAWEI> display cpu-defend car whitelist statistics slot 1
 Slot               : 1
 Application switch : Open
 Default Action     : Min-to-cp
--------------------------------------------
 Whitelist
 Protocol switch: N/A
 Packet information:
  Passed packet(s)  : 0
  Dropped packet(s) : 0
  Acl-denied packet(s) : 0
 Configuration information:
  Configured CIR : 4000      kbps       Actual CIR in NP : 4001      kbps
  Configured CBS : 600000    bytes      Actual CBS in NP : 600000    bytes
  Priority : cs6
  Fixed-packet-length : 128 bytes
  CIR Configuration Type: Default
 History information:
  Last drop:
   Start time: -
   End time  : -
   Last drop rate(pps): -
   Total dropped packet(s): -
  Peak rate:
   Time: -
   Peak rate(pps): -
# Display statistics about BGP packets on the board in slot 1.
<HUAWEI> display cpu-defend car protocol bgp statistics slot 1
 Slot               : 1
 Application switch : Open
 Default Action     : Min-to-cp
--------------------------------------------
 BGP Packet
 Protocol switch: Open
 Packet information:
  Passed packet(s)  : 0
  Dropped packet(s) : 0
 Configuration information:
  Configured CIR : 512       kbps       Actual CIR in NP : 512       kbps
  Configured CBS : 1600000   bytes      Actual CBS in NP : 1600000   bytes
  Priority : this index include more than one type of packet,
             please use the diagnose command to query each of the packets' priority.
  Fixed-packet-length : 1500 bytes
  CIR Configuration Type: Default
 History information:
  Last drop:
   Start time: -
   End time  : -
   Last drop rate(pps): -
   Total dropped packet(s): -
  Peak rate:
   Time: -
   Peak rate(pps): -
Table 1 Description of the display cpu-defend statistics command output
Item Description
slot

Slot number.
Application switch

Status of the application layer association.
Default Action

Default action. Min-to-cpu means that packets are sent to CPU at a low bandwidth.
Packet information

Number of forwarded or dropped packets.
Protocol switch

Protocol status.
Passed packet(s)

Number of forwarded packets.
Dropped packet(s)

Number of dropped packets.
Configuration information

Configuration information.
Configured CIR

Configured CIR.
Configured CBS

Configured CBS.
CIR Configuration Type

CIR configuration type:

  • NA.
  • Default.
  • CLI.
  • Dynamic.
  • Application-apperceive.
Actual CIR in NP

CIR delivered to the hardware NP table.
Actual CBS in NP

CBS delivered to the hardware NP table.
Priority

Queues are classified as BE, AF1, AF2, AF3, AF4, EF, and CS6 queues based on priorities.
Fixed-packet-length

Length for fixed packet compensation.
History information

Historical packet loss statistics.
Last drop rate

Average packet loss rate during the last continuous packet loss.
Last drop

Statistics about the last packet loss.
Last drop rate(pps)

last drop rate(pps).
Start time

Start time for the last continuous packet loss.
End time

End time for the last continuous packet loss.
Total dropped packet(s)

Total number of packets dropped during the last continuous packet loss.
Total dropped packet(s)

Total number of packets dropped during the last continuous packet loss.
Peak rate

Peak rate at which packets are forwarded or dropped in the current month (calendar month) and time when it happened.
Peak rate(pps)

Peak rate(pps).
Acl-denied packet(s)

Number of times that traffic matches ACL deny rules.
Time

Time when the packet rate reaches the pear rate in the month.
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >