display attack-defense flood statistics ipv6

Use display attack-defense flood statistics ipv6 to display IPv6 flood attack detection and prevention statistics.

Syntax

In standalone mode:

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-flood | syn-ack-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ [ local ] [ slot slot-number ] ] [ count ]

In IRF mode:

display attack-defense { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-flood | syn-ack-flood | udp-flood } statistics ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ [ local ] [ chassis chassis-number slot slot-number ] ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ack-flood: Specifies ACK flood attack.

dns-flood: Specifies DNS flood attack.

fin-flood: Specifies FIN flood attack.

flood: Specifies all IPv6 flood attacks.

http-flood: Specifies HTTP flood attack.

icmpv6-flood: Specifies ICMPv6 flood attack.

rst-flood: Specifies RST flood attack.

syn-ack-flood: Specifies SYN-ACK flood attack.

syn-flood: Specifies SYN flood attack.

udp-flood: Specifies UDP flood attack.

ipv6-address: Specifies a protected IPv6 address. If you do not specify an IPv6 address, this command displays flood attack detection and prevention statistics for all protected IPv6 addresses.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IPv6 address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the protected IPv6 address is on the public network.

local: Specifies the device.

slot slot-number: Specifies a card by its slot number. This option is available only when you specify the device. If you do not specify a card, this command displays IPv6 flood attack detection and prevention statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. This option is available only when you specify the device. If you do not specify a card, this command displays IPv6 flood attack detection and prevention statistics for all cards. (In IRF mode.)

count: Displays the number of matching protected IPv6 addresses.

Usage guidelines

The device collects statistics about protected IP addresses for flood attack detection and prevention. The attackers' IP addresses are not recorded.

Examples

# (In standalone mode.) Display all IPv6 flood attack detection and prevention statistics.

<Sysname> display attack-defense flood statistics ipv6
Slot 1:
IPv6 address    VPN         Detected on  Detect type   State    PPS    Dropped
1::4            --          Local        ACK-FLOOD     Normal   1000   111111111
1::5            --          Local        SYN-FLOOD     Normal   1000   22222222
Slot 2:
IPv6 address    VPN         Detected on  Detect type   State    PPS    Dropped
1::6            --          Local        DNS-FLOOD     Normal   1000   12569985

# (In standalone mode.) Display the number of IPv6 addresses that are protected against flood attacks.

<Sysname> display attack-defense flood statistics ipv6 count
Slot 1:
Totally 2 flood entries.
Slot 2:
Totally 1 flood entries.

Table 70: Command output

Field

Description

IPv6 address

Protected IPv6 address.

VPN

MPLS L3VPN instance to which the protected IPv6 address belongs. If the protected IPv6 address is on the public network, this field displays hyphens (--).

Detected on

Where the attack is detected: the device (Local).

Detect type

Type of the detected flood attack.

State

Whether the device is attacked:

  • Attacked.

  • Normal.

PPS

Number of packets sent to the IPv6 address per second.

Dropped

Number of attack packets dropped by the device.

Totally 2 flood entries

Total number of IPv6 addresses that are protected.