The display firewall car-table type command displays the entry records of packet loss when the rate of packets sent by the device exceeds the upper limit.
| Parameter | Description | Value |
|---|---|---|
type type |
Specifies the application layer protocol type. |
IKE or IKEv6 |
This command is supported in V600R007C20SPC500 and later versions.
After detecting that the packet rate of a single CPU exceeds the alarm threshold, the device performs traffic limiting and collects statistics on the packets whose rate exceeds the alarm threshold based on the source IP address. If the number of packets with the same source IP address per second exceeds per-ip pps-value, the packets are considered as threats and then discarded.
You can run the display firewall car-table type command to check the entry records of packet loss.
# Display the records of packet loss when the IKE packet rate exceeds the upper limit.
<sysname> display firewall car-table type ike 2021-09-09 10:27:07.940 IKE car-table : Slot: 11 CPU: 0 SOURCE-IP PPS-VALUE DISCARD DATE TIME 11.0.0.3 104 94 2021-09-09 10:47:07 11.0.0.5 70 60 2021-09-09 10:38:57 11.0.0.6 55 45 2021-09-09 10:38:08 11.0.0.3 94 84 2021-09-09 10:35:07 11.0.0.5 81 71 2021-09-09 10:22:07 Slot: 12 CPU: 0
Item |
Description |
|---|---|
SOURCE-IP |
Source IP address of IKE packets. |
PPS-VALUE |
Number of packets with the same source IP address allowed per second. |
DISCARD |
Number of discarded packets. |
DATE |
Packet loss date. |
TIME |
Packet loss time. |