display firewall traffic-trace-source
Function
The display firewall traffic-trace-source command displays the analysis result of traffic source tracing.
Format
display firewall traffic-trace-source { cpu-overload | micro-burst | manual } [ ipv4 | ipv6 ] [ verbose ] [ slot slot-id cpu cpu-id ]
Parameters
| Parameter | Description | Value |
|---|---|---|
cpu-overload |
Displays the result of traffic source tracing triggered by high CPU usage. |
- |
micro-burst |
Displays the result of traffic source tracing triggered by microburst traffic. |
- |
manual |
Displays the result of traffic source tracing triggered manually. |
- |
ipv4 |
Displays the result of IPv4 traffic source tracing. |
- |
ipv6 |
Displays the result of IPv6 traffic source tracing. |
- |
verbose |
Displays detailed result of traffic source tracing. |
- |
slot slot-id |
Specifies the slot ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
cpu cpu-id |
Specifies the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
- |
Usage Guidelines
Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E, and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B, USG6615E/6625E and USG6635E/6655Esupport this command.
When the CPU usage reaches the specified threshold or microburst traffic occurs on a device, the device automatically enables traffic sampling and performs source tracing analysis. You can also manually trigger traffic source tracing as required. You can run the display firewall traffic-trace-source command to view the analysis result of traffic source tracing.
A maximum of the latest three analysis results of traffic source tracing can be displayed.
If the FW has multiple CPUs, it performs traffic source analysis and displays the analysis result of traffic source tracing by CPU.
- If traffic source tracing is triggered again when you check the analysis result of traffic source tracing, the analysis result may not be updated. In this case, check the analysis result of traffic source tracing again later.
- In a hot standby scenario, when you run the display firewall traffic-trace-source command on one device to view the traffic source tracing result, do not modify the traffic source tracing configuration on the other device. Otherwise, the configuration on both devices may be different.
Example
# Display the analysis result of traffic source tracing triggered for microburst traffic. The fields in the command output for traffic source tracing due to high CPU usage and triggered manually are the same as those for traffic source tracing triggered for microburst traffic.
<sysname> display firewall traffic-trace-source cpu-overload
====================================================================================
TOPN type [CPU usage high] | time Apr 15 2020 10:20:43
------------------------------------brief KPIs--------------------------------------
receive pps 355144 | receive Bps/Mbps 22023407/244 | cpu 100.0% | sample span 1000 ms
ipv4 : session create attempt 1437/s | session num 405 | session create success 0/s
ipv6 : session create attempt 0/s | session num 0 | session create success 0/s
last session refresh time Apr 15 2020 00:01:51
-------------------------TOPN of received total packets------------------------------
sample pkts 4001 | sample bytes 248022 | total pkts 355144 | total bytes 22023407
TOPN SRC IP | estimated pps | estimated Bps | sample pkts | sample bytes
10.0.0.1 | 178237 | 11054769 | 2008 | 124496
10.0.0.2 | 176551 | 10950167 | 1989 | 123318
10.0.0.3 | 88 | 4617 | 1 | 52
10.0.0.4 | 88 | 4617 | 1 | 52
10.0.0.5 | 88 | 4617 | 1 | 52
10.0.0.6 | 88 | 4617 | 1 | 52
TOPN DST IP | estimated pps | estimated Bps | sample pkts | sample bytes
192.168.0.1 | 178237 | 11054769 | 2008 | 124496
192.168.0.2 | 176551 | 10950167 | 1989 | 123318
192.168.0.3 | 88 | 4617 | 1 | 52
192.168.0.4 | 88 | 4617 | 1 | 52
192.168.0.5 | 88 | 4617 | 1 | 52
192.168.0.6 | 88 | 4617 | 1 | 52
-------------------------------------------------------------------------------------
----------------------IP TOPN of ipv4 session create packets-------------------------
sample pkts 1437 | sample bytes 89094 | total pkts 1437 | total bytes 89094
TOPN SRC IP | estimated pps | estimated Bps | sample pkts | sample bytes
10.0.0.1 | 737 | 45694 | 737 | 45694
10.0.0.2 | 700 | 43400 | 700 | 43400
TOPN DST IP | estimated pps | estimated Bps | sample pkts | sample bytes
192.168.0.1 | 737 | 45694 | 737 | 45694
192.168.0.2 | 700 | 43400 | 700 | 43400
-------------------------------------------------------------------------------------
--------------------- IP TOPN of ipv6 session create packets-------------------------
-------------------------------------------------------------------------------------
Item |
Description |
|---|---|
TOPN type |
Type of conditions that trigger traffic source tracing. The options are as follows:
|
time |
Time when traffic source tracing statistics are collected. |
brief KPIs |
Key indicators. |
receive pps |
Rate at which packets are received in the current statistical period, in pps. |
receive Bps/Mbps |
Rate at which packets are received in the current statistical period, in bit/s or Mbit/s. |
cpu |
Current CPU usage. |
sample span |
Sampling interval of traffic source tracing. |
session create attempt |
Number of attempts to create sessions per second. |
session num |
Number of sessions in the current statistical period. |
session create success |
Number of sessions successfully created per second. |
last session refresh time |
Time when the session was last updated. |
TOPN of received total packets |
Top N analysis result of IPv4 and IPv6 traffic source tracing. |
sample pkts |
Number of sampled packets. |
sample bytes |
Number of sampled packet bytes. |
total pkts |
Total number of packets. |
total bytes |
Total number of bytes. |
TOPN SRC IP |
Top N source IP addresses. |
TOPN DST IP |
Top N destination IP addresses. |
estimated pps |
Traffic rate estimated based on the sampling result, in pps. |
estimated Bps |
Traffic rate estimated based on the sampling result, in bit/s. |
IP TOPN of ipv4 session create packets |
Top N analysis result of IPv4 traffic source tracing. |
IP TOPN of ipv6 session create packets |
Top N analysis result of IPv6 traffic source tracing. |
<sysname> display firewall traffic-trace-source cpu-overload verbose
=====================================================================================
TOPN type [CPU usage high] | time Apr 16 2020 19:45:39
------------------------------------brief KPIs--------------------------------------
receive pps 392817 | receive Bps/Mbps 30132025/316 | cpu 100.0% | sample span 1000 ms
ipv4 : session create attempt 1449/s | session num 415 | session create success 0/s
ipv6 : session create attempt 0/s | session num 0 | session create success 0/s
last session refresh time Apr 16 2020 19:45:41
-------------------------TOPN of received total packets------------------------------
sample pkts 4001 | sample bytes 307256 | total pkts 392817 | total bytes 30132025
TOPN SRC IP | estimated pps | estimated Bps | sample pkts | sample bytes
10.0.0.1 | 53704 | 3325882 | 547 | 33914
TOP3 interfaces(name,pkts): (Eth-Trunk1,547); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 dst IP(ip,pkts): (192.168.0.1,547); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,547); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,547); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,547); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,547); (0,0); (0,0)
10.0.0.2 | 52918 | 3277241 | 539 | 33418
TOP3 interfaces(name,pkts): (Eth-Trunk1,539); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 dst IP(ip,pkts): (192.168.0.2,539); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,539); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,539); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,539); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,539); (0,0); (0,0)
10.0.0.3 | 98 | 5099 | 1 | 52
TOP3 interfaces(name,pkts): (InLoopBack0,1); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 dst IP(ip,pkts): (192.168.0.3,1); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,1); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,1); (0,0); (0,0)
TOP3 src port(src port,pkts): (49350,1); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (3784,1); (0,0); (0,0)
TOPN DST IP | estimated pps | estimated Bps | sample pkts | sample bytes
192.168.0.1 | 53704 | 3325882 | 547 | 33914
TOP3 interfaces(name,pkts): (Eth-Trunk1,547); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 src IP(ip,pkts): (10.0.0.1,547); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,547); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,547); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,547); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,547); (0,0); (0,0)
192.168.0.2 | 52918 | 3277241 | 539 | 33418
TOP3 interfaces(name,pkts): (Eth-Trunk1,539); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 src IP(ip,pkts): (10.0.0.2,539); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,539); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,539); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,539); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,539); (0,0); (0,0)
192.168.0.3 | 98 | 5099 | 1 | 52
TOP3 interfaces(name,pkts): (InLoopBack0,1); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 src IP(ip,pkts): (10.0.0.3,1); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,1); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,1); (0,0); (0,0)
TOP3 src port(src port,pkts): (49350,1); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (3784,1); (0,0); (0,0)
-------------------------------------------------------------------------------------
----------------------IP TOPN of ipv4 session create packets-------------------------
sample pkts 1448 | sample bytes 89776 | total pkts 1449 | total bytes 89838
TOPN SRC IP | estimated pps | estimated Bps | sample pkts | sample bytes
10.0.0.1 | 790 | 49013 | 790 | 48980
TOP3 interfaces(name,pkts): (Eth-Trunk1,790); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 dst IP(ip,pkts): (192.168.0.1,790); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,790); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,790); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,790); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,790); (0,0); (0,0)
10.0.0.2 | 658 | 40824 | 658 | 40796
TOP3 interfaces(name,pkts): (Eth-Trunk1,658); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 dst IP(ip,pkts): (192.168.0.2,658); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,658); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,658); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,658); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,658); (0,0); (0,0)
TOPN DST IP | estimated pps | estimated Bps | sample pkts | sample bytes
192.168.0.1 | 790 | 49013 | 790 | 48980
TOP3 interfaces(name,pkts): (Eth-Trunk1,790); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 src IP(ip,pkts): (10.0.0.1,790); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,790); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,790); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,790); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,790); (0,0); (0,0)
192.168.0.2 | 658 | 40824 | 658 | 40796
TOP3 interfaces(name,pkts): (Eth-Trunk1,658); (MEth0/0/0,0); (MEth0/0/0,0)
TOP3 src IP(ip,pkts): (10.0.0.2,658); (0.0.0.0,0); (0.0.0.0,0)
TOP3 ethtype(ethtype,pkts): (0x0800,658); (0x0000,0); (0x0000,0)
TOP3 protocol(protocol,pkts): (17,658); (0,0); (0,0)
TOP3 src port(src port,pkts): (8000,658); (0,0); (0,0)
TOP3 dst port(dst port,pkts): (8000,658); (0,0); (0,0)
-------------------------------------------------------------------------------------
--------------------- IP TOPN of ipv6 session create packets-------------------------
-------------------------------------------------------------------------------------
Item |
Description |
|---|---|
TOPN type |
Type of conditions that trigger traffic source tracing. The options are as follows:
|
time |
Time when traffic source tracing statistics are collected. |
brief KPIs |
Key indicators. |
receive pps |
Rate at which packets are received in the current statistical period, in pps. |
receive Bps/Mbps |
Rate at which packets are received in the current statistical period, in bit/s or Mbit/s. |
cpu |
Current CPU usage. |
sample span |
Sampling interval of traffic source tracing. |
session create attempt |
Number of attempts to create sessions per second. |
session num |
Number of sessions in the current statistical period. |
session create success |
Number of sessions successfully created per second. |
last session refresh time |
Time when the session was last updated. |
TOPN of received total packets |
Top N analysis result of IPv4 and IPv6 traffic source tracing. A maximum of top 8 analysis results can be displayed. Only top 3 analysis results are listed here. |
sample pkts |
Number of sampled packets. |
sample bytes |
Number of sampled packet bytes. |
total pkts |
Total number of packets. |
total bytes |
Total number of bytes. |
TOPN SRC IP |
Top N source IP addresses. |
TOPN DST IP |
Top N destination IP addresses. |
estimated pps |
Traffic rate estimated based on the sampling result, in pps. |
estimated Bps |
Traffic rate estimated based on the sampling result, in bit/s. |
TOP3 interfaces(name,pkts) |
IDs of top 3 interfaces that receive the largest number of packets and the number of received packets. |
TOP3 dst IP(ip,pkts) |
Top 3 destination IP addresses regarding the largest packet statistics and the corresponding number of packets. |
TOP3 src IP(ip,pkts) |
Top 3 source IP addresses regarding the largest packet statistics and the corresponding number of packets. |
TOP3 ethtype(ethtype,pkts) |
Type of top 3 Ethernet regarding the largest packet statistics. |
TOP3 protocol(protocol,pkts) |
Type of top 3 protocols regarding the largest packet statistics and the corresponding number of packets. |
TOP3 src port(src port,pkts): |
IDs of top 3 source port regarding the largest packet statistics and the corresponding number of packets. |
TOP3 dst port(src port,pkts): |
IDs of top 3 destination port regarding the largest packet statistics and the corresponding number of packets. |
IP TOPN of ipv4 session create packets |
Top N analysis result of IPv4 traffic source tracing. |
IP TOPN of ipv6 session create packets |
Top N analysis result of IPv6 traffic source tracing. |