You can configure only one destination subnet address matching criterion for a top IPv4 or IPv6 session statistics policy. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify destination IP address 10.1.0.0/16 in a top session statistics policy.

[Sysname] Session ip-top-count policy

[Sysname-session-ip-top-count-policy] destination-ip subnet 10.1.0.0 16

Related commands

session ip-top-count policy

session ipv6-top-count policy

display session aging-time application

Use display session aging-time application to display the aging time for sessions of different application layer protocols or applications.

Syntax

display session aging-time application

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the aging time for sessions of different application layer protocols or applications.

<Sysname> display session aging-time application

Application Aging time(s)

bootpc 120

bootps 120

dns 30

ftp 3600

ftp-data 240

gprs-data 60

gprs-sig 60

gtp-control 60

gtp-user 60

h225 3600

h245 3600

https 600

ils 3600

l2tp 120

mgcp-callagent 60

mgcp-gateway 60

netbios-dgm 3600

netbios-ns 3600

netbios-ssn 3600

ntp 120

pptp 3600

qq 120

ras 300

rip 120

rsh 60

rtsp 3600

sccp 3600

sip 300

snmp 120

snmptrap 120

sqlnet 600

stun 600

syslog 120

tacacs-ds 120

tftp 60

who 120

xdmcp 3600

others 1200

Table 1 Command output

Field	Description
Application	Application layer protocol or application name.
Aging time(s)	Aging time in seconds.
others	All applications with an aging time of 1200 seconds.

Related commands

session aging-time application

display session aging-time state

Use display session aging-time stat to display the aging time for sessions in different protocol states.

Syntax

display session aging-time state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the aging time for sessions in different protocol states.

<Sysname> display session aging-time state

State Aging Time(s)

SYN 10

TCP-EST 3600

FIN 10

UDP-OPEN 10

UDP-READY 30

ICMP-REQUEST 30

ICMP-REPLY 10

RAWIP-OPEN 30

RAWIP-READY 60

UDPLITE-OPEN 30

UDPLITE-READY 60

DCCP-REQUEST 30

DCCP-EST 3600

DCCP-CLOSEREQ 30

SCTP-INIT 30

SCTP-EST 3600

SCTP-SHUTDOWN 30

ICMPV6-REQUEST 60

ICMPV6-REPLY 30

TCP-TIME-WAIT 2

TCP-CLOSE 2

Table 2 Command output

Field	Description
State	Protocol state.
Aging Time(s)	Aging time in seconds.

Related commands

session aging-time state

display session alg-app-change

Use display session alg-app-change to display APP ID change statistics.

Syntax

display session alg-app-change

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display APP ID change statistics.

<Sysname> display system internal session alg-app-change

Slot 1:

IPV4 : Failed to change session to session : 0

IPV4 : Success to change session to session : 0

IPV4 : Failed to change session to ext-session : 0

IPV4 : Success to change ext-session to ext-session : 0

IPV4 : Failed to change ext-session to ext-session : 0

IPV4 : Success change L7 application : 1

other:FileDownload:2024-03-07 11:25:4

IPV6 : Failed to change session to session : 0

IPV6 : Success to change session to session : 0

IPV6 : Failed to change session to ext-session : 0

IPV6 : Success to change ext-session to ext-session : 0

IPV6 : Failed to change ext-session to ext-session : 0

IPV6 : Success change L7 application

Table 3 Command output

Field	Description
Failed to change session to session	Number of regular sessions failing to be changed to regular sessions.
Success to change session to session	Number of regular sessions changed to regular sessions successfully. The APP ID before the change, the APP ID after the change, and the chagne time will be displayed.
Failed to change session to ext-session	Number of regular sessions failing to be changed to extended sessions.
Success to change ext-session to ext-session	Number of regular sessions changed to extended sessions successfully. The APP ID before the change, the APP ID after the change, and the chagne time will be displayed.
Failed to change ext-session to ext-session	Number of extended sessions failing to be changed to extended sessions.
Success change L7 application	Number of successful L7 APP ID changes. The APP ID before the change, the APP ID after the change, and the chagne time will be displayed.

Related commands

reset session alg-app-change

display session ip-top-count policy

Use display session ip-top-count policy to display the configuration about top IPv4 session statistics.

Syntax

display session ip-top-count policy

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the configuration about top IPv4 session statistics.

[Sysname] display session ip-top-count policy

Top IPv4 session statistics policy:

Source IP Subnet: 1.1.1.0 24

Destination IP Subnet: 2.2.2.0 24

Table 4 Command output

Field	Description
Source IP subnet	Source IP address matching criterion in the top session statistics policy for IPv4 sessions.
Destination IP subnet	Destination IP address matching criterion in the top session statistics policy for IPv4 sessions.

Related commands

session ip-top-count policy

display session ipv6-top-count policy

Use display session ipv6-top-count policy to display the configuration about top IPv6 session statistics.

Syntax

display session ipv6-top-count policy

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the configuration about top IPv6 session statistics.

[Sysname] display session ipv6-top-count policy

Top IPv6 session statistics policy:

Source IPv6 Subnet: 1234::ss96

Destination IPv6 Subnet: 5678::96

Table 5 Command output

Field	Description
Source IP subnet	Source IP address matching criterion in the top IPv6 session statistics policy.
Destination IP subnet	Destination IP address matching criterion in the top IPv6 session statistics policy.

Related commands

session ipv6-top-count policy

display session relation-table aging-time application

Use display session relation-table aging-time application to display the aging time for SIP-SDP and SUNRPC session relation entries.

Syntax

display session relation-table aging-time application

Views

Any view

Predefined user roles

network-admin

Examples

# Display the aging time for SIP-SDP and SUNRPC session relation entries.

<Sysname> display session relation-table aging-time application

Application Aging time(s)

SIP-SDP 3600

SUNRPC 14400

Table 6 Command output

Field	Description
Application	Application layer protocol name.
Aging time(s)	Aging time for the session relation entries, in seconds.

display session statistics

Use display session statistics to display unicast session statistics.

Syntax

display session statistics [ history-max | summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

history-max: Displays history statistics of the maximum unicast sessions and the maximum unicast session establishment rates. If you do not specify this keyword, the command displays all unicast session statistics.

summary: Displays summary information about unicast session statistics. If you do not specify this keyword, the command displays detailed information about unicast session statistics.

Usage guidelines

If you do not specify any parameters, this command displays detailed information about the current unicast session statistics.

Examples

# Display detailed information about unicast session statistics.

<Sysname> display session statistics

Slot 1:

Current sessions: 3

TCP sessions: 0

UDP sessions: 0

ICMP sessions: 3

ICMPv6 sessions: 0

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

DNS sessions: 0

FTP sessions: 0

GTP sessions: 0

H323 sessions: 0

HTTP sessions: 0

ILS sessions: 0

MGCP sessions: 0

NBT sessions: 0

PPTP sessions: 0

RSH sessions: 0

RTSP sessions: 0

SCCP sessions: 0

SIP sessions: 0

SMTP sessions: 0

SQLNET sessions: 0

SSH sessions: 0

SUNRPC sessions: 0

TELNET sessions: 0

TFTP sessions: 0

XDMCP sessions: 0

History average sessions per second:

Past hour: 1

Past 24 hours: 0

Past 30 days: 0

History average session establishment rate:

Past hour: 0/s

Past 24 hours: 0/s

Past 30 days: 0/s

Current relation-table entries: 0

Relation table establishment rate: 0/s

Session establishment rate: 0/s

TCP: 0/s

UDP: 0/s

ICMP: 0/s

ICMPv6: 0/s

UDP-Lite: 0/s

SCTP: 0/s

DCCP: 0/s

RAWIP: 0/s

Received TCP : 0 packets 0 bytes

Received UDP : 118 packets 13568 bytes

Received ICMP : 105 packets 8652 bytes

Received ICMPv6 : 0 packets 0 bytes

Received UDP-Lite : 0 packets 0 bytes

Received SCTP : 0 packets 0 bytes

Received DCCP : 0 packets 0 bytes

Received RAWIP : 0 packets 0 bytes

Table 7 Command output

Field	Description
Current sessions	Total number of unicast sessions.
TCP sessions	Number of TCP sessions.
UDP sessions	Number of UDP sessions.
ICMP sessions	Number of ICMP sessions.
ICMPv6 sessions	Number of ICMPv6 sessions.
UDP-Lite sessions	Number of UDP-Lite sessions.
SCTP sessions	Number of SCTP sessions.
DCCP sessions	Number of DCCP sessions.
RAWIP sessions	Number of Raw IP sessions.
DNS sessions	Number of DNS unicast sessions.
FTP sessions	Number of FTP unicast sessions.
GTP sessions	Number of GTP unicast sessions.
H323 sessions	Number of H.323 unicast sessions.
HTTP sessions	Number of HTTP unicast sessions.
ILS sessions	Number of ILS unicast sessions.
MGCP sessions	Number of MGCP unicast sessions.
NBT sessions	Number of NBT unicast sessions.
PPTP sessions	Number of PPTP unicast sessions.
RSH sessions	Number of RSH unicast sessions.
RTSP sessions	Number of RTSP unicast sessions.
SCCP sessions	Number of SCCP unicast sessions.
SIP sessions	Number of SIP unicast sessions.
SMTP sessions	Number of SMTP unicast sessions.
SQLNET sessions	Number of SQLNET unicast sessions.
SSH sessions	Number of SSH unicast sessions.
SUNRPC sessions	Number of SUNRPC unicast sessions.
TELNET sessions	Number of Telnet unicast sessions.
TFTP sessions	Number of TFTP unicast sessions.
XDMCP sessions	Number of XDMCP unicast sessions.
History average sessions per second	History statistics of average sessions per second.
Past hour	The average number of sessions per second in the most recent hour.
Past 24 hours	The average number of sessions per second in the most recent 24 hours.
Past 30 days	The average number of sessions per second in the most recent 30 days.
History average session establishment rate	History statistics of average session establishment rates.
Past hour	The average session establishment rate in the most recent hour.
Past 24 hours	The average session establishment rate in the most recent 24 hours.
Past 30 days	The average session establishment rate in the most recent 30 days.
Current relation-table entries	Total number of relation entries.
Relation table establishment rate	Rate of relation table establishment.
Session establishment rate	Unicast session establishment rate, and rates for establishing unicast sessions of different protocols.
Received TCP	Number of received TCP packets and bytes.
Received UDP	Number of received UDP packets and bytes.
Received ICMP	Number of received ICMP packets and bytes.
Received ICMPv6	Number of received ICMPv6 packets and bytes.
Received UDP-Lite	Number of received UDP-Lite packets and bytes.
Received SCTP	Number of received SCTP packets and bytes.
Received DCCP	Number of received DCCP packets and bytes.
Received RAWIP	Number of received Raw IP packets and bytes.

# ‌Display summary information about unicast session statistics.

<Sysname> display session statistics summary

Slot Sessions TCP UDP Rate TCP rate UDP rate

0 3 0 0 0/s 0/s 0/s

Table 8 Command output

Field	Description
Sessions	Total number of unicast sessions.
TCP	Number of TCP unicast sessions.
UDP	Number of UDP unicast sessions.
Rate	Rate of unicast session creation.
TCP rate	Rate of TCP unicast session creation.
UDP rate	Rate of UDP unicast session creation.

# ‌Display history statistics of the maximum unicast sessions and maximum unicast session establishment rates.

<Sysname> display session statistics history-max

Slot 0:

Max sessions: 20084 Time: 2017-03-04 12:03:53

Max session establishment rate: 9080/s Time: 2017-03-04 12:03:53

Max TCP sessions: 20084 Time: 2017-03-04 12:03:53

Max TCP session establishment rate: 9080/s Time: 2017-03-04 12:03:53

Max UDP sessions: 0 Time: 2017-03-04 12:03:53

Max UDP session establishment rate: 0 Time: 2017-03-04 12:03:53

Table 9 Command output

Field	Description
Max sessions	History statistics of the maximum unicast sessions.
Max session establishment rate	History statistics of the maximum rate at which unicast sessions were created.
Max TCP sessions	History statistics of the maximum TCP unicast sessions.
Max TCP session establishment rate	History statistics of the maximum rate at which TCP unicast sessions were created.
Max UDP sessions	History statistics of the maximum UDP unicast sessions.
Max UDP session establishment rate	History statistics of the maximum rate at which UDP unicast sessions were created.

display session statistics ipv4

Use display session statistics ipv4 to display IPv4 unicast session statistics.

Syntax

display session statistics ipv4 [ [ responder ] { application application-name | destination-ip destination-ip | destination-port destination-port | destination-zone destination-zone-name | interface interface-type interface-number | protocol { dccp | dns | ftp | gtp | h323 | http | icmp | ils | mgcp | nbt | pptp | raw-ip | rsh | rtsp | sccp | sctp | sip | smtp | sqlnet | ssh | tcp | telnet | tftp | udp | udp-lite | xdmcp } | security-policy-rule rule-name | source-ip source-ip | source-port source-port | source-zone source-zone-name | state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmp-reply | icmp-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready } } * ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays statistics about IPv4 unicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays statistics about IPv4 unicast sessions from the initiator to the responder.

application application-name: Specifies an application protocol by its name. The application-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

destination-ip destination-ip: Specifies a destination IPv4 address for a unicast session.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of an IPv6 unicast session. The value range for the destination-port argument is 0 to 65535.

destination-zone destination-zone-name: Specifies a destination security zone by its name, a case-insensitive string of 1 to 31 characters.

interface interface-type interface-num: Specifies an interface by its type and number.

protocol { dccp | dns | ftp | gtp | h323 | http | icmp | ils | mgcp | nbt | pptp | raw-ip | rsh | rtsp | sccp | sctp | sip | smtp | sqlnet | ssh | tcp | telnet | tftp | udp | udp-lite | xdmcp }: Specifies an IPv4 protocol.

security-policy-rule rule-name: Specifies a security policy rule by its name for session filtering. The rule-name argument represents the name of the security policy rule, a case-sensitive string of 1 to 127 characters.

source-ip source-ip: Specifies a source IPv4 address for a unicast session.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv4 unicast session. The value range for the source-port argument is 0 to 65535.

source-zone source-zone-name: Specifies a source security zone by its name, a case-insensitive string of 1 to 31 characters.

state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmp-reply | icmp-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready }: Specifies a protocol state.

Usage guidelines

If you do not specify any parameters, this command displays all IPv4 unicast session statistics.

Examples

# Display statistics for unicast sessions from IP address 111.15.111.66.

<Sysname> display session statistics ipv4 source-ip 111.15.111.66

CPU 1 on slot 1:

Current sessions: 3

TCP sessions: 0

UDP sessions: 0

ICMP sessions: 3

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

DNS sessions: 0

FTP sessions: 0

GTP sessions: 0

H323 sessions: 0

HTTP sessions: 0

ILS sessions: 0

MGCP sessions: 0

NBT sessions: 0

PPTP sessions: 0

RSH sessions: 0

RTSP sessions: 0

SCCP sessions: 0

SIP sessions: 0

SMTP sessions: 0

SQLNET sessions: 0

SSH sessions: 0

TELNET sessions: 0

TFTP sessions: 0

XDMCP sessions: 0

# Display statistics for IPv4 unicast TCP sessions.

<Sysname> display session statistics ipv4 protocol tcp

CPU 1 on slot 1:

Current sessions: 3

TCP sessions: 3

Table 10 Command output

Field	Description
Current sessions	Total number of unicast sessions.
TCP sessions	Number of TCP unicast sessions.
UDP sessions	Number of UDP unicast sessions.
ICMP sessions	Number of ICMP unicast sessions.
UDP-Lite sessions	Number of UDP-Lite unicast sessions.
SCTP sessions	Number of SCTP unicast sessions.
DCCP sessions	Number of DCCP unicast sessions.
RAWIP sessions	Number of Raw IP unicast sessions.
DNS sessions	Number of DNS unicast sessions.
FTP sessions	Number of FTP unicast sessions.
GTP sessions	Number of GTP unicast sessions.
H323 sessions	Number of H.323 unicast sessions.
HTTP sessions	Number of HTTP unicast sessions.
ILS sessions	Number of ILS unicast sessions.
MGCP sessions	Number of MGCP unicast sessions.
NBT sessions	Number of NBT unicast sessions.
PPTP sessions	Number of PPTP unicast sessions.
RSH sessions	Number of RSH unicast sessions.
RTSP sessions	Number of RTSP unicast sessions.
SCCP sessions	Number of SCCP unicast sessions.
SIP sessions	Number of SIP unicast sessions.
SMTP sessions	Number of SMTP unicast sessions.
SQLNET sessions	Number of SQLNET unicast sessions.
SSH sessions	Number of SSH unicast sessions.
TELNET sessions	Number of Telnet unicast sessions.
TFTP sessions	Number of TFTP unicast sessions.
XDMCP sessions	Number of XDMCP unicast sessions.

display session statistics ipv6

Use display session statistics ipv6 to display IPv6 unicast session statistics.

Syntax

display session statistics ipv6 [ [ responder ] { application application-name | destination-ip destination-ip | destination-port destination-port | destination-zone destination-zone-name | interface interface-type interface-number | protocol { dccp | dns | ftp | gtp | h323 | http | icmpv6 | ils | mgcp | nbt | pptp | raw-ip | rsh | rtsp | sccp | sctp | sip | smtp | sqlnet | ssh | tcp | telnet | tftp | udp | udp-lite | xdmcp } | security-policy-rule rule-name | source-ip source-ip | source-port source-port | source-zone source-zone-name | state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmpv6-reply | icmpv6-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready } } * ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays statistics about IPv6 unicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays statistics about IPv6 unicast sessions from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address for a unicast session.

destination-zone destination-zone-name: Specifies a destination security zone by its name, a case-insensitive string of 1 to 31 characters.

interface interface-type interface-num: Specifies an interface by its type and number.

protocol { dccp | dns | ftp | gtp | h323 | http | icmpv6 | ils | mgcp | nbt | pptp | raw-ip | rsh | rtsp | sccp | sctp | sip | smtp | sqlnet | ssh | tcp | telnet | tftp | udp | udp-lite | xdmcp }: Specifies an IPv6 protocol.

source-ip source-ip: Specifies a source IPv6 address for a unicast session.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv6 unicast session. The value range for the source-port argument is 0 to 65535.

source-zone source-zone-name: Specifies a source security zone by its name, a case-insensitive string of 1 to 31 characters.

state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmpv6-reply | icmpv6-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready }: Specifies a protocol state.

Examples

# Display statistics for unicast sessions from IPv6 address 100::2.

<Sysname> display session statistics ipv6 source-ip 100::2

CPU 1 on slot 1:

Current sessions: 3

TCP sessions: 0

UDP sessions: 0

ICMPv6 sessions: 3

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

DNS sessions: 0

FTP sessions: 0

GTP sessions: 0

H323 sessions: 0

HTTP sessions: 0

ILS sessions: 0

MGCP sessions: 0

NBT sessions: 0

PPTP sessions: 0

RSH sessions: 0

RTSP sessions: 0

SCCP sessions: 0

SIP sessions: 0

SMTP sessions: 0

SQLNET sessions: 0

SSH sessions: 0

TELNET sessions: 0

TFTP sessions: 0

XDMCP sessions: 0

# Display statistics for IPv6 unicast TCP sessions.

<Sysname> display session statistics ipv6 protocol tcp

CPU 1 on slot 1:

Current sessions: 3

TCP sessions: 3

Table 11 Command output

Field	Description
Current sessions	Total number of unicast sessions.
TCP sessions	Number of TCP unicast sessions.
UDP sessions	Number of UDP unicast sessions.
ICMPv6 sessions	Number of ICMPv6 unicast sessions.
UDP-Lite sessions	Number of UDP-Lite unicast sessions.
SCTP sessions	Number of SCTP unicast sessions.
DCCP sessions	Number of DCCP unicast sessions.
RAWIP sessions	Number of Raw IP unicast sessions.
DNS sessions	Number of DNS unicast sessions.
FTP sessions	Number of FTP unicast sessions.
GTP sessions	Number of GTP unicast sessions.
H323 sessions	Number of H.323 unicast sessions.
HTTP sessions	Number of HTTP unicast sessions.
ILS sessions	Number of ILS unicast sessions.
MGCP sessions	Number of MGCP unicast sessions.
NBT sessions	Number of NBT unicast sessions.
PPTP sessions	Number of PPTP unicast sessions.
RSH sessions	Number of RSH unicast sessions.
RTSP sessions	Number of RTSP unicast sessions.
SCCP sessions	Number of SCCP unicast sessions.
SIP sessions	Number of SIP unicast sessions.
SMTP sessions	Number of SMTP unicast sessions.
SQLNET sessions	Number of SQLNET unicast sessions.
SSH sessions	Number of SSH unicast sessions.
TELNET sessions	Number of Telnet unicast sessions.
TFTP sessions	Number of TFTP unicast sessions.
XDMCP sessions	Number of XDMCP unicast sessions.

display session statistics multicast

Use display session statistic multicast to display multicast session statistics.

Syntax

display session statistics multicast

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# ‌Display information about multicast session statistics.

<Sysname> display session statistics multicast

Slot 0:

Current sessions: 0

Session establishment rate: 0/s

History max sessions: 0 Time: 2017-04-25 11:28:00

History max session establishment rate: 0/s Time: 2017-04-25 11:28:00

Received: 0 packets 0 bytes

Sent : 0 packets 0 bytes

Table 12 Command output

Field	Description
Current sessions	Total number of multicast sessions.
Session establishment rate	Rate of multicast session creation.
History max sessions	History statistics of the maximum multicast sessions.
History max session establishment rate	History statistics of the maximum rate at which multicast sessions were created.
Received	Number of received multicast packets and bytes.
Sent	Number of sent multicast packets and bytes.

display session statistics summary all

Use display session statistics summary all to display session statistics summary.

Syntax

display session statistics summary all

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display session statistics summary.

<Sysname> system-view

[Sysname] display session statistics summary all

Total sessions Session creation rate

10 0

Related commands

display session statistics summary

display session table ipv4

Use display session table ipv4 to display information about IPv4 unicast session entries that match specific criteria.

Syntax

display session table ipv4 [ [ responder ] { application application-name | destination-ip start-destination-ip [ end-destination-ip ] | destination-port start-destination-port [ end-destination-port ] | destination-zone destination-zone-name | interface interface-type interface-number | protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } | security-policy-rule rule-name| security-policy-rule-id rule-id | source-ip start-source-ip [ end-source-ip ] | source-port start-source-port [ end-source-port ] | source-zone source-zone-name | state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmp-reply | icmp-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready } } * ] [ verbose | brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays entries of IPv4 unicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays entries of IPv4 unicast sessions from the initiator to the responder.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a unicast session. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.

destination-port start-destination-port [ end-destination-port ]: Specifies a destination port or destination port range for a unicast session. The start-destination-port argument specifies the start destination port. The end-destination-port argument specifies the end destination port. The value ranges for the start-destination-port and end-destination-port arguments are both 0 to 65535.

destination-zone destination-zone-name: Specifies a destination security zone by its name, a case-insensitive string of 1 to 31 characters.

interface interface-type interface-num: Specifies an interface by its type and number.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

security-policy-rule-id rule-id: Specifies a security policy rule by its ID in the range of 0 to 4294967295.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a unicast session. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.

source-port start-source-port [ end-source-port ]: Specifies a source port or source port range for a unicast session. The start-source-port argument specifies the start source port. The end-source-port argument specifies the end source port. The value ranges for the start-source-port and end-source-port arguments are both 0 to 65535.

source-zone source-zone-name: Specifies a source security zone by its name, a case-insensitive string of 1 to 31 characters.

verbose: Displays detailed information about IPv4 unicast session entries. If you do not specify this keyword, the command displays summary information about IPv4 unicast session entries.

brief: Displays brief information about IPv4 unicast session entries. If you do not specify this keyword, the command displays summary information about IPv4 unicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv4 unicast session entries.

Examples

# ‌Display summary information about all IPv4 unicast session entries. ‌

<Sysname> display session table ipv4

Total number of sessions on all slots: 1

Slot 0:

Initiator:

Source IP/port: 192.168.1.18/1877

Destination IP/port: 192.168.1.55/22

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Vlan-interface 100

Total sessions found: 1

# ‌Display detailed information about all IPv4 unicast session entries. ‌

<Sysname> display session table ipv4 verbose

Total number of sessions on all slots: 1

Slot 0:

Initiator:

Source IP/port: 192.168.1.18/1877

Destination IP/port: 192.168.1.55/22

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Vlan-interface 100

Responder:

Source IP/port: 192.168.1.55/22

Destination IP/port: 192.168.1.18/1877

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Vlan-interface 101

State: TCP_SYN_SENT

Application: SSH (Service name: SSH)

Start time: 2011-07-29 19:12:36 TTL: 28s

Initiator->Responder: 1 packets 48 bytes

Responder->Initiator: 0 packets 0 bytes

Total sessions found: 1

# ‌Display brief information about all IPv4 unicast session entries.

<Sysname> display session table ipv4 brief

Total number of sessions on all slots: 1

Slot 0:

Application VPN(Src->Dst) SIP/Port->DIP/Port

GENERAL_TCP public->public (backup)192.168.1.1/4398(1.1.1.1/2107)->192.168.2.2/2048

Total sessions found: 1

Table 13 Command output

Field	Description
Initiator	Information about the unicast session from the initiator to the responder.
Responder	Information about the unicast session from the responder to the initiator.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. When the unicast session does not belong to any DS-Lite tunnel, this field displays a hyphen (-).
VPN instance/VLAN ID/Inline ID	MPLS L3VPN instances are not supported in the current software version. MPLS L3VPN instance to which the unicast session belongs. VLAN and inline to which the session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
Inbound interface	Interface on which packets are received.
Source security zone	Security zone to which the inbound interface belongs. If the inbound interface does not belong to any security zone, this field displays a hyphen (-).
NAT global policy	Name of the global NAT rule.
State	Unicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. Service name indicates the service type, which can be DNS, FTP, or SSH.
Rule ID	ID of the security policy rule.
Rule name	Name of the security policy rule.
Start time	Unicast session establishment time.
TTL	Remaining lifetime of the unicast session, in seconds.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Responder->Initiator	Number of packets and bytes from the responder to the initiator.
Total sessions found	Total number of found unicast session entries.
VPN(Src->Dst)	Source VPN instance name and destination VPN instance name.
(backup)	A session backed up from the hot backup peer.
SIP/Port->DIP/Port	The source IP address/port number and destination IP address/port number. If the session undergoes NAT conversion, the post-NAT converted address is enclosed with square brackets ([]).

display session table ipv6

Use display session table ipv6 to display information about IPv6 unicast session entries that match specific criteria.

Syntax

display session table ipv6 [ [ responder ] { application application-name | destination-ip start-destination-ip [ end-destination-ip ] | destination-port start-destination-port [ end-destination-port ] | destination-zone destination-zone-name | interface interface-type interface-number | protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } | security-policy-rule rule-name | security-policy-rule-id rule-id | source-ip start-source-ip [ end-source-ip ] | source-port start-source-port [ end-source-port ] | source-zone source-zone-name | state { dccp-closereq | dccp-closing | dccp-open | dccp-partopen | dccp-request | dccp-respond | dccp-timewait | icmpv6-reply | icmpv6-request | rawip-open | rawip-ready | sctp-closed | sctp-cookie-echoed | sctp-cookie-wait | sctp-established | sctp-shutdown-ack-sent | sctp-shutdown-recd | sctp-shutdown-sent | tcp-close | tcp-close-wait | tcp-est | tcp-fin-wait | tcp-last-ack | tcp-syn-recv | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-open | udp-ready | udplite-open | udplite-ready } } * ] [ verbose | brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays entries of IPv6 unicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays entries of IPv6 unicast sessions from the initiator to the responder.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a unicast session. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.

destination-port start-destination-port [ end-destination-port ]: Specifies a destination port or destination port range for an IPv6 unicast session. The start-destination-port argument specifies the start destination port. The end-destination-port argument specifies the end destination port. The value ranges for the start-destination-port and end-destination-port arguments are both 0 to 65535.

destination-zone destination-zone-name: Specifies a destination security zone by its name, a case-insensitive string of 1 to 31 characters.

interface interface-type interface-num: Specifies an interface by its type and number.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

security-policy-rule-id rule-id: Specifies a security policy rule by its ID in the range of 0 to 4294967295.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a unicast session. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.

source-port start-source-port [ end-source-port ]: Specifies a source port or source port range for an IPv6 unicast session. The start-source-port argument specifies the start source port. The end-source-port argument specifies the end source port. The value ranges for the start-source-port and end-source-port arguments are both 0 to 65535.

source-zone source-zone-name: Specifies a source security zone by its name, a case-insensitive string of 1 to 31 characters.

verbose: Displays detailed information about IPv6 unicast session entries. If you do not specify this keyword, the command displays summary information about IPv6 unicast session entries.

brief: Displays brief information about IPv6 unicast session entries. If you do not specify this keyword, the command displays summary information about IPv6 unicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv6 unicast session entries.

Examples

# ‌Display summary information about all IPv6 unicast session entries. ‌

<Sysname> display session table ipv6

Total number of sessions on all slots: 1

Slot 0:

Initiator:

Source IP/port: 2011::2/58473

Destination IP/port: 2011::8/32768

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Vlan-interface 100

Total sessions found: 1

# ‌Display detailed information about all IPv6 unicast session entries. ‌

<Sysname> display session table ipv6 verbose

Total number of sessions on all slots: 1

Slot 0:

Initiator:

Source IP/port: 2011::2/58473

Destination IP/port: 2011::8/32768

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Vlan-interface 100

Responder:

Source IP/port: 2011::8/58473

Destination IP/port: 2011::2/33024

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Vlan-interface 101

State: ICMPV6_REQUEST

Application: OTHER (Service name: ICMP)

Start time: 2011-07-29 19:23:41 TTL: 55s

Initiator->Responder: 1 packets 104 bytes

Responder->Initiator: 0 packets 0 bytes

Total sessions found: 1

# ‌Display brief information about all IPv6 unicast session entries.

<Sysname> display session table ipv6 brief

Total number of sessions on all slots: 1

Slot 0:

Application VPN(Src->Dst) SIP/Port->DIP/Port

GENERAL_TCP public->public (backup)1:1::/1(3:3::/1213)->2:2::/32768

Total sessions found: 1

Table 14 Command output

Field	Description
Initiator	Information about the unicast session from the initiator to the responder.
Responder	Information about the unicast session from the responder to the initiator.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. When the unicast session is not tunneled by DS-Lite, this field displays a hyphen (-).
VPN instance/VLAN ID/Inline ID	MPLS L3VPN instances are not supported in the current software version. MPLS L3VPN instance to which the unicast session belongs. VLAN and inline to which the unicast session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
Inbound interface	Interface on which packets are received.
Source security zone	Security zone to which the inbound interface belongs. If the inbound interface does not belong to any security zone, this field displays a hyphen (-).
NAT global policy	Name of the global NAT rule.
State	Unicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. Service name indicates the service type, which can be DNS, FTP, or SSH.
Rule ID	ID of the security policy rule.
Rule name	Name of the security policy rule.
Start time	Unicast session establishment time.
TTL	Remaining lifetime of the unicast session, in seconds.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Responder->Initiator	Number of packets and bytes from the responder to the initiator.
Total sessions found	Total number of found unicast session entries.
VPN(Src->Dst)	Source VPN instance name and destination VPN instance name.
(backup)	A session backed up from the hot backup peer.
SIP/Port->DIP/Port	The source IP address/port number and destination IP address/port number. If the session undergoes NAT conversion, the post-NAT converted address is enclosed with square brackets ([]).

display session table multicast ipv4

Use display session table multicast ipv4 to display information about IPv4 multicast session entries that match specific criteria.

Syntax

display session table multicast ipv4 [ [ responder ] { destination-ip start-destination-ip [ end-destination-ip ] | destination-port destination-port | protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } | source-ip start-source-ip [ end-source-ip ] | source-port source-port } * ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays entries of IPv4 multicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays entries of IPv4 multicast sessions from the initiator to the responder.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a multicast session. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session. The value range for the destination-port argument is 0 to 65535.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a multicast session. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session. The value range for the source-port argument is 0 to 65535.

verbose: Displays detailed information about IPv4 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv4 multicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv4 multicast session entries.

Examples

# ‌Display brief information about all IPv4 multicast session entries. ‌

<Sysname> display session table multicast ipv4

Slot 0:

Inbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound interface: Vlan-interface 100

Outbound interface list:

Vlan-interface 101

Vlan-interface 102

Total sessions found: 3

# ‌Display detailed information about all IPv4 multicast session entries. ‌

<Sysname> display session table multicast ipv4 verbose

Slot 0:

Inbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound interface: Vlan-interface 100

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Outbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound interface: Vlan-interface 101

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Outbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound interface: Vlan-interface 102

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Total sessions found: 3

Table 15 Command output

Field	Description
Inbound initiator	Information about the multicast session from the initiator to the responder on the inbound interface.
Inbound responder	Information about the multicast session from the responder to the initiator on the inbound interface.
Outbound initiator	Information about the multicast session from the initiator to the responder on the outbound interface.
Outbound responder	Information about the multicast session from the responder to the initiator on the outbound interface.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-).
VPN instance/VLAN ID/Inline ID	MPLS L3VPN instances are not supported in the current software version. MPLS L3VPN instance to which the multicast session belongs. VLAN and inline to which the multicast session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Multicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Time when the multicast session was created.
TTL	Remaining lifetime of the multicast session, in seconds.
Inbound interface	Inbound interface of the first packet from the initiator to responder.
Outbound interface	Outbound interface of the first packet from the initiator to responder.
Outbound interface list	Outbound interfaces of the first packet from the initiator to responder.
Source security zone	Security zone to which the inbound interface belongs. If the inbound interface does not belong to any security zone, this field displays a hyphen (-).
Destination security zone	Security zone to which the outbound interface belongs. If the outbound interface does not belong to any security zone, this field displays a hyphen (-).
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Total sessions found	Total number of found multicast session entries.

display session table multicast ipv6

Use display session table multicast ipv6 to display information about IPv6 multicast session entries that match specific criteria.

Syntax

display session table multicast ipv6 [ [ responder ] { destination-ip start-destination-ip [ end-destination-ip ] | destination-port destination-port | protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } | source-ip start-source-ip [ end-source-ip ] | source-port source-port } * ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

responder: Displays entries of IPv6 multicast sessions from the responder to the initiator. If you do not specify this keyword, the command displays entries of IPv4 multicast sessions from the initiator to the responder.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a multicast session. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a multicast session. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session. The value range for the source-port argument is 0 to 65535.

verbose: Displays detailed information about IPv6 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv6 multicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv6 multicast session entries.

Examples

# ‌Display brief information about all IPv6 multicast session entries. ‌

<Sysname> display session table multicast ipv6

Slot 0:

Inbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound interface: Vlan-interface 100

Outbound interface list:

Vlan-interface 101

Vlan-interface 102

Total sessions found: 3

# ‌Display detailed information about all IPv6 multicast session entries. ‌

<Sysname> display session table multicast ipv6 verbose

Slot 0:

Inbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Inbound interface: Vlan-interface 100

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Outbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound interface: Vlan-interface 101

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Outbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: UDP(17)

Outbound interface: Vlan-interface 102

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Total sessions found: 3

Table 16 Command output

Field	Description
Inbound initiator	Information about the multicast session from the initiator to the responder on the inbound interface.
Inbound responder	Information about the multicast session from the responder to the initiator on the inbound interface.
Outbound initiator	Information about the multicast session from the initiator to the responder on the outbound interface.
Outbound responder	Information about the multicast session from the responder to the initiator on the outbound interface.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-).
VPN instance/VLAN ID/Inline ID	MPLS L3VPN instances are not supported in the current software version. MPLS L3VPN instance to which the multicast session belongs. VLAN and inline to which the multicast session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Multicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Time when the multicast session was created.
TTL	Remaining lifetime of the multicast session, in seconds.
Inbound interface	Inbound interface of the first packet from the initiator to responder.
Outbound interface	Outbound interface of the first packet from the initiator to responder.
Outbound interface list	Outbound interfaces of the first packet from the initiator to responder.
Source security zone	Security zone to which the inbound interface belongs. If the inbound interface does not belong to any security zone, this field displays a hyphen (-).
Destination security zone	Security zone to which the outbound interface belongs. If the outbound interface does not belong to any security zone, this field displays a hyphen (-).
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Total sessions found	Total number of found multicast session entries.

reset session alg-app-change

Use reset session alg-app-change to clear APP ID change statistics.

Syntax

reset session alg-app-change

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Clear APP ID change statistics.

<Sysname> clear session alg-app-change

Related commands

display session alg-app-change

reset session relation-table

Use reset session relation-table to clear relation entries.

Syntax

reset session relation-table [ ipv4 | ipv6 ] [ { application application-name | destination-ip destination-ip | destination-port destination-port | protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } | source-ip source-ip | source-port source-port } * ]

Views

User view

Predefined user roles

network-admin

Parameters

ipv4: Specifies IPv4 relation entries.

ipv6: Specifies IPv6 relation entries.

destination-ip destination-ip: Specifies a destination IPv4 address for a relation entry.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a relation entry. The value range for the destination-port argument is 0 to 65535.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies a protocol.

source-ip source-ip: Specifies a source IPv4 address for a relation entry.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a relation entry. The value range for the source-port argument is 0 to 65535.

Usage guidelines

If you do not specify any parameters, this command clears all relation entries.

Examples

# Clear all IPv4 relation entries.

<Sysname> reset session relation-table ipv4

# Clear IPv4 relation entries for source IP address 10.10.10.10.

<Sysname> reset session relation-table ipv4 source-ip 10.10.10.10

Related commands

display session relation-table

reset session statistics

Use reset session statistics to clear unicast session statistics.

Syntax

reset session statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear all unicast session statistics.

<Sysname> reset session statistics

Related commands

display session statistics

reset session statistics multicast

Use reset session statistics multicast to clear multicast session statistics.

Syntax

reset session statistics multicast

Views

User view

Predefined user roles

network-admin

Examples

# Clear all multicast session statistics.

<Sysname> reset session statistics multicast

Related commands

display session statistics multicast

reset session table

Use reset session table to clear IP unicast session entries.

Syntax

reset session table

Views

User view

Predefined user roles

network-admin

Examples

# Clear all unicast session entries.

<Sysname> reset session table

Related commands

display session table ipv4

display session table ipv6

reset session table ipv4

Use reset session table ipv4 to clear information about IPv4 unicast session entries that match specific criteria.

Syntax

reset session table ipv4 [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port start-source-port [ end-source-port ] ] [ destination-port start-destination-port [ end-destination-port ] ]

Views

User view

Predefined user roles

network-admin

Parameters

source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a unicast session from the initiator to the responder.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

Usage guidelines

If you do not specify any parameters, this command clears all IPv4 unicast session entries on the public network.

Examples

# Clear all IPv4 unicast session entries.

<Sysname> reset session table ipv4

# Clear the IPv4 unicast session entries with the source IP address of 10.10.10.10.

<Sysname> reset session table ipv4 source-ip 10.10.10.10

Related commands

display session table ipv4

reset session table ipv6

Use reset session table ipv6 to clear information about IPv6 unicast session entries that match the specified criteria.

Syntax

reset session table ipv6 [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port start-source-port [ end-source-port ] ] [ destination-port start-destination-port [ end-destination-port ] ]

Views

User view

Predefined user roles

network-admin

Parameters

source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a unicast session from the initiator to the responder.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

Usage guidelines

If you do not specify any parameters, this command clears all IPv6 unicast session entries on the public network.

Examples

# Clear all IPv6 unicast session entries.

<Sysname> reset session table ipv6

# Clear the IPv6 unicast session entries with the source IP address of 2011::0002.

<Sysname> reset session table ipv6 source-ip 2011::0002

Related commands

display session table ipv6

reset session table multicast

Use reset session table multicast to clear IP multicast session entries.

Syntax

reset session table multicast

Views

User view

Predefined user roles

network-admin

Examples

# Clear all multicast session entries.

<Sysname> reset session table multicast

Related commands

display session table multicast ipv4

display session table multicast ipv6

reset session table multicast ipv4

Use reset session table multicast ipv4 to clear information about IPv4 multicast session entries that match specific criteria.

Syntax

reset session table multicast ipv4 [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ]

Views

User view

Predefined user roles

network-admin

Parameters

source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a multicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a multicast session from the initiator to the responder.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.

Usage guidelines

If you do not specify any parameters, this command clears all IPv4 multicast session entries on the public network.

Examples

# Clear all IPv4 multicast session entries.

<Sysname> reset session table multicast ipv4

# Clear the IPv4 multicast session entries with the source IP address of 10.10.10.10.

<Sysname> reset session table multicast ipv4 source-ip 10.10.10.10

Related commands

display session table multicast ipv4

reset session table multicast ipv6

Use reset session table multicast ipv6 to clear information about IPv6 multicast session entries that match specific criteria.

Syntax

reset session table multicast ipv6 [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ]

Views

User view

Predefined user roles

network-admin

Parameters

source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a multicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a multicast session from the initiator to the responder.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

Usage guidelines

If you do not specify any parameters, this command clears all IPv6 multicast session entries on the public network.

Examples

# Clear all IPv6 multicast session entries.

<Sysname> reset session table multicast ipv6

# Clear the IPv6 multicast session entries with the source IP address of 2011::0002.

<Sysname> reset session table multicast ipv6 source-ip 2011::0002

Related commands

display session table multicast ipv6

session aging-time application

Use session aging-time application to set the aging time for sessions of an application layer protocol or an application.

Use undo session aging-time application to restore the default. If you do not specify an application layer protocol or an application, this command restores the default aging time for all sessions of the supported application layer protocols and applications.

Syntax

session aging-time application application-name time-value

undo session aging-time application [ application-name ]

Default

The aging time is 1200 seconds for sessions of application layer protocols or applications except for the following sessions:

· BOOTPC sessions: 120 seconds.

· BOOTPS sessions: 120 seconds.

· DNS sessions: 30 seconds.

· FTP sessions: 3600 seconds.

· FTP-DATA sessions: 240 seconds.

· GPRS-DATA sessions: 60 seconds.

· GPRS-SIG sessions: 60 seconds.

· GTP-CONTROL sessions: 60 seconds.

· GTP-USER sessions: 60 seconds.

· H.225 sessions: 3600 seconds.

· H.245 sessions: 3600 seconds.

· HTTPS sessions: 600 seconds.

· ILS sessions: 3600 seconds.

· L2TP sessions: 120 seconds.

· MGCP-CALLAGENT sessions: 60 seconds.

· MGCP-GATEWAY sessions: 60 seconds.

· NETBIOS-DGM sessions: 3600 seconds.

· NETBIOS-NS sessions: 3600 seconds.

· NETBIOS-SSN sessions: 3600 seconds.

· NTP sessions: 120 seconds.

· PPTP sessions: 3600 seconds.

· QQ sessions: 120 seconds.

· RAS sessions: 300 seconds.

· RIP sessions: 120 seconds.

· RSH sessions: 60 seconds.

· RTSP session: 3600 seconds.

· SCCP sessions: 3600 seconds.

· SIP sessions: 300 seconds.

· This option is not supported in the current software version. SNMP sessions: 120 seconds.

· This option is not supported in the current software version. SNMPTRAP sessions: 120 seconds.

· SQLNET sessions: 600 seconds.

· STUN sessions: 600 seconds.

· SYSLOG sessions: 120 seconds.

· TACACS-DS sessions: 120 seconds.

· TFTP sessions: 60 seconds.

· WHO sessions: 120 seconds.

· XDMCP sessions: 3600 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

application-name: Specifies an application layer protocol or an application by its name, a case-insensitive string of 1 to 63 characters. Valid characters can be digits, letters, hyphens (-), and underscores (_). The names invalid and other are not allowed. The application layer protocol or application must exist on the device.

time-value: Specifies the aging time in seconds. The value range 1 to 100000.

Usage guidelines

This command sets the aging time for stable sessions of the specified application layer protocols or applications. For TCP sessions, the stable state is ESTABLISHED. For UDP sessions, the stable state is READY.

For sessions of application layer protocols or applications that are not supported by this command, the aging time is set by the session aging-time state command. For persistent sessions, the aging time is set by the session persistent acl command.

Supported application layer protocols or applications specified in this command depend on the APR module. For information about APR, see Security Configuration Guide.

Examples

# Set the aging time for FTP sessions to 1800 seconds.

<Sysname> system-view

[Sysname] session aging-time application ftp 1800

# Set the aging time for 126WebEmail sessions to 1800 seconds.

<Sysname> system-view

[Sysname] session aging-time application 126WebEmail 1800

Related commands

display session aging-time application

nbar application

port-mapping

session aging-time state

session persistent acl

session aging-time state

Use session aging-time state to set the aging time for the sessions in a protocol state.

Use undo session aging-time state to restore the default for the sessions in a protocol state. If you do not specify a protocol state, this command restores all aging time for sessions in different protocol states to the default.

Syntax

session aging-time state { fin | icmp-reply | icmp-request | icmpv6-reply | icmpv6-request | rawip-open | rawip-ready | syn | tcp-close | tcp-est | tcp-time-wait | udp-open | udp-ready } time-value

Default

The aging time for sessions in different protocol states is as follows:

· FIN_WAIT: 30 seconds.

· ICMP-REPLY: 30 seconds.

· ICMP-REQUEST: 60 seconds.

· ICMPv6-REPLY: 30 seconds.

· ICMPv6-REQUEST: 60 seconds.

· RAWIP-OPEN: 30 seconds.

· RAWIP-READY: 60 seconds.

· TCP SYN-SENT and SYN-RCV: 30 seconds.

· TCP-CLOSE: 2 seconds.

· TCP ESTABLISHED: 3600 seconds.

· TCP TIME-WAIT: 2 seconds.

· UDP-OPEN: 30 seconds.

· UDP-READY: 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

fin: Specifies the TCP FIN_WAIT state.

icmp-reply: Specifies the ICMP REPLY state.

icmp-request: Specifies the IGMP REQUEST state.

icmpv6-reply: Specifies the ICMPv6 REPLY state.

icmpv6-request: Specifies the IGMPv6 REQUEST state.

rawip-open: Specifies the RAWIP-OPEN state.

rawip-ready: Specifies the RAWIP-READY state.

syn: Specifies the TCP SYN-SENT and SYN-RCV states.

tcp-close: Specifies the TCP CLOSE state.

tcp-est: Specifies the TCP ESTABLISHED state.

tcp-time-wait: Specifies the TCP TIME-WAIT state.

udp-open: Specifies the UDP OPEN state.

udp-ready: Specifies the UDP READY state.

time-value: Specifies the aging time in seconds. For the TCP CLOSE and TCP TIME-WAIT states, the value range is 0 to 100000. For other states, the value range is 1 to 100000.

Usage guidelines

This command sets the aging time for stable sessions of the application layer protocols that are not supported by the session aging-time application command. For persistent sessions, the aging time is set by the session persistent acl command.

Examples

# Set the aging time for TCP sessions in SYN-SENT and SYN-RCV states to 60 seconds.

<Sysname> system-view

[Sysname] session aging-time state syn 60

Related commands

display session aging-time state

session aging-time application

session persistent acl

session alarm rate-abrupt enable

Use session alarm rate-abrupt enable to enable alarms for abrupt session creation rate changes.

Use undo session alarm rate-abrupt enable to disable alarms for abrupt session creation rate changes.

Syntax

session alarm rate-abrupt enable

undo session alarm rate-abrupt enable

Default

Alarms are disabled for abrupt session creation rate changes.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to generate alarms for abrupt increase or drop in the session creation rate when the alarm thresholds for abrupt session creation rate changes are crossed.

Examples

# Enable alarms for abrupt session creation rate changes.

<Sysname> system-view

[Sysname] session alarm rate-abrupt enable

Related commands

session alarm rate-abrupt threshold

Use session alarm rate-abrupt threshold to set the alarm thresholds for abrupt session creation rate changes.

Use undo session alarm rate-abrupt threshold to restore the default.

Syntax

session alarm rate-abrupt threshold threshold-value [ base-threshold base-value ]

undo session alarm rate-abrupt threshold

Default

The session creation rate change threshold is 20%, and the base session creation rate threshold is 10%.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the session creation rate change threshold in percentage. The value range for this argument is 1 to 100.

base-threshold base-value: Sets the base session creation rate threshold in percentage. The value range for this argument is 1 to 100. If you do not specify this option, the default setting applies.

Usage guidelines

With alarms enabled for abrupt session creation rate changes, the system collects the session creation rate at an interval of 10 seconds and checks whether the following indicators reach the corresponding alarm thresholds:

· Session creation rate change in percentage—Obtained by dividing the difference between the session creation rates at the beginning and end of a collection interval by the session creation rate at the beginning of the collection interval.

· Base session creation rate in percentage—Obtained by dividing the session creation rate at the beginning of a collection interval by 100000.

If both of the following conditions are met in a detection interval, the system generates an alarm for the abrupt change of the session creation rate:

· The session creation rate change threshold is reached.

· The base session creation rate threshold is crossed.

Examples

# Set the session creation rate change threshold to 30%.

<Sysname> system-view

[Sysname] session alarm rate-abrupt threshold 30

Related commands

session alarm rate-abrupt enable

session alarm try-rate-abrupt enable

Use session alarm try-rate-abrupt enable to enable alarms for abrupt session attempt rate changes.

Use undo session alarm try-rate-abrupt enable to disable alarms for abrupt session attempt rate changes.

Syntax

session alarm try-rate-abrupt enable

undo session alarm try-rate-abrupt enable

Default

Alarms are disabled for abrupt session attempt rate changes.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to generate alarms for abrupt increase or drop in the session creation attempt rate when the alarm thresholds for abrupt session attempt rate changes are reached.

Examples

# Enable alarms for abrupt session attempt rate changes.

<Sysname> system-view

[Sysname] session alarm try-rate-abrupt enable

Related commands

session alarm try-rate-abrupt threshold

Use session alarm try-rate-abrupt threshold to set the alarm thresholds for abrupt session attempt rate changes.

Use undo session alarm try-rate-abrupt threshold to restore the default.

Syntax

session alarm try-rate-abrupt threshold threshold-value [ base-threshold base-value ]

undo session alarm try-rate-abrupt threshold

Default

The session attempt rate change threshold is 20%, and the base session attempt rate threshold is 10%.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the session attempt rate change threshold in percentage. The value range for this argument is 1 to 100.

base-threshold base-value: Sets the base session attempt rate threshold in percentage. The value range for this argument is 1 to 100. If you do not specify this option, the default setting applies.

Usage guidelines

With alarms enabled for abrupt session attempt rate changes, the system collects the session creation attempt rate at an interval of 10 seconds and checks whether the following indicators reach the corresponding alarm thresholds:

· Session attempt rate change in percentage—Obtained by dividing the difference between the session creation attempt rates at the beginning and end of a collection interval by the session creation attempt rate at the beginning of the collection interval.

· Base session attempt rate in percentage—Obtained by dividing the session creation attempt rate at the beginning of a collection interval by 100000.

If both of the following conditions are met in a detection interval, the system generates an alarm for the abrupt change of the session creation attempt rate:

· The session attempt rate change threshold is reached.

· The base session attempt rate threshold is crossed.

Examples

# Set the session attempt rate change threshold to 30%.

<Sysname> system-view

[Sysname] session alarm try-rate-abrupt threshold 30

Related commands

session alarm try-rate-abrupt enable

session alarm usage-abrupt enable

Use session alarm usage-abrupt enable to enable alarms for abrupt session table usage changes.

Use undo session alarm usage-abrupt enable to disable alarms for abrupt session table usage changes.

Syntax

session alarm usage-abrupt enable

undo session alarm usage-abrupt enable

Default

Alarms are disabled for abrupt session table usage changes.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to generate alarms for abrupt increase or drop in the session table usage when the alarm thresholds for abrupt session table usage changes are reached.

Examples

# Enable alarms for abrupt session table usage changes.

<Sysname> system-view

[Sysname] session alarm usage-abrupt enable

Related commands

session alarm usage-abrupt threshold

Use session alarm usage-abrupt threshold to set the alarm thresholds for abrupt session table usage changes.

Use undo session alarm usage-abrupt threshold to restore the default.

Syntax

session alarm usage-abrupt threshold threshold-value [ base-threshold base-value ]

undo session alarm usage-abrupt threshold

Default

The session table usage change threshold is 20%, and the base session table usage threshold is 10%.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the session table usage change threshold in percentage. The value range for this argument is 1 to 100.

base-threshold base-value: Sets the base session table usage threshold in percentage. The value range for this argument is 1 to 100. If you do not specify this option, the default setting applies.

Usage guidelines

With alarms enabled for abrupt session table usage changes, the system collects the session table usage at an interval of 10 seconds and checks whether the following indicators reach the corresponding alarm thresholds:

· Session table usage change in percentage—Obtained by dividing the difference between the session entry counts at the beginning and end of a collection interval by the session entry count at the beginning of the collection interval.

· Base session table usage in percentage—Obtained by dividing the session entry count at the beginning of a collection interval by the supported maximum number of session entries.

If both of the following conditions are met in a detection interval, the system generates an alarm for the abrupt change of the session table usage:

· The session table usage change threshold is reached.

· The base session table usage threshold is crossed.

Examples

# Set the session table usage change threshold to 30%.

<Sysname> system-view

[Sysname] session alarm usage-abrupt threshold 30

Related commands

session alarm usage-abrupt enable

session alarm-log enable

Use session alarm-log enable to enable session usage alarm logging.

Use undo session alarm-log to disable session usage alarm logging.

Syntax

session alarm-log enable

undo session alarm-log enable

Default

Session usage alarm logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Enable session usage alarm logging for the device to send alarm logs for crossing of the session entry usage alarm threshold, relation entry usage alarm threshold, and deny session entry usage alarm threshold.

Examples

# Enable session usage alarm logging.

<Sysname> system-view

[Sysname] session alarm-log enable

Related commands

session usage threshold

session relation-table-usage threshold

session fast-drop-usage threshold

session alg fragment

Use session alg fragment to enable ALG to process IP fragments and TCP segments.

Use undo session alg fragment to disable ALG from processing IP fragments and TCP segments.

Syntax

session alg fragment sip

undo session alg fragment sip

Default

ALG does not process IP fragments and TCP segments.

Views

System view

Predefined user roles

network-admin

Parameters

sip: Specifies IP fragments and TCP segments .

Usage guidelines

Operating mechanism

This command enables ALG to process IP fragments and TCP segments of specified protocols. In the current software version, ALG can process only IP fragments and TCP segments of SIP.

Restrictions and guidelines

ALG does not process TCP segments of NAT-processed packets.

Examples

# Enable ALG to process IP fragments and TCP segments of SIP.

<Sysname> system

[Sysname] session alg fragment sip

session ip-top-count enable

Use session ip-top-count enable to enable the top IPv4 session statistics feature.

Use undo session ip-top-count enable to disable the top IPv4 session statistics feature.

Syntax

session ip-top-count enable

undo session ip-top-count enable

Default

The top IPv4 session statistics feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to collect the number of IPv4 sessions for session-based services based on the session creation rate and the number of concurrent sessions, and rank the sessions by source address and by destination address.

To view the ranking results, log in to the device management page through the Web interface.

Examples

# Enable the top IPv4 session statistics feature.

<Sysname> system-view

[Sysname] session ip-top-count enable

Relate commands

session ip-top-count policy

Use session ip-top-count policy to enter top IPv4 session statistics policy view.

Syntax

session ip-top-count policy

Default

No configuration exists in top IPv4 session statistics policy view.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you specify a source or destination IPv4 address for a top session statistics policy, the system collects statistics for only IPv4 sessions that match the specified address. If you do not specify any source or destination IPv4 address, the system collects statistics for all sessions.

Examples

# Enter top IPv4 session statistics policy view.

<Sysname> system-view

[Sysname] session ip-top-count policy

Related commands

display session ip-top-count policy

source-ip

destination-ip

session ipv6-top-count enable

Use session ipv6-top-count enable to enable the top IPv6 session statistics feature.

Use undo session ipv6-top-count enable to disable the top IPv6 session statistics feature.

Syntax

session ipv6-top-count enable

undo session ipv6-top-count enable

Default

The top IPv6 session statistics feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to collect the number of IPv6 sessions for session-based services based on the session creation rate and the number of concurrent sessions, and rank the sessions by source address and by destination address.

To view the ranking results, log in to the device management page through the Web interface.

Examples

# Enable the top IPv6 session statistics feature.

<Sysname> system-view

[Sysname] session ipv6-top-count enable

Related commands

session ipv6-top-count policy

Use session ipv6-top-count policy to enter top IPv6 session statistics policy view.

Syntax

session ipv6-top-count policy

Default

No configuration exists in top IPv6 session statistics policy view.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you specify a source or destination IPv6 address for a top session statistics policy, the system collects statistics for only IPv6 sessions that match the specified address. If you do not specify any source or destination IPv6 address, the system collects statistics for all sessions.

Examples

# Enter top IPv6 session statistics policy view.

<Sysname> system-view

[Sysname] Session ipv6-top-count policy

Related commands

display session ipv6-top-count policy

source-ip

destination-ip

session log with-endtime

Use session log with-endtime to configure the session end time field for session creation logs and active session logs.

Use undo session log with-endtime to restore the default.

Syntax

session log with-endtime

undo session log with-endtime

Default

The session end time field is empty for session creation logs and active session logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature fills in the session end time field with the session creation time for sessions not aged out.

Examples

# Configure the session end time field for session creation logs and active session logs.

<Sysname> system-view

[Sysname] session log with-endtime

session persistent acl

Use session persistent acl to specify persistent sessions.

Use undo session persistent acl to restore the default.

Syntax

session persistent acl [ ipv6 ] acl-number [ aging-time time-value ]

undo session persistent acl [ ipv6 ] acl-number

Default

No persistent sessions exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.

acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

aging-time time-value: Specifies the aging time for persistent sessions in hours. The value range for the time-value argument is 0 to 360, and the default value is 24. To disable the aging for persistent sessions, set the value to 0.

Usage guidelines

This command is effective only on TCP sessions in ESTABLISHED state.

For a TCP session in ESTABLISHED state, the priority of the aging time is as follows:

· Aging time for persistent sessions.

· Aging time for sessions of application layer protocols.

· Aging time for sessions in different protocol states.

A persistent session is not removed until one of the following events occurs:

· The session entry ages out.

· The device receives a connection close request from the initiator or responder.

· You manually clear the session entries.

The configuration of persistent sessions applies only to new sessions. It has no effect on existing sessions.

Repeat this command to use multiple ACLs to specify persistent sessions.

Examples

# Specify IPv4 ACL 2000 for identifying persistent sessions and set the aging time to 72 hours.

<Sysname> system-view

[Sysname] session persistent acl 2000 aging-time 72

# Specify IPv6 ACL 3000 for identifying persistent sessions and set the aging time to 100 hours.

<Sysname> system-view

[Sysname] session persistent acl ipv6 3000 aging-time 100

Related commands

session aging-time application

session aging-time state

session relation-table aging-time application

Use session relation-table aging-time application to set the aging time for SIP-SDP or SUNRPC session relation entries.

Use undo session relation-table aging-time application to restore the default.

Syntax

session relation-table aging-time application [ sip-sdp | sunrpc ] time-value

undo session relation-table aging-time application [ sip-sdp | sunrpc ]

Default

The aging time for SIP-SDP session relation entries is 3 days and the aging time for SUNRPC session relation entries is 115200 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time-value: Specifies the aging time for session relation entries, in the range of 1 to 604800 seconds for SIP-SDP and 1 to 259200 seconds for SUNRPC.

Usage guidelines

For SIP-SDP (SIP-RTCP and SIP-RTP), if the session that creates a relation entry ages out before the relation entry ages out, the relation entry will also age out. If the session ages out after the relation entry ages out the relation entry ages out according to the configured aging time. For SUNRPC, if no traffic matches a session relation entry during the aging time, the session relation entry will age automatically.

Examples

# Set the aging time for SIP-SDP session relation entries to 3700 seconds, and set the aging time for SUNRPC session relation entries to 14400 seconds.

<Sysname> system-view

[Sysname] session relation-table aging-time application sip-sdp 3700

[Sysname] session relation-table aging-time application sunrpc 14400

Related commands

display session relation-table aging-time application

session relation-table match destination-ip sip enable

Use session relation-table match destination-ip sip enable to enable destination address matching for SIP relation entries.

Use undo session relation-table match destination-ip sip enable to disable destination address matching for SIP relation entries.

Syntax

session relation-table match destination-ip sip enable

undo session relation-table match destination-ip sip enable

Default

Destination address matching is disabled for SIP relation entries.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In an SIP network, data traffic does not match destination addresses when matching the relation table entries. In this case, if a client is to access multiple servers through multiple outbound interfaces, incorrect match of the relation entries might cause the traffic to be forwarded incorrectly.

This feature requires the data traffic to match the destination addresses when matching the relation entries, which helps to forward traffic correctly.

Examples

# Enable destination address matching for SIP relation entries.

<Sysname> system-view

[Sysname] session relation-table match destination-ip sip enable

session relation-table-usage threshold

Use session relation-table-usage threshold to set the relation entry usage alarm threshold.

Use undo session relation-table-usage threshold to restore the default.

Syntax

session relation-table-usage threshold threshold-value

undo session relation-table-usage threshold

Default

The relation entry usage alarm threshold is 95%.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the relation entry usage alarm threshold in percentage. The value range is 1 to 99.

Usage guidelines

Operating mechanism

This command enables the device to send alarms when the relation entry usage exceeds or drops below the alarm threshold.

Prerequisite

For the device to send alarm logs for crossing of the relation entry usage alarm threshold, enable session usage alarm logging by using the session alarm-log enable command.

Examples

# Set the relation entry usage alarm threshold to 80%.

<Sysname> system-view

[Sysname] session relation-table-usage threshold 80

Related commands

session alarm-log enable

session table-state-backup enable

Use session table-state-backup enable to enable session table state backup.

Use undo session table-state-backup enable to disable session table state backup.

Syntax

session table-state-backup enable

undo session table-state-backup enable

Default

Session table state backup is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

With session table state backup enabled, if the session table state reaches steady state, the device will synchronize the session table state to the standby session to address the interruption caused by simultaneous aging and active device failure. After the session table state is backed up, the standby session can switch to steady state and process traffic when the active device fails.

Examples

# Enable session table state backup.

<Sysname> system

[Sysname] session table-state-backup enable

Related commands

session synchronization enable

session usage threshold

Use session usage threshold to set the session entry usage alarm threshold.

Use undo session usage threshold to restore the default.

Syntax

session usage threshold threshold-value

undo session usage threshold

Default

The session entry usage alarm threshold is 95%.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the session entry usage alarm threshold in percentage. The value range is 1 to 99.

Usage guidelines

Operating mechanism

This command enables the device to send alarms when the session entry usage exceeds or drops below the alarm threshold.

Prerequisite

For the device to send alarm logs for crossing of the session entry usage alarm threshold, enable session usage alarm logging by using the session alarm-log enable command.

Examples

# Set the session entry usage alarm threshold to 90%.

<Sysname> system-view

[Sysname] session usage threshold 90

Related commands

session alarm-log enable

source-ip

Use source-ip to specify a source IP address matching criterion in a top session statistics policy.

Use undo source-ip to delete a source IP address matching criterion from a top session statistics policy.

Syntax

Top IPv4 session statistics policy view:

source-ip subnet subnet-ip-address mask-length

undo source-ip

Top IPv6 session statistics policy view:

source-ip subnet subnet-ipv6-address prefix-length

undo source-ip

Default

No source IP address matching criterion is specified.

Views

Top IPv4 session statistics policy view

Top IPv6 session statistics policy view

Predefined user roles

network-admin

Parameters

subnet subnet-ipv4-address mask-length: Specifies an IPv4 subnet address and its mask. The mask value is in the range of 16 to 32.

subnet subnet-ipv6-address prefix-length: Specifies an IPv6 subnet address and its prefix. The prefix value is in the range of 96 to 128.

Usage guidelines

With this feature configured, the system collects only statistics for sessions that match the specified source IP address.

You can configure only one source subnet address matching criterion for a top session statistics policy for IPv4 or IPv6 sessions. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify source IP address 10.1.0.0/16 in a top session statistics policy.

[Sysname] session ip-top-count policy

[Sysname-session-ip-top-count-policy] destination-ip subnet 10.1.0.0 16

Related commands

session ip-top-count policy

session ipv6-top-count policy

14-Security Command Reference

Operating mechanism

Restrictions and guidelines

display session statistics ipv4

reset session table multicast

session alarm rate-abrupt enable

session alarm try-rate-abrupt enable

Operating mechanism

Restrictions and guidelines

session ip-top-count enable

session ip-top-count policy

session relation-table aging-time application

Operating mechanism

Prerequisite

Operating mechanism

Prerequisite

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us