Showing ipsec statistics – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 723

Advertising
background image

Multi-Service IronWare Routing Configuration Guide

695

53-1003033-02

Displaying OSPFv3 information

Showing IPsec statistics

The show ipsec statistics command displays the error and other counters for IPsec, as this example
shows.

Proto

The only possible routing protocol for the security policy in the current release is
OSPFv3.

Source

The source address consists of the IPv6 prefix and the TCP or UDP port identifier.

Destination

The destination address consists of the IPv6 prefix. Certain logical elements have a
bearing on the meaning of the destination address and its format, as follows:
For IPsec on an interface or area, the destination address is shown as a prefix of
0xFE80 (link local). The solitary “::” (no prefix) indicates a “do not-care” situation
because the connection is multicast. In this case, the security policy is enforced
without regard for the destination address.
For a virtual link (SPDID = 0), the address is required.

TABLE 147

SA used by the policy

This field...

Displays...

SA

This heading points at the SA-related headings for information used by the security
policy. Thereafter, on each line of this part of the IPsec entry (which alternates with
lines of policy information

Table 146

), “SA:” points at the fields under those SA-related

headings. The remainder of this table describes each of the SA-related items.

SPDID

The security policy database identifier (SPDID) consists of two parts; the first part is an
VRF id and the second part is an interface ID. The SPDID 0/ALL is a global database
for the default VRF that applies to all interfaces.

Dir

The Dir field is either ‘in” for inbound or “out” for outbound.

Encap

The type of encapsulation in the current release is ESP.

SPI

Security parameter index.

Destination

The IPv6 address of the destination endpoint. From the standpoint of the near
interface and the area, the destination is not relevant and therefore appears as
::/0:any.
For a virtual link, both the inbound and outbound destination addresses are relevant.

TABLE 146

IPsec policy information (Continued)

This field...

Displays...

Brocade#show ipsec statistics

IPSecurity Statistics

secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs: 2

secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs: 2

IPSecurity Packet Statistics

secEspTotalInPkts: 19 ipsecEspTotalInPktsDrop: 0

secEspTotalOutPkts: 83

IPSecurity Error Statistics

secAuthenticationErrors 0

secReplayErrors: 0 ipsecPolicyErrors: 13

secOtherReceiveErrors: 0 ipsecSendErrors: 0

secAuthenticationErrors 0

secReplayErrors: 0 ipsecPolicyErrors: 13

secOtherReceiveErrors: 0 ipsecSendErrors: 0

secUnknownSpiErrors: 0

Advertising
Popular Brands
Popular manuals