Showing ipsec statistics – Brocade Virtual ADX Switch and Router Guide (Supporting ADX v03.1.00) User Manual

Page 190

Advertising
background image

176

Brocade Virtual ADX Switch and Router Guide

53-1003246-01

Enabling OSPFv3

7

Showing IPsec statistics

The show ipsec statistics command displays the error and other counters for IPsec, as this example
shows.

TABLE 19

IPsec policy information

This field...

Displays...

PType

This field contains the policy type. Of the existing policy types, only the “use”
policy type is supported, so each entry can have only “use.”

Dir

The direction of traffic flow to which the IPsec policy is applied. Each direction
has its own entry.

Proto

The only possible routing protocol for the security policy in the current release
is OSPFv3.

Source

The source address consists of the IPv6 prefix and the TCP or UDP port
identifier.

Destination

The destination address consists of the IPv6 prefix. Certain logical elements
have a bearing on the meaning of the destination address and its format, as
follows:
For IPsec on an interface or area, the destination address is shown as a prefix
of 0xfe80 (link local). The solitary “::” (no prefix) indicates a “do not-care”
situation because the connection is multicast. In this case, the security policy
is enforced without regard for the destination address.
For a virtual link (SPDID = 0), the address is required.

TABLE 20

SA used by the policy

This field...

Displays...

SA

This heading points at the SA-related headings for information used by the
security policy. Thereafter, on each line of this part of the IPsec entry (which
alternates with lines of policy information

Table 19

), “SA:” points at the fields

under those SA-related headings. The remainder of this table describes each
of the SA-related items.

SPDID

The security policy database identifier (SPDID) consists of two parts; the first
part is an VRF id and the second part is an interface ID. The SPDID 0/ALL is a
global database for the default VRF that applies to all interfaces.

Dir

The Dir field is either ‘in” for inbound or “out” for outbound.

Encap

The type of encapsulation in the current release is ESP.

SPI

Security parameter index.

Destination

The IPv6 address of the destination endpoint. From the standpoint of the near
interface and the area, the destination is not relevant and therefore appears
as ::/0:any.
For a virtual link, both the inbound and outbound destination addresses are
relevant.

Advertising
Popular Brands
Popular manuals