Showing ipsec statistics – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 374

Advertising
background image

show ipsec policy output descriptions (Continued)

TABLE 86

This field

Displays

Dir

The direction of traffic flow to which the IPsec policy is applied. Each direction has its own entry.

Proto

The only possible routing protocol for the security policy in the current release is OSPFv3.

Source

The source address consists of the IPv6 prefix and the TCP or UDP port identifier.

Destination The destination address consists of the IPv6 prefix. Certain logical elements have a bearing on the

meaning of the destination address and its format, as follows:

For IPsec on an interface or area, the destination address is shown as a prefix of 0xFE80 (link local).
The solitary "::" (no prefix) indicates a "do not-care" situation because the connection is multicast. In
this case, the security policy is enforced without regard for the destination address.

For a virtual link (SPDID = 0), the address is required.

SA used by the policy

TABLE 87

This field

Displays

SA

This heading points at the SA-related headings for information used by the security policy.
Thereafter, on each line of this part of the IPsec entry (which alternates with lines of policy
information, "SA:" points at the fields under those SA-related headings. The remainder of this table
describes each of the SA-related items.

SPDID

The security policy database identifier (SPDID) consists of two parts; the first part is an VRF id and
the second part is an interface ID. The SPDID 0/ALL is a global database for the default VRF that
applies to all interfaces.

Dir

The Dir field is either ‘in" for inbound or "out" for outbound.

Encap

The type of encapsulation in the current release is ESP.

SPI

Security parameter index.

Destination The IPv6 address of the destination endpoint. From the standpoint of the near interface and the

area, the destination is not relevant and therefore appears as ::/0:any.

For a virtual link, both the inbound and outbound destination addresses are relevant.

Showing IPsec statistics

The show ipsec statistics command displays the error and other counters for IPsec, as this example
shows.

device#show ipsec statistics

IPSecurity Statistics

secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs: 2

secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs: 2

IPSecurity Packet Statistics

secEspTotalInPkts: 19 ipsecEspTotalInPktsDrop: 0

secEspTotalOutPkts: 83

IPSecurity Error Statistics

Showing IPsec statistics

374

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

Advertising
Popular Brands
Popular manuals