Showing ipsec statistics – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual
Page 374

show ipsec policy output descriptions (Continued)
TABLE 86
This field
Displays
Dir
The direction of traffic flow to which the IPsec policy is applied. Each direction has its own entry.
Proto
The only possible routing protocol for the security policy in the current release is OSPFv3.
Source
The source address consists of the IPv6 prefix and the TCP or UDP port identifier.
Destination The destination address consists of the IPv6 prefix. Certain logical elements have a bearing on the
meaning of the destination address and its format, as follows:
For IPsec on an interface or area, the destination address is shown as a prefix of 0xFE80 (link local).
The solitary "::" (no prefix) indicates a "do not-care" situation because the connection is multicast. In
this case, the security policy is enforced without regard for the destination address.
For a virtual link (SPDID = 0), the address is required.
SA used by the policy
TABLE 87
This field
Displays
SA
This heading points at the SA-related headings for information used by the security policy.
Thereafter, on each line of this part of the IPsec entry (which alternates with lines of policy
information, "SA:" points at the fields under those SA-related headings. The remainder of this table
describes each of the SA-related items.
SPDID
The security policy database identifier (SPDID) consists of two parts; the first part is an VRF id and
the second part is an interface ID. The SPDID 0/ALL is a global database for the default VRF that
applies to all interfaces.
Dir
The Dir field is either ‘in" for inbound or "out" for outbound.
Encap
The type of encapsulation in the current release is ESP.
SPI
Security parameter index.
Destination The IPv6 address of the destination endpoint. From the standpoint of the near interface and the
area, the destination is not relevant and therefore appears as ::/0:any.
For a virtual link, both the inbound and outbound destination addresses are relevant.
Showing IPsec statistics
The show ipsec statistics command displays the error and other counters for IPsec, as this example
shows.
device#show ipsec statistics
IPSecurity Statistics
secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs: 2
secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs: 2
IPSecurity Packet Statistics
secEspTotalInPkts: 19 ipsecEspTotalInPktsDrop: 0
secEspTotalOutPkts: 83
IPSecurity Error Statistics
Showing IPsec statistics
374
FastIron Ethernet Switch Layer 3 Routing Configuration Guide
53-1003087-04