a10_ddos_template_tcp
Synopsis
TCP template Configuration
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Field name |
||
action_cfg dict |
Field action_cfg |
||
action_on_ack bool |
Monitor tcp ack for age-out session |
||
reset bool |
Send RST to client |
||
timeout int |
ACK retry timeout in sec |
||
min_retry_gap int |
Min gap between 2 ACKs for action-on-ack pass in 100ms interval |
||
authenticate_only bool |
Apply action-on-ack once per source address for authentication purpose |
||
rto_authentication bool |
Estimate the RTO and apply the exponential back-off for authentication |
||
action_on_syn_rto_retry_count int |
Take action if action-on-syn RTO-authentication fail over retry time(default=5) |
||
action_on_ack_rto_retry_count int |
Take action if action-on-ack RTO-authentication fail over retry time(default=5) |
||
age int |
Session age in minutes |
||
syn_cookie bool |
Enable SYN Cookie |
||
create_conn_on_syn_only bool |
Enable connection establishment on SYN only |
||
black_list_out_of_seq int |
Black list Src IP if out of seq pkts exceed configured threshold |
||
black_list_retransmit int |
Black list Src IP if retransmit pkts exceed configured threshold |
||
black_list_zero_win int |
Black list Src IP if zero window pkts exceed configured threshold |
||
syn_auth str |
‘send-rst’= Send RST to client upon client ACK; ‘force-rst-by-ack’= Force client RST via the use of ACK; ‘force-rst-by-synack’= Force client RST via the use of bad SYN|ACK; ‘disable’= Disable TCP SYN Authentication; |
||
conn_rate_limit_on_syn_only bool |
Only count SYN-initiated connections towards connection-rate tracking |
||
per_conn_rate_interval str |
‘100ms’= 100ms; ‘1sec’= 1sec; ’10sec’= 10sec; |
||
per_conn_pkt_rate_limit int |
Packet rate limit per connection per rate-interval |
||
per_conn_pkt_rate_action str |
‘drop’= Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’= help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’= Ignore per-conn-pkt- rate-exceed; |
||
per_conn_out_of_seq_rate_limit int |
Take action if out-of-seq pkt rate exceed configured threshold |
||
per_conn_out_of_seq_rate_action str |
‘drop’= Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’= help Blacklist-src for out-of-seq rate exceed; ‘ignore’= help Ignore out-of-seq rate exceed; |
||
per_conn_retransmit_rate_limit int |
Take action if retransmit pkt rate exceed configured threshold |
||
per_conn_retransmit_rate_action str |
‘drop’= Drop packets for retransmit rate exceed (Default); ‘blacklist-src’= help Blacklist-src for retransmit rate exceed; ‘ignore’= help Ignore retransmit rate exceed; |
||
per_conn_zero_win_rate_limit int |
Take action if zero window pkt rate exceed configured threshold |
||
per_conn_zero_win_rate_action str |
‘drop’= Drop packets for zero-win rate exceed (Default); ‘blacklist-src’= help Blacklist-src for zero-win rate exceed; ‘ignore’= help Ignore zero-win rate exceed; |
||
dst dict |
Field dst |
||
rate_limit dict |
Field rate_limit |
||
src dict |
Field src |
||
rate_limit dict |
Field rate_limit |
||
allow_synack_skip_authentications bool |
Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only) |
||
synack_rate_limit int |
Config SYNACK rate limit |
||
track_together_with_syn bool |
SYNACK will be counted in Dst Syn-rate limit |
||
action_syn_cfg dict |
Field action_syn_cfg |
||
action_on_syn bool |
Monitor tcp syn for age-out session |
||
action_on_syn_reset bool |
Send RST to client |
||
action_on_syn_timeout int |
SYN retry timeout in sec |
||
action_on_syn_gap int |
Min gap between 2 SYNs for action-on-syn pass in 100ms interval |
||
action_on_syn_rto bool |
Estimate the RTO and apply the exponential back-off for authentication |
||
allow_syn_otherflags bool |
Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only) |
||
allow_tcp_tfo bool |
Allow TCP Fast Open |
||
ack_authentication_synack_reset bool |
Enable Reset client TCP SYN+ACK for authentication (DST support only) |
||
drop_known_resp_src_port_cfg dict |
Field drop_known_resp_src_port_cfg |
||
drop_known_resp_src_port bool |
Drop well-known if src-port is less than 1024 |
||
exclude_src_resp_port bool |
excluding src port equal destination port |
||
tunnel_encap dict |
Field tunnel_encap |
||
ip_cfg dict |
Field ip_cfg |
||
gre_cfg dict |
Field gre_cfg |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
progression_tracking dict |
Field progression_tracking |
||
progression_tracking_enabled str |
‘enable-check’= Enable Progression Tracking Check; |
||
request_response_model str |
‘enable’= Enable Request Response Model; ‘disable’= Disable Request Response Model; |
||
violation int |
Set the violation threshold |
||
response_length_max int |
Set the maximum response length |
||
request_length_min int |
Set the minimum request length |
||
request_length_max int |
Set the maximum request length |
||
response_request_min_ratio int |
Set the minimum response to request ratio (in unit of 0.1% [1=1000]) |
||
response_request_max_ratio int |
Set the maximum response to request ratio (in unit of 0.1% [1=1000]) |
||
first_request_max_time int |
Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms) |
||
request_to_response_max_time int |
Set the maximum request to response time (100 ms) |
||
response_to_request_max_time int |
Set the maximum response to request time (100 ms) |
||
profiling_request_response_model bool |
Enable auto-config progression tracking learning for request response model |
||
profiling_connection_life_model bool |
Enable auto-config progression tracking learning for connection model |
||
profiling_time_window_model bool |
Enable auto-config progression tracking learning for time window model |
||
progression_tracking_action_list_name str |
Configure action-list to take when progression tracking violation exceed |
||
progression_tracking_action str |
‘drop’= Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’= Blacklist-src for progression tracking violation exceed; |
||
uuid str |
uuid of the object |
||
connection_tracking dict |
Field connection_tracking |
||
time_window_tracking dict |
Field time_window_tracking |
||
filter_list list |
Field filter_list |
||
tcp_filter_seq int |
Sequence number |
||
tcp_filter_regex str |
Regex Expression |
||
byte_offset_filter str |
Filter Expression using Berkeley Packet Filter syntax |
||
tcp_filter_unmatched bool |
action taken when it does not match |
||
tcp_filter_action str |
‘blacklist-src’= Also blacklist the source when action is taken; ‘whitelist- src’= Whitelist the source after filter passes, packets are dropped until then; ‘count-only’= Take no action and continue processing the next filter; |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.