a10_cgnv6_ddos_protection
Synopsis
Configure CGNV6 DDoS Protection
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
toggle str |
‘enable’= Enable CGNV6 NAT pool DDoS protection (default); ‘disable’= Disable CGNV6 NAT pool DDoS protection; |
||
logging_action str |
‘enable’= enable CGN DDoS protection logging; ‘disable’= Disable both local & remote CGN DDoS protection logging; |
||
enable_action str |
‘local’= Enable local logs only; ‘remote’= Enable logging to remote server & IPFIX; ‘both’= Enable both local & remote logs; |
||
packets_per_second dict |
Field packets_per_second |
||
ip int |
Configure packets-per-second threshold per IP(default 3000000) |
||
action dict |
Field action |
||
tcp int |
Configure packets-per-second threshold per TCP port (default= 3000) |
||
tcp_action dict |
Field tcp_action |
||
udp int |
Configure packets-per-second threshold per UDP port (default= 3000) |
||
udp_action dict |
Field udp_action |
||
other int |
Configure packets-per-second threshold for other L4 protocols(default 10000) |
||
other_action dict |
Field other_action |
||
include_existing_session bool |
Count traffic associated with existing session into the packets-per-second (Default= Disabled) |
||
syn_cookie dict |
Field syn_cookie |
||
syn_cookie_enable bool |
Enable CGNv6 Syn-Cookie Protection |
||
syn_cookie_on_threshold int |
on-threshold for Syn-cookie (Decimal number) |
||
syn_cookie_on_timeout int |
on-timeout for Syn-cookie (Timeout in seconds, default is 120 seconds (2 minutes)) |
||
max_hw_entries int |
Configure maximum HW entries |
||
zone str |
Disable NAT IP based on DDoS zone name set in BGP |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘l3_entry_added’= L3 Entry Added; ‘l3_entry_deleted’= L3 Entry Deleted; ‘l3_entry_added_to_bgp’= L3 Entry added to BGP; ‘l3_entry_removed_from_bgp’= Entry removed from BGP; ‘l3_entry_added_to_hw’= L3 Entry added to HW; ‘l3_entry_removed_from_hw’= L3 Entry removed from HW; ‘l3_entry_too_many’= L3 Too many entries; ‘l3_entry_match_drop’= L3 Entry match drop; ‘l3_entry_match_drop_hw’= L3 HW entry match drop; ‘l3_entry_drop_max_hw_exceeded’= L3 Entry Drop due to HW Limit Exceeded; ‘l4_entry_added’= L4 Entry added; ‘l4_entry_deleted’= L4 Entry deleted; ‘l4_entry_added_to_hw’= L4 Entry added to HW; ‘l4_entry_removed_from_hw’= L4 Entry removed from HW; ‘l4_hw_out_of_entries’= HW out of L4 entries; ‘l4_entry_match_drop’= L4 Entry match drop; ‘l4_entry_match_drop_hw’= L4 HW Entry match drop; ‘l4_entry_drop_max_hw_exceeded’= L4 Entry Drop due to HW Limit Exceeded; ‘l4_entry_list_alloc’= L4 Entry list alloc; ‘l4_entry_list_free’= L4 Entry list free; ‘l4_entry_list_alloc_failure’= L4 Entry list alloc failures; ‘ip_node_alloc’= Node alloc; ‘ip_node_free’= Node free; ‘ip_node_alloc_failure’= Node alloc failures; ‘ip_port_block_alloc’= Port block alloc; ‘ip_port_block_free’= Port block free; ‘ip_port_block_alloc_failure’= Port block alloc failure; ‘ip_other_block_alloc’= Other block alloc; ‘ip_other_block_free’= Other block free; ‘ip_other_block_alloc_failure’= Other block alloc failure; ‘entry_added_shadow’= Entry added shadow; ‘entry_invalidated’= Entry invalidated; ‘l3_entry_add_to_bgp_failure’= L3 Entry BGP add failures; ‘l3_entry_remove_from_bgp_failure’= L3 entry BGP remove failures; ‘l3_entry_add_to_hw_failure’= L3 entry HW add failure; ‘syn_cookie_syn_ack_sent’= SYN cookie SYN ACK sent; ‘syn_cookie_verification_passed’= SYN cookie verification passed; ‘syn_cookie_verification_failed’= SYN cookie verification failed; ‘syn_cookie_conn_setup_failed’= SYN cookie connection setup failed; |
||
l4_entries dict |
Field l4_entries |
||
uuid str |
uuid of the object |
||
ip_entries dict |
Field ip_entries |
||
uuid str |
uuid of the object |
||
disable_nat_ip_by_bgp dict |
Field disable_nat_ip_by_bgp |
||
uuid str |
uuid of the object |
||
stats dict |
Field stats |
||
l3_entry_added str |
L3 Entry Added |
||
l3_entry_deleted str |
L3 Entry Deleted |
||
l3_entry_added_to_bgp str |
L3 Entry added to BGP |
||
l3_entry_removed_from_bgp str |
Entry removed from BGP |
||
l3_entry_added_to_hw str |
L3 Entry added to HW |
||
l3_entry_removed_from_hw str |
L3 Entry removed from HW |
||
l3_entry_too_many str |
L3 Too many entries |
||
l3_entry_match_drop str |
L3 Entry match drop |
||
l3_entry_match_drop_hw str |
L3 HW entry match drop |
||
l3_entry_drop_max_hw_exceeded str |
L3 Entry Drop due to HW Limit Exceeded |
||
l4_entry_added str |
L4 Entry added |
||
l4_entry_deleted str |
L4 Entry deleted |
||
l4_entry_added_to_hw str |
L4 Entry added to HW |
||
l4_entry_removed_from_hw str |
L4 Entry removed from HW |
||
l4_hw_out_of_entries str |
HW out of L4 entries |
||
l4_entry_match_drop str |
L4 Entry match drop |
||
l4_entry_match_drop_hw str |
L4 HW Entry match drop |
||
l4_entry_drop_max_hw_exceeded str |
L4 Entry Drop due to HW Limit Exceeded |
||
l4_entry_list_alloc str |
L4 Entry list alloc |
||
l4_entry_list_free str |
L4 Entry list free |
||
l4_entry_list_alloc_failure str |
L4 Entry list alloc failures |
||
ip_node_alloc str |
Node alloc |
||
ip_node_free str |
Node free |
||
ip_node_alloc_failure str |
Node alloc failures |
||
ip_port_block_alloc str |
Port block alloc |
||
ip_port_block_free str |
Port block free |
||
ip_port_block_alloc_failure str |
Port block alloc failure |
||
ip_other_block_alloc str |
Other block alloc |
||
ip_other_block_free str |
Other block free |
||
ip_other_block_alloc_failure str |
Other block alloc failure |
||
entry_added_shadow str |
Entry added shadow |
||
entry_invalidated str |
Entry invalidated |
||
l3_entry_add_to_bgp_failure str |
L3 Entry BGP add failures |
||
l3_entry_remove_from_bgp_failure str |
L3 entry BGP remove failures |
||
l3_entry_add_to_hw_failure str |
L3 entry HW add failure |
||
syn_cookie_syn_ack_sent str |
SYN cookie SYN ACK sent |
||
syn_cookie_verification_passed str |
SYN cookie verification passed |
||
syn_cookie_verification_failed str |
SYN cookie verification failed |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.