a10_ddos_dst_entry

Synopsis

Configure IP/IPv6 static entry

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

dst_entry_name

str/required

Field dst_entry_name

ipv6_addr

str

Field ipv6_addr

ip_addr

str

Field ip_addr

subnet_ip_addr

str

IP Subnet

subnet_ipv6_addr

str

IPV6 Subnet

description

str

Description for this Destination Entry

exceed_log_dep_cfg

dict

Field exceed_log_dep_cfg

exceed_log_enable

bool

(Deprecated)Enable logging of limit exceed drop’s

log_with_sflow_dep

bool

Turn on sflow sample with log

exceed_log_cfg

dict

Field exceed_log_cfg

log_enable

bool

Enable logging of limit exceed drop’s

log_with_sflow

bool

Turn on sflow sample with log

log_high_frequency

bool

Enable High frequency logging for non-event logs per entry

rate_limit

int

Rate limit per second per entry(Default = 1 per second)

log_periodic

bool

Enable periodic log while event is continuing

drop_frag_pkt

bool

Drop fragmented packets

sflow

dict

Field sflow

polling

dict

Field polling

collector

list

Field collector

drop_on_no_src_dst_default

bool

Drop if no match with src-based-policy class-list, and default is not configured

blackhole_on_glid_exceed

int

Blackhole destination entry for X minutes upon glid limit exceeded

source_nat_pool

str

Configure source NAT

dest_nat_ip

str

Destination NAT IP address

dest_nat_ipv6

str

Destination NAT IPv6 address

drop_disable

bool

Disable certain drops during packet processing

drop_disable_fwd_immediate

bool

Immediately forward L4 drops

template

dict

Field template

logging

str

DDOS logging template

operational_mode

str

‘protection’= Protection mode; ‘bypass’= Bypass mode;

reporting_disabled

bool

Disable Reporting

glid

str

Global limit ID

glid_exceed_action

dict

Field glid_exceed_action

stateless_encap_action_cfg

dict

Field stateless_encap_action_cfg

advertised_enable

bool

BGP advertised

set_counter_base_val

int

Set T2 counter value of current context to specified value

inbound_forward_dscp

int

To set dscp value for inbound packets (DSCP Value for the clear traffic marking)

outbound_forward_dscp

int

To set dscp value for outbound

pattern_recognition_sensitivity

str

‘high’= High sensitive pattern recognition; ‘medium’= Medium sensitive pattern recognition; ‘low’= Low sensitive pattern recognition;

pattern_recognition_hw_filter_enable

bool

to enable pattern recognition hardware filter

enable_top_k

list

Field enable_top_k

topk_type

str

‘destination’= Topk destination IP;

topk_num_records

int

Maximum number of records to show in topk

traffic_distribution_mode

str

‘default’= Distribute traffic to one slot using default distribution mechanism; ‘source-ip-based’= Distribute traffic between slots, based on source ip;

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘dst_tcp_any_exceed’= TCP Dst L4-Type Rate= Total Exceeded; ‘dst_tcp_pkt_rate_exceed’= TCP Dst L4-Type Rate= Packet Exceeded; ‘dst_tcp_conn_rate_exceed’= TCP Dst L4-Type Rate= Conn Exceeded; ‘dst_udp_any_exceed’= UDP Dst L4-Type Rate= Total Exceeded; ‘dst_udp_pkt_rate_exceed’= UDP Dst L4-Type Rate= Packet Exceeded; ‘dst_udp_conn_limit_exceed’= UDP Dst L4-Type Limit= Conn Exceeded; ‘dst_udp_conn_rate_exceed’= UDP Dst L4-Type Rate= Conn Exceeded; ‘dst_icmp_pkt_rate_exceed’= ICMP Dst Rate= Packet Exceeded; ‘dst_other_pkt_rate_exceed’= OTHER Dst L4-Type Rate= Packet Exceeded; ‘dst_other_frag_pkt_rate_exceed’= OTHER Dst L4-Type Rate= Frag Exceeded; ‘dst_port_pkt_rate_exceed’= Port Rate= Packet Exceeded; ‘dst_port_conn_limit_exceed’= Port Limit= Conn Exceeded; ‘dst_port_conn_rate_exceed’= Port Rate= Conn Exceeded; ‘dst_pkt_sent’= Inbound= Packets Forwarded; ‘dst_udp_pkt_sent’= UDP Total Packets Forwarded; ‘dst_tcp_pkt_sent’= TCP Total Packets Forwarded; ‘dst_icmp_pkt_sent’= ICMP Total Packets Forwarded; ‘dst_other_pkt_sent’= OTHER Total Packets Forwarded; ‘dst_tcp_conn_limit_exceed’= TCP Dst L4-Type Limit= Conn Exceeded; ‘dst_tcp_pkt_rcvd’= TCP Total Packets Received; ‘dst_udp_pkt_rcvd’= UDP Total Packets Received; ‘dst_icmp_pkt_rcvd’= ICMP Total Packets Received; ‘dst_other_pkt_rcvd’= OTHER Total Packets Received; ‘dst_udp_filter_match’= UDP Filter Match; ‘dst_udp_filter_not_match’= UDP Filter Not Matched on Pkt; ‘dst_udp_filter_action_blacklist’= UDP Filter Action Blacklist; ‘dst_udp_filter_action_drop’= UDP Filter Action Drop; ‘dst_tcp_syn’= TCP Total SYN Received; ‘dst_tcp_syn_drop’= TCP SYN Packets Dropped; ‘dst_tcp_src_rate_drop’= TCP Src Rate= Total Exceeded; ‘dst_udp_src_rate_drop’= UDP Src Rate= Total Exceeded; ‘dst_icmp_src_rate_drop’= ICMP Src Rate= Total Exceeded; ‘dst_other_frag_src_rate_drop’= OTHER Src Rate= Frag Exceeded; ‘dst_other_src_rate_drop’= OTHER Src Rate= Total Exceeded; ‘dst_tcp_drop’= TCP Total Packets Dropped; ‘dst_udp_drop’= UDP Total Packets Dropped; ‘dst_icmp_drop’= ICMP Total Packets Dropped; ‘dst_frag_drop’= Fragmented Packets Dropped; ‘dst_other_drop’= OTHER Total Packets Dropped; ‘dst_tcp_auth’= TCP Auth= SYN Cookie Sent; ‘dst_udp_filter_action_default_pass’= UDP Filter Action Default Pass; ‘dst_tcp_filter_match’= TCP Filter Match; ‘dst_tcp_filter_not_match’= TCP Filter Not Matched on Pkt; ‘dst_tcp_filter_action_blacklist’= TCP Filter Action Blacklist; ‘dst_tcp_filter_action_drop’= TCP Filter Action Drop; ‘dst_tcp_filter_action_default_pass’= TCP Filter Action Default Pass; ‘dst_udp_filter_action_whitelist’= UDP Filter Action WL; ‘dst_over_limit_on’= DST overlimit Trigger ON; ‘dst_over_limit_off’= DST overlimit Trigger OFF; ‘dst_port_over_limit_on’= DST port overlimit Trigger ON; ‘dst_port_over_limit_off’= DST port overlimit Trigger OFF; ‘dst_over_limit_action’= DST overlimit action; ‘dst_port_over_limit_action’= DST port overlimit action; ‘scanning_detected_drop’= Scanning Detected drop (deprecated); ‘scanning_detected_blacklist’= Scanning Detected blacklist (deprecated); ‘dst_udp_kibit_rate_drop’= UDP Dst L4-Type Rate= KiBit Exceeded; ‘dst_tcp_kibit_rate_drop’= TCP Dst L4-Type Rate= KiBit Exceeded; ‘dst_icmp_kibit_rate_drop’= ICMP Dst Rate= KiBit Exceeded; ‘dst_other_kibit_rate_drop’= OTHER Dst L4-Type Rate= KiBit Exceeded; ‘dst_port_undef_drop’= Dst Port Undefined Dropped; ‘dst_port_bl’= Dst Port Blacklist Packets Dropped; ‘dst_src_port_bl’= Dst SrcPort Blacklist Packets Dropped; ‘dst_port_kbit_rate_exceed’= Port Rate= KiBit Exceeded; ‘dst_tcp_src_drop’= TCP Src Packets Dropped; ‘dst_udp_src_drop’= UDP Src Packets Dropped; ‘dst_icmp_src_drop’= ICMP Src Packets Dropped; ‘dst_other_src_drop’= OTHER Src Packets Dropped; ‘tcp_syn_rcvd’= TCP Inbound SYN Received; ‘tcp_syn_ack_rcvd’= TCP SYN ACK Received; ‘tcp_ack_rcvd’= TCP ACK Received; ‘tcp_fin_rcvd’= TCP FIN Received; ‘tcp_rst_rcvd’= TCP RST Received; ‘ingress_bytes’= Inbound= Bytes Received; ‘egress_bytes’= Outbound= Bytes Received; ‘ingress_packets’= Inbound= Packets Received; ‘egress_packets’= Outbound= Packets Received; ‘tcp_fwd_recv’= TCP Inbound Packets Received; ‘udp_fwd_recv’= UDP Inbound Packets Received; ‘icmp_fwd_recv’= ICMP Inbound Packets Received; ‘tcp_syn_cookie_fail’= TCP Auth= SYN Cookie Failed; ‘dst_tcp_session_created’= TCP Sessions Created; ‘dst_udp_session_created’= UDP Sessions Created; ‘dst_tcp_filter_action_whitelist’= TCP Filter Action WL; ‘dst_other_filter_match’= OTHER Filter Match; ‘dst_other_filter_not_match’= OTHER Filter Not Matched on Pkt; ‘dst_other_filter_action_blacklist’= OTHER Filter Action Blacklist; ‘dst_other_filter_action_drop’= OTHER Filter Action Drop; ‘dst_other_filter_action_whitelist’= OTHER Filter Action WL; ‘dst_other_filter_action_default_pass’= OTHER Filter Action Default Pass; ‘dst_blackhole_inject’= Dst Blackhole Inject; ‘dst_blackhole_withdraw’= Dst Blackhole Withdraw; ‘dst_tcp_out_of_seq_excd’= TCP Out-Of-Seq Exceeded; ‘dst_tcp_retransmit_excd’= TCP Retransmit Exceeded; ‘dst_tcp_zero_window_excd’= TCP Zero-Window Exceeded; ‘dst_tcp_conn_prate_excd’= TCP Rate= Conn Pkt Exceeded; ‘dst_tcp_action_on_ack_init’= TCP Auth= ACK Retry Init; ‘dst_tcp_action_on_ack_gap_drop’= TCP Auth= ACK Retry Retry-Gap Dropped; ‘dst_tcp_action_on_ack_fail’= TCP Auth= ACK Retry Dropped; ‘dst_tcp_action_on_ack_pass’= TCP Auth= ACK Retry Passed; ‘dst_tcp_action_on_syn_init’= TCP Auth= SYN Retry Init; ‘dst_tcp_action_on_syn_gap_drop’= TCP Auth= SYN Retry-Gap Dropped; ‘dst_tcp_action_on_syn_fail’= TCP Auth= SYN Retry Dropped; ‘dst_tcp_action_on_syn_pass’= TCP Auth= SYN Retry Passed; ‘udp_payload_too_small’= UDP Payload Too Small; ‘udp_payload_too_big’= UDP Payload Too Large; ‘dst_udp_conn_prate_excd’= UDP Rate= Conn Pkt Exceeded; ‘dst_udp_ntp_monlist_req’= UDP NTP Monlist Request; ‘dst_udp_ntp_monlist_resp’= UDP NTP Monlist Response; ‘dst_udp_wellknown_sport_drop’= UDP SrcPort Wellknown; ‘dst_udp_retry_init’= UDP Auth= Retry Init; ‘dst_udp_retry_pass’= UDP Auth= Retry Passed; ‘dst_tcp_bytes_drop’= TCP Total Bytes Dropped; ‘dst_udp_bytes_drop’= UDP Total Bytes Dropped; ‘dst_icmp_bytes_drop’= ICMP Total Bytes Dropped; ‘dst_other_bytes_drop’= OTHER Total Bytes Dropped; ‘dst_out_no_route’= Dst IPv4/v6 Out No Route; ‘outbound_bytes_sent’= Outbound= Bytes Forwarded; ‘outbound_pkt_drop’= Outbound= Packets Dropped; ‘outbound_bytes_drop’= Outbound= Bytes Dropped; ‘outbound_pkt_sent’= Outbound= Packets Forwarded; ‘inbound_bytes_sent’= Inbound= Bytes Forwarded; ‘inbound_bytes_drop’= Inbound= Bytes Dropped; ‘dst_src_port_pkt_rate_exceed’= SrcPort Rate= Packet Exceeded; ‘dst_src_port_kbit_rate_exceed’= SrcPort Rate= KiBit Exceeded; ‘dst_src_port_conn_limit_exceed’= SrcPort Limit= Conn Exceeded; ‘dst_src_port_conn_rate_exceed’= SrcPort Rate= Conn Exceeded; ‘dst_ip_proto_pkt_rate_exceed’= IP-Proto Rate= Packet Exceeded; ‘dst_ip_proto_kbit_rate_exceed’= IP-Proto Rate= KiBit Exceeded; ‘dst_tcp_port_any_exceed’= TCP Port Rate= Total Exceed; ‘dst_udp_port_any_exceed’= UDP Port Rate= Total Exceed; ‘dst_tcp_auth_pass’= TCP Auth= SYN Auth Passed; ‘dst_tcp_rst_cookie_fail’= TCP Auth= RST Cookie Failed; ‘dst_tcp_unauth_drop’= TCP Auth= Unauth Dropped; ‘src_tcp_syn_auth_fail’= Src TCP Auth= SYN Auth Failed; ‘src_tcp_syn_cookie_sent’= Src TCP Auth= SYN Cookie Sent; ‘src_tcp_syn_cookie_fail’= Src TCP Auth= SYN Cookie Failed; ‘src_tcp_rst_cookie_fail’= Src TCP Auth= RST Cookie Failed; ‘src_tcp_unauth_drop’= Src TCP Auth= Unauth Dropped; ‘src_tcp_action_on_syn_init’= Src TCP Auth= SYN Retry Init;

counters2

str

‘src_tcp_action_on_syn_gap_drop’= Src TCP Auth= SYN Retry-Gap Dropped; ‘src_tcp_action_on_syn_fail’= Src TCP Auth= SYN Retry Dropped; ‘src_tcp_action_on_ack_init’= Src TCP Auth= ACK Retry Init; ‘src_tcp_action_on_ack_gap_drop’= Src TCP Auth= ACK Retry Retry-Gap Dropped; ‘src_tcp_action_on_ack_fail’= Src TCP Auth= ACK Retry Dropped; ‘src_tcp_out_of_seq_excd’= Src TCP Out-Of-Seq Exceeded; ‘src_tcp_retransmit_excd’= Src TCP Retransmit Exceeded; ‘src_tcp_zero_window_excd’= Src TCP Zero-Window Exceeded; ‘src_tcp_conn_prate_excd’= Src TCP Rate= Conn Pkt Exceeded; ‘src_udp_min_payload’= Src UDP Payload Too Small; ‘src_udp_max_payload’= Src UDP Payload Too Large; ‘src_udp_conn_prate_excd’= Src UDP Rate= Conn Pkt Exceeded; ‘src_udp_ntp_monlist_req’= Src UDP NTP Monlist Request; ‘src_udp_ntp_monlist_resp’= Src UDP NTP Monlist Response; ‘src_udp_wellknown_sport_drop’= Src UDP SrcPort Wellknown; ‘src_udp_retry_init’= Src UDP Auth= Retry Init; ‘dst_udp_retry_gap_drop’= UDP Auth= Retry-Gap Dropped; ‘dst_udp_retry_fail’= UDP Auth= Retry Timeout; ‘dst_tcp_session_aged’= TCP Sessions Aged; ‘dst_udp_session_aged’= UDP Sessions Aged; ‘dst_tcp_conn_close’= TCP Connections Closed; ‘dst_tcp_conn_close_half_open’= TCP Half Open Connections Closed; ‘dst_l4_tcp_auth’= TCP Dst L4-Type Auth= SYN Cookie Sent; ‘tcp_l4_syn_cookie_fail’= TCP Dst L4-Type Auth= SYN Cookie Failed; ‘tcp_l4_rst_cookie_fail’= TCP Dst L4-Type Auth= RST Cookie Failed; ‘tcp_l4_unauth_drop’= TCP Dst L4-Type Auth= Unauth Dropped; ‘dst_drop_frag_pkt’= Dst Fragmented Packets Dropped; ‘src_tcp_filter_action_blacklist’= Src TCP Filter Action Blacklist; ‘src_tcp_filter_action_whitelist’= Src TCP Filter Action WL; ‘src_tcp_filter_action_drop’= Src TCP Filter Action Drop; ‘src_tcp_filter_action_default_pass’= Src TCP Filter Action Default Pass; ‘src_udp_filter_action_blacklist’= Src UDP Filter Action Blacklist; ‘src_udp_filter_action_whitelist’= Src UDP Filter Action WL; ‘src_udp_filter_action_drop’= Src UDP Filter Action Drop; ‘src_udp_filter_action_default_pass’= Src UDP Filter Action Default Pass; ‘src_other_filter_action_blacklist’= Src OTHER Filter Action Blacklist; ‘src_other_filter_action_whitelist’= Src OTHER Filter Action WL; ‘src_other_filter_action_drop’= Src OTHER Filter Action Drop; ‘src_other_filter_action_default_pass’= Src OTHER Filter Action Default Pass; ‘tcp_invalid_syn’= TCP Invalid SYN Received; ‘dst_tcp_conn_close_w_rst’= TCP RST Connections Closed; ‘dst_tcp_conn_close_w_fin’= TCP FIN Connections Closed; ‘dst_tcp_conn_close_w_idle’= TCP Idle Connections Closed; ‘dst_tcp_conn_create_from_syn’= TCP Connections Created From SYN; ‘dst_tcp_conn_create_from_ack’= TCP Connections Created From ACK; ‘src_frag_drop’= Src Fragmented Packets Dropped; ‘dst_l4_tcp_blacklist_drop’= Dst L4-type TCP Blacklist Dropped; ‘dst_l4_udp_blacklist_drop’= Dst L4-type UDP Blacklist Dropped; ‘dst_l4_icmp_blacklist_drop’= Dst L4-type ICMP Blacklist Dropped; ‘dst_l4_other_blacklist_drop’= Dst L4-type OTHER Blacklist Dropped; ‘src_l4_tcp_blacklist_drop’= Src L4-type TCP Blacklist Dropped; ‘src_l4_udp_blacklist_drop’= Src L4-type UDP Blacklist Dropped; ‘src_l4_icmp_blacklist_drop’= Src L4-type ICMP Blacklist Dropped; ‘src_l4_other_blacklist_drop’= Src L4-type OTHER Blacklist Dropped; ‘drop_frag_timeout_drop’= Fragment Reassemble Timeout Drop; ‘dst_port_kbit_rate_exceed_pkt’= Port Rate= KiBit Pkt Exceeded; ‘dst_tcp_bytes_rcv’= TCP Total Bytes Received; ‘dst_udp_bytes_rcv’= UDP Total Bytes Received; ‘dst_icmp_bytes_rcv’= ICMP Total Bytes Received; ‘dst_other_bytes_rcv’= OTHER Total Bytes Received; ‘dst_tcp_bytes_sent’= TCP Total Bytes Forwarded; ‘dst_udp_bytes_sent’= UDP Total Bytes Forwarded; ‘dst_icmp_bytes_sent’= ICMP Total Bytes Forwarded; ‘dst_other_bytes_sent’= OTHER Total Bytes Forwarded; ‘dst_udp_auth_drop’= UDP Auth= Dropped; ‘dst_tcp_auth_drop’= TCP Auth= Dropped; ‘dst_tcp_auth_resp’= TCP Auth= Responded; ‘inbound_pkt_drop’= Inbound= Packets Dropped; ‘dst_entry_pkt_rate_exceed’= Entry Rate= Packet Exceeded; ‘dst_entry_kbit_rate_exceed’= Entry Rate= KiBit Exceeded; ‘dst_entry_conn_limit_exceed’= Entry Limit= Conn Exceeded; ‘dst_entry_conn_rate_exceed’= Entry Rate= Conn Exceeded; ‘dst_entry_frag_pkt_rate_exceed’= Entry Rate= Frag Packet Exceeded; ‘dst_icmp_any_exceed’= ICMP Rate= Total Exceed; ‘dst_other_any_exceed’= OTHER Rate= Total Exceed; ‘src_dst_pair_entry_total’= Src-Dst Pair Entry Total Count; ‘src_dst_pair_entry_udp’= Src-Dst Pair Entry UDP Count; ‘src_dst_pair_entry_tcp’= Src-Dst Pair Entry TCP Count; ‘src_dst_pair_entry_icmp’= Src-Dst Pair Entry ICMP Count; ‘src_dst_pair_entry_other’= Src-Dst Pair Entry OTHER Count; ‘dst_clist_overflow_policy_at_learning’= Dst Src-Based Overflow Policy Hit; ‘tcp_rexmit_syn_limit_drop’= TCP SYN Retransmit Exceeded Drop; ‘tcp_rexmit_syn_limit_bl’= TCP SYN Retransmit Exceeded Blacklist; ‘dst_tcp_wellknown_sport_drop’= TCP SrcPort Wellknown; ‘src_tcp_wellknown_sport_drop’= Src TCP SrcPort Wellknown; ‘dst_frag_rcvd’= Fragmented Packets Received; ‘no_policy_class_list_match’= No Policy Class-list Match; ‘src_udp_retry_gap_drop’= Src UDP Auth= Retry-Gap Dropped; ‘dst_entry_kbit_rate_exceed_count’= Entry Rate= KiBit Exceeded Count; ‘dst_port_undef_hit’= Dst Port Undefined Hit; ‘dst_tcp_action_on_ack_timeout’= TCP Auth= ACK Retry Timeout; ‘dst_tcp_action_on_ack_reset’= TCP Auth= ACK Retry Timeout Reset; ‘dst_tcp_action_on_ack_blacklist’= TCP Auth= ACK Retry Timeout Blacklisted; ‘src_tcp_action_on_ack_timeout’= Src TCP Auth= ACK Retry Timeout; ‘src_tcp_action_on_ack_reset’= Src TCP Auth= ACK Retry Timeout Reset; ‘src_tcp_action_on_ack_blacklist’= Src TCP Auth= ACK Retry Timeout Blacklisted; ‘dst_tcp_action_on_syn_timeout’= TCP Auth= SYN Retry Timeout; ‘dst_tcp_action_on_syn_reset’= TCP Auth= SYN Retry Timeout Reset; ‘dst_tcp_action_on_syn_blacklist’= TCP Auth= SYN Retry Timeout Blacklisted; ‘src_tcp_action_on_syn_timeout’= Src TCP Auth= SYN Retry Timeout; ‘src_tcp_action_on_syn_reset’= Src TCP Auth= SYN Retry Timeout Reset; ‘src_tcp_action_on_syn_blacklist’= Src TCP Auth= SYN Retry Timeout Blacklisted; ‘dst_udp_frag_pkt_rate_exceed’= UDP Dst L4-Type Rate= Frag Exceeded; ‘dst_udp_frag_src_rate_drop’= UDP Src Rate= Frag Exceeded; ‘dst_tcp_frag_pkt_rate_exceed’= TCP Dst L4-Type Rate= Frag Exceeded; ‘dst_tcp_frag_src_rate_drop’= TCP Src Rate= Frag Exceeded; ‘dst_icmp_frag_pkt_rate_exceed’= ICMP Dst L4-Type Rate= Frag Exceeded; ‘dst_icmp_frag_src_rate_drop’= ICMP Src Rate= Frag Exceeded; ‘sflow_internal_samples_packed’= Sflow Internal Samples Packed; ‘sflow_external_samples_packed’= Sflow External Samples Packed; ‘sflow_internal_packets_sent’= Sflow Internal Packets Sent; ‘sflow_external_packets_sent’= Sflow External Packets Sent; ‘dns_outbound_total_query’= DNS Outbound Total Query; ‘dns_outbound_query_malformed’= DNS Outbound Query Malformed; ‘dns_outbound_query_resp_chk_failed’= DNS Outbound Query Resp Check Failed; ‘dns_outbound_query_resp_chk_blacklisted’= DNS Outbound Query Resp Check Blacklisted; ‘dns_outbound_query_resp_chk_refused_sent’= DNS Outbound Query Resp Check REFUSED Sent; ‘dns_outbound_query_resp_chk_reset_sent’= DNS Outbound Query Resp Check RESET Sent; ‘dns_outbound_query_resp_chk_no_resp_sent’= DNS Outbound Query Resp Check No Response Sent; ‘dns_outbound_query_resp_size_exceed’= DNS Outbound Query Response Size Exceed; ‘dns_outbound_query_sess_timed_out’= DNS Outbound Query Session Timed Out; ‘dst_exceed_action_tunnel’= Entry Exceed Action= Tunnel; ‘src_udp_auth_timeout’= Src UDP Auth= Retry Timeout; ‘src_udp_retry_pass’= Src UDP Retry Passed;

counters3

str

‘dst_hw_drop_rule_insert’= Dst Hardware Drop Rules Inserted; ‘dst_hw_drop_rule_remove’= Dst Hardware Drop Rules Removed; ‘src_hw_drop_rule_insert’= Src Hardware Drop Rules Inserted; ‘src_hw_drop_rule_remove’= Src Hardware Drop Rules Removed; ‘prog_first_req_time_exceed’= Req-Resp= First Request Time Exceed; ‘prog_req_resp_time_exceed’= Req-Resp= Request to Response Time Exceed; ‘prog_request_len_exceed’= Req-Resp= Request Length Exceed; ‘prog_response_len_exceed’= Req-Resp= Response Length Exceed; ‘prog_resp_req_ratio_exceed’= Req-Resp= Response to Request Ratio Exceed; ‘prog_resp_req_time_exceed’= Req-Resp= Response to Request Time Exceed; ‘entry_sync_message_received’= Entry Sync Message Received; ‘entry_sync_message_sent’= Entry Sync Message Sent; ‘prog_conn_sent_exceed’= Connection= Sent Exceed; ‘prog_conn_rcvd_exceed’= Connection= Received Exceed; ‘prog_conn_time_exceed’= Connection= Time Exceed; ‘prog_conn_rcvd_sent_ratio_exceed’= Connection= Received to Sent Ratio Exceed; ‘prog_win_sent_exceed’= Time Window= Sent Exceed; ‘prog_win_rcvd_exceed’= Time Window= Received Exceed; ‘prog_win_rcvd_sent_ratio_exceed’= Time Window= Received to Sent Exceed; ‘prog_exceed_drop’= Req-Resp= Violation Exceed Dropped; ‘prog_exceed_bl’= Req-Resp= Violation Exceed Blacklisted; ‘prog_conn_exceed_drop’= Connection= Violation Exceed Dropped; ‘prog_conn_exceed_bl’= Connection= Violation Exceed Blacklisted; ‘prog_win_exceed_drop’= Time Window= Violation Exceed Dropped; ‘prog_win_exceed_bl’= Time Window= Violation Exceed Blacklisted; ‘dst_exceed_action_drop’= Entry Exceed Action= Dropped; ‘prog_conn_samples’= Sample Collected= Connection; ‘prog_req_samples’= Sample Collected= Req-Resp; ‘prog_win_samples’= Sample Collected= Time Window; ‘prog_conn_samples_processed’= Sample Processed= Connnection; ‘prog_req_samples_processed’= Sample Processed= Req-Resp; ‘prog_win_samples_processed’= Sample Processed= Time Window; ‘src_hw_drop’= Src Hardware Packets Dropped; ‘dst_tcp_auth_rst’= TCP Auth= Reset; ‘dst_src_learn_overflow’= Src Dynamic Entry Count Overflow; ‘tcp_fwd_sent’= TCP Inbound Packets Forwarded; ‘udp_fwd_sent’= UDP Inbound Packets Forwarded;

capture_config_list

list

Field capture_config_list

name

str

Capture-config name

mode

str

‘drop’= Apply capture-config to dropped packets; ‘forward’= Apply capture- config to forwarded packets; ‘all’= Apply capture-config to both dropped and forwarded packets;

uuid

str

uuid of the object

hw_blacklist_blocking

dict

Field hw_blacklist_blocking

dst_enable

bool

Enable Dst side hardware blocking

src_enable

bool

Enable Src side hardware blocking

uuid

str

uuid of the object

topk_destinations

dict

Field topk_destinations

uuid

str

uuid of the object

l4_type_list

list

Field l4_type_list

protocol

str

‘tcp’= L4-Type TCP; ‘udp’= L4-Type UDP; ‘icmp’= L4-Type ICMP; ‘other’= L4-Type OTHER;

glid

str

Global limit ID

glid_exceed_action

dict

Field glid_exceed_action

deny

bool

Blacklist and Drop all incoming packets for protocol

max_rexmit_syn_per_flow

int

Maximum number of re-transmit SYN per flow

max_rexmit_syn_per_flow_exceed_action

str

‘drop’= Drop the packet; ‘black-list’= Add the source IP into black list;

disable_syn_auth

bool

Disable TCP SYN Authentication

syn_auth

str

‘send-rst’= Send RST to client upon client ACK; ‘force-rst-by-ack’= Force client RST via the use of ACK; ‘force-rst-by-synack’= Force client RST via the use of bad SYN|ACK; ‘disable’= Disable TCP SYN Authentication;

syn_cookie

bool

Enable SYN Cookie

tcp_reset_client

bool

Send reset to client when rate exceeds or session ages out

tcp_reset_server

bool

Send reset to server when rate exceeds or session ages out

drop_on_no_port_match

str

‘disable’= disable; ‘enable’= enable;

stateful

bool

Enable stateful tracking of sessions (Default is stateless)

tunnel_decap

dict

Field tunnel_decap

tunnel_rate_limit

dict

Field tunnel_rate_limit

drop_frag_pkt

bool

Drop fragmented packets

undefined_port_hit_statistics

dict

Field undefined_port_hit_statistics

template

dict

Field template

detection_enable

bool

Enable ddos detection

enable_top_k

bool

Enable ddos top-k entries

topk_num_records

int

Maximum number of records to show in topk

set_counter_base_val

int

Set T2 counter value of current context to specified value

ip_filtering_policy

str

Configure IP Filter

uuid

str

uuid of the object

user_tag

str

Customized tag

ip_filtering_policy_oper

dict

Field ip_filtering_policy_oper

port_ind

dict

Field port_ind

topk_sources

dict

Field topk_sources

progression_tracking

dict

Field progression_tracking

port_list

list

Field port_list

port_num

int

Port Number

protocol

str

‘dns-tcp’= DNS-TCP Port; ‘dns-udp’= DNS-UDP Port; ‘http’= HTTP Port; ‘tcp’= TCP Port; ‘udp’= UDP Port; ‘ssl-l4’= SSL-L4 Port; ‘sip-udp’= SIP-UDP Port; ‘sip- tcp’= SIP-TCP Port;

detection_enable

bool

Enable ddos detection

enable_top_k

bool

Enable ddos top-k entries

topk_num_records

int

Maximum number of records to show in topk

deny

bool

Blacklist and Drop all incoming packets for protocol

glid

str

Global limit ID

glid_exceed_action

dict

Field glid_exceed_action

dns_cache

str

DNS Cache Instance

template

dict

Field template

sflow

dict

Field sflow

capture_config

dict

Field capture_config

set_counter_base_val

int

Set T2 counter value of current context to specified value

ip_filtering_policy

str

Configure IP Filter

uuid

str

uuid of the object

user_tag

str

Customized tag

port_ind

dict

Field port_ind

ip_filtering_policy_oper

dict

Field ip_filtering_policy_oper

topk_sources

dict

Field topk_sources

progression_tracking

dict

Field progression_tracking

signature_extraction

dict

Field signature_extraction

pattern_recognition

dict

Field pattern_recognition

pattern_recognition_pu_details

dict

Field pattern_recognition_pu_details

port_range_list

list

Field port_range_list

port_range_start

int

Port-Range Start Port Number

port_range_end

int

Port-Range End Port Number

protocol

str

‘dns-tcp’= DNS-TCP Port; ‘dns-udp’= DNS-UDP Port; ‘http’= HTTP Port; ‘tcp’= TCP Port; ‘udp’= UDP Port; ‘ssl-l4’= SSL-L4 Port; ‘sip-udp’= SIP-UDP Port; ‘sip- tcp’= SIP-TCP Port;

deny

bool

Blacklist and Drop all incoming packets for protocol

detection_enable

bool

Enable ddos detection

enable_top_k

bool

Enable ddos top-k entries

topk_num_records

int

Maximum number of records to show in topk

glid

str

Global limit ID

glid_exceed_action

dict

Field glid_exceed_action

template

dict

Field template

sflow

dict

Field sflow

capture_config

dict

Field capture_config

set_counter_base_val

int

Set T2 counter value of current context to specified value

ip_filtering_policy

str

Configure IP Filter

uuid

str

uuid of the object

user_tag

str

Customized tag

ip_filtering_policy_oper

dict

Field ip_filtering_policy_oper

port_ind

dict

Field port_ind

topk_sources

dict

Field topk_sources

progression_tracking

dict

Field progression_tracking

pattern_recognition

dict

Field pattern_recognition

pattern_recognition_pu_details

dict

Field pattern_recognition_pu_details

src_port_list

list

Field src_port_list

port_num

int

Port Number

protocol

str

‘dns-udp’= DNS-UDP Port; ‘dns-tcp’= DNS-TCP Port; ‘udp’= UDP Port; ‘tcp’= TCP Port;

deny

bool

Blacklist and Drop all incoming packets for protocol

glid

str

Global limit ID

outbound_src_tracking

str

‘enable’= enable; ‘disable’= disable;

template

dict

Field template

set_counter_base_val

int

Set T2 counter value of current context to specified value

uuid

str

uuid of the object

user_tag

str

Customized tag

src_port_range_list

list

Field src_port_range_list

src_port_range_start

int

Src Port-Range Start Port Number

src_port_range_end

int

Src Port-Range End Port Number

protocol

str

‘udp’= UDP Port; ‘tcp’= TCP Port;

deny

bool

Blacklist and Drop all incoming packets for protocol

glid

str

Global limit ID

template

dict

Field template

set_counter_base_val

int

Set T2 counter value of current context to specified value

uuid

str

uuid of the object

user_tag

str

Customized tag

ip_proto_list

list

Field ip_proto_list

port_num

int

Protocol Number

deny

bool

Blacklist and Drop all incoming packets for protocol

esp_inspect

dict

Field esp_inspect

glid

str

Global limit ID

glid_exceed_action

dict

Field glid_exceed_action

template

dict

Field template

set_counter_base_val

int

Set T2 counter value of current context to specified value

ip_filtering_policy

str

Configure IP Filter

uuid

str

uuid of the object

user_tag

str

Customized tag

ip_filtering_policy_oper

dict

Field ip_filtering_policy_oper

src_dst_pair

dict

Field src_dst_pair

default

bool

Configure default

bypass

bool

Always permit for the Source to bypass all feature & limit checks

exceed_log_cfg

dict

Field exceed_log_cfg

log_periodic

bool

Enable periodic log while event is continuing

template

dict

Field template

glid

str

Global limit ID

uuid

str

uuid of the object

l4_type_src_dst_list

list

Field l4_type_src_dst_list

app_type_src_dst_list

list

Field app_type_src_dst_list

src_dst_pair_policy_list

list

Field src_dst_pair_policy_list

src_based_policy_name

str

Src-based-policy name

uuid

str

uuid of the object

user_tag

str

Customized tag

policy_class_list_list

list

Field policy_class_list_list

src_dst_pair_settings_list

list

Field src_dst_pair_settings_list

all_types

str

‘all-types’= Settings for all types (default or class-list);

age

int

Idle age for ip entry

max_dynamic_entry_count

int

Maximum count for dynamic src-dst entry

apply_policy_on_overflow

bool

Enable this flag to apply overflow policy when dynamic entry count overflows

unlimited_dynamic_entry_count

bool

No limit for maximum dynamic src entry count

enable_class_list_overflow

bool

Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list

src_prefix_len

int

Specify src prefix length for IPv6 (default= not set)

uuid

str

uuid of the object

user_tag

str

Customized tag

l4_type_src_dst_list

list

Field l4_type_src_dst_list

src_dst_pair_class_list_list

list

Field src_dst_pair_class_list_list

class_list_name

str

Class-list name

exceed_log_cfg

dict

Field exceed_log_cfg

log_periodic

bool

Enable periodic log while event is continuing

uuid

str

uuid of the object

user_tag

str

Customized tag

l4_type_src_dst_list

list

Field l4_type_src_dst_list

app_type_src_dst_list

list

Field app_type_src_dst_list

cid_list

list

Field cid_list

dynamic_entry_overflow_policy_list

list

Field dynamic_entry_overflow_policy_list

dummy_name

str

‘configuration’= Configure src dst dynamic entry count overflow policy;

bypass

bool

Always permit for the Source to bypass all feature & limit checks

exceed_log_cfg

dict

Field exceed_log_cfg

log_periodic

bool

Enable periodic log while event is continuing

template

dict

Field template

glid

str

Global limit ID

uuid

str

uuid of the object

user_tag

str

Customized tag

l4_type_src_dst_list

list

Field l4_type_src_dst_list

app_type_src_dst_list

list

Field app_type_src_dst_list

oper

dict

Field oper

ddos_entry_list

list

Field ddos_entry_list

entry_address_str

str

Field entry_address_str

total_dynamic_entry_count

str

Field total_dynamic_entry_count

total_dynamic_entry_limit

str

Field total_dynamic_entry_limit

udp_dynamic_entry_count

str

Field udp_dynamic_entry_count

udp_dynamic_entry_limit

str

Field udp_dynamic_entry_limit

tcp_dynamic_entry_count

str

Field tcp_dynamic_entry_count

tcp_dynamic_entry_limit

str

Field tcp_dynamic_entry_limit

icmp_dynamic_entry_count

str

Field icmp_dynamic_entry_count

icmp_dynamic_entry_limit

str

Field icmp_dynamic_entry_limit

other_dynamic_entry_count

str

Field other_dynamic_entry_count

other_dynamic_entry_limit

str

Field other_dynamic_entry_limit

operational_mode

str

Field operational_mode

traffic_distribution_status

list

Field traffic_distribution_status

dst_entry_name

str

Field dst_entry_name

source_entry_limit

str

Field source_entry_limit

source_entry_alloc

str

Field source_entry_alloc

source_entry_remain

str

Field source_entry_remain

dst_service_limit

str

Field dst_service_limit

dst_service_alloc

str

Field dst_service_alloc

dst_service_remain

str

Field dst_service_remain

entry_displayed_count

int

Field entry_displayed_count

service_displayed_count

int

Field service_displayed_count

no_t2_idx_port_count

int

Field no_t2_idx_port_count

dst_all_entries

bool

Field dst_all_entries

sources

bool

Field sources

sources_all_entries

bool

Field sources_all_entries

overflow_policy

bool

Field overflow_policy

entry_count

bool

Field entry_count

sflow_source_id

bool

Field sflow_source_id

ipv6

str

Field ipv6

subnet_ip_addr

str

Field subnet_ip_addr

subnet_ipv6_addr

str

Field subnet_ipv6_addr

l4_type_str

str

Field l4_type_str

app_type

str

Field app_type

exceeded

bool

Field exceeded

black_listed

bool

Field black_listed

white_listed

bool

Field white_listed

authenticated

bool

Field authenticated

class_list

str

Field class_list

ip_proto_num

int

Field ip_proto_num

port_num

int

Field port_num

port_range_start

int

Field port_range_start

port_range_end

int

Field port_range_end

src_port_num

int

Field src_port_num

src_port_range_start

int

Field src_port_range_start

src_port_range_end

int

Field src_port_range_end

protocol

str

Field protocol

opt_protocol

str

Field opt_protocol

sport_protocol

str

Field sport_protocol

opt_sport_protocol

str

Field opt_sport_protocol

app_stat

bool

Field app_stat

port_app_stat

bool

Field port_app_stat

all_ip_protos

bool

Field all_ip_protos

all_l4_types

bool

Field all_l4_types

all_ports

bool

Field all_ports

all_src_ports

bool

Field all_src_ports

black_holed

bool

Field black_holed

resource_usage

bool

Field resource_usage

display_traffic_distribution_status

bool

Field display_traffic_distribution_status

entry_status

bool

Field entry_status

l4_ext_rate

bool

Field l4_ext_rate

hw_blacklisted

str

Field hw_blacklisted

topk_destinations

dict

Field topk_destinations

l4_type_list

list

Field l4_type_list

port_list

list

Field port_list

port_range_list

list

Field port_range_list

src_port_list

list

Field src_port_list

src_port_range_list

list

Field src_port_range_list

ip_proto_list

list

Field ip_proto_list

stats

dict

Field stats

dst_tcp_any_exceed

str

TCP Dst L4-Type Rate= Total Exceeded

dst_tcp_pkt_rate_exceed

str

TCP Dst L4-Type Rate= Packet Exceeded

dst_tcp_conn_rate_exceed

str

TCP Dst L4-Type Rate= Conn Exceeded

dst_udp_any_exceed

str

UDP Dst L4-Type Rate= Total Exceeded

dst_udp_pkt_rate_exceed

str

UDP Dst L4-Type Rate= Packet Exceeded

dst_udp_conn_limit_exceed

str

UDP Dst L4-Type Limit= Conn Exceeded

dst_udp_conn_rate_exceed

str

UDP Dst L4-Type Rate= Conn Exceeded

dst_icmp_pkt_rate_exceed

str

ICMP Dst Rate= Packet Exceeded

dst_other_pkt_rate_exceed

str

OTHER Dst L4-Type Rate= Packet Exceeded

dst_other_frag_pkt_rate_exceed

str

OTHER Dst L4-Type Rate= Frag Exceeded

dst_port_pkt_rate_exceed

str

Port Rate= Packet Exceeded

dst_port_conn_limit_exceed

str

Port Limit= Conn Exceeded

dst_port_conn_rate_exceed

str

Port Rate= Conn Exceeded

dst_pkt_sent

str

Inbound= Packets Forwarded

dst_udp_pkt_sent

str

UDP Total Packets Forwarded

dst_tcp_pkt_sent

str

TCP Total Packets Forwarded

dst_icmp_pkt_sent

str

ICMP Total Packets Forwarded

dst_other_pkt_sent

str

OTHER Total Packets Forwarded

dst_tcp_conn_limit_exceed

str

TCP Dst L4-Type Limit= Conn Exceeded

dst_tcp_pkt_rcvd

str

TCP Total Packets Received

dst_udp_pkt_rcvd

str

UDP Total Packets Received

dst_icmp_pkt_rcvd

str

ICMP Total Packets Received

dst_other_pkt_rcvd

str

OTHER Total Packets Received

dst_udp_filter_match

str

UDP Filter Match

dst_udp_filter_not_match

str

UDP Filter Not Matched on Pkt

dst_udp_filter_action_blacklist

str

UDP Filter Action Blacklist

dst_udp_filter_action_drop

str

UDP Filter Action Drop

dst_tcp_syn

str

TCP Total SYN Received

dst_tcp_syn_drop

str

TCP SYN Packets Dropped

dst_tcp_src_rate_drop

str

TCP Src Rate= Total Exceeded

dst_udp_src_rate_drop

str

UDP Src Rate= Total Exceeded

dst_icmp_src_rate_drop

str

ICMP Src Rate= Total Exceeded

dst_other_frag_src_rate_drop

str

OTHER Src Rate= Frag Exceeded

dst_other_src_rate_drop

str

OTHER Src Rate= Total Exceeded

dst_tcp_drop

str

TCP Total Packets Dropped

dst_udp_drop

str

UDP Total Packets Dropped

dst_icmp_drop

str

ICMP Total Packets Dropped

dst_frag_drop

str

Fragmented Packets Dropped

dst_other_drop

str

OTHER Total Packets Dropped

dst_tcp_auth

str

TCP Auth= SYN Cookie Sent

dst_udp_filter_action_default_pass

str

UDP Filter Action Default Pass

dst_tcp_filter_match

str

TCP Filter Match

dst_tcp_filter_not_match

str

TCP Filter Not Matched on Pkt

dst_tcp_filter_action_blacklist

str

TCP Filter Action Blacklist

dst_tcp_filter_action_drop

str

TCP Filter Action Drop

dst_tcp_filter_action_default_pass

str

TCP Filter Action Default Pass

dst_udp_filter_action_whitelist

str

UDP Filter Action WL

dst_udp_kibit_rate_drop

str

UDP Dst L4-Type Rate= KiBit Exceeded

dst_tcp_kibit_rate_drop

str

TCP Dst L4-Type Rate= KiBit Exceeded

dst_icmp_kibit_rate_drop

str

ICMP Dst Rate= KiBit Exceeded

dst_other_kibit_rate_drop

str

OTHER Dst L4-Type Rate= KiBit Exceeded

dst_port_undef_drop

str

Dst Port Undefined Dropped

dst_port_bl

str

Dst Port Blacklist Packets Dropped

dst_src_port_bl

str

Dst SrcPort Blacklist Packets Dropped

dst_port_kbit_rate_exceed

str

Port Rate= KiBit Exceeded

dst_tcp_src_drop

str

TCP Src Packets Dropped

dst_udp_src_drop

str

UDP Src Packets Dropped

dst_icmp_src_drop

str

ICMP Src Packets Dropped

dst_other_src_drop

str

OTHER Src Packets Dropped

tcp_syn_rcvd

str

TCP Inbound SYN Received

tcp_syn_ack_rcvd

str

TCP SYN ACK Received

tcp_ack_rcvd

str

TCP ACK Received

tcp_fin_rcvd

str

TCP FIN Received

tcp_rst_rcvd

str

TCP RST Received

ingress_bytes

str

Inbound= Bytes Received

egress_bytes

str

Outbound= Bytes Received

ingress_packets

str

Inbound= Packets Received

egress_packets

str

Outbound= Packets Received

tcp_fwd_recv

str

TCP Inbound Packets Received

udp_fwd_recv

str

UDP Inbound Packets Received

icmp_fwd_recv

str

ICMP Inbound Packets Received

tcp_syn_cookie_fail

str

TCP Auth= SYN Cookie Failed

dst_tcp_session_created

str

TCP Sessions Created

dst_udp_session_created

str

UDP Sessions Created

dst_tcp_filter_action_whitelist

str

TCP Filter Action WL

dst_other_filter_match

str

OTHER Filter Match

dst_other_filter_not_match

str

OTHER Filter Not Matched on Pkt

dst_other_filter_action_blacklist

str

OTHER Filter Action Blacklist

dst_other_filter_action_drop

str

OTHER Filter Action Drop

dst_other_filter_action_whitelist

str

OTHER Filter Action WL

dst_other_filter_action_default_pass

str

OTHER Filter Action Default Pass

dst_blackhole_inject

str

Dst Blackhole Inject

dst_blackhole_withdraw

str

Dst Blackhole Withdraw

dst_tcp_out_of_seq_excd

str

TCP Out-Of-Seq Exceeded

dst_tcp_retransmit_excd

str

TCP Retransmit Exceeded

dst_tcp_zero_window_excd

str

TCP Zero-Window Exceeded

dst_tcp_conn_prate_excd

str

TCP Rate= Conn Pkt Exceeded

dst_tcp_action_on_ack_init

str

TCP Auth= ACK Retry Init

dst_tcp_action_on_ack_gap_drop

str

TCP Auth= ACK Retry Retry-Gap Dropped

dst_tcp_action_on_ack_fail

str

TCP Auth= ACK Retry Dropped

dst_tcp_action_on_ack_pass

str

TCP Auth= ACK Retry Passed

dst_tcp_action_on_syn_init

str

TCP Auth= SYN Retry Init

dst_tcp_action_on_syn_gap_drop

str

TCP Auth= SYN Retry-Gap Dropped

dst_tcp_action_on_syn_fail

str

TCP Auth= SYN Retry Dropped

dst_tcp_action_on_syn_pass

str

TCP Auth= SYN Retry Passed

udp_payload_too_small

str

UDP Payload Too Small

udp_payload_too_big

str

UDP Payload Too Large

dst_udp_conn_prate_excd

str

UDP Rate= Conn Pkt Exceeded

dst_udp_ntp_monlist_req

str

UDP NTP Monlist Request

dst_udp_ntp_monlist_resp

str

UDP NTP Monlist Response

dst_udp_wellknown_sport_drop

str

UDP SrcPort Wellknown

dst_udp_retry_init

str

UDP Auth= Retry Init

dst_udp_retry_pass

str

UDP Auth= Retry Passed

dst_tcp_bytes_drop

str

TCP Total Bytes Dropped

dst_udp_bytes_drop

str

UDP Total Bytes Dropped

dst_icmp_bytes_drop

str

ICMP Total Bytes Dropped

dst_other_bytes_drop

str

OTHER Total Bytes Dropped

dst_out_no_route

str

Dst IPv4/v6 Out No Route

outbound_bytes_sent

str

Outbound= Bytes Forwarded

outbound_pkt_drop

str

Outbound= Packets Dropped

outbound_bytes_drop

str

Outbound= Bytes Dropped

outbound_pkt_sent

str

Outbound= Packets Forwarded

inbound_bytes_sent

str

Inbound= Bytes Forwarded

inbound_bytes_drop

str

Inbound= Bytes Dropped

dst_src_port_pkt_rate_exceed

str

SrcPort Rate= Packet Exceeded

dst_src_port_kbit_rate_exceed

str

SrcPort Rate= KiBit Exceeded

dst_src_port_conn_limit_exceed

str

SrcPort Limit= Conn Exceeded

dst_src_port_conn_rate_exceed

str

SrcPort Rate= Conn Exceeded

dst_ip_proto_pkt_rate_exceed

str

IP-Proto Rate= Packet Exceeded

dst_ip_proto_kbit_rate_exceed

str

IP-Proto Rate= KiBit Exceeded

dst_tcp_port_any_exceed

str

TCP Port Rate= Total Exceed

dst_udp_port_any_exceed

str

UDP Port Rate= Total Exceed

dst_tcp_auth_pass

str

TCP Auth= SYN Auth Passed

dst_tcp_rst_cookie_fail

str

TCP Auth= RST Cookie Failed

dst_tcp_unauth_drop

str

TCP Auth= Unauth Dropped

src_tcp_syn_auth_fail

str

Src TCP Auth= SYN Auth Failed

src_tcp_syn_cookie_sent

str

Src TCP Auth= SYN Cookie Sent

src_tcp_syn_cookie_fail

str

Src TCP Auth= SYN Cookie Failed

src_tcp_rst_cookie_fail

str

Src TCP Auth= RST Cookie Failed

src_tcp_unauth_drop

str

Src TCP Auth= Unauth Dropped

src_tcp_action_on_syn_init

str

Src TCP Auth= SYN Retry Init

src_tcp_action_on_syn_gap_drop

str

Src TCP Auth= SYN Retry-Gap Dropped

src_tcp_action_on_syn_fail

str

Src TCP Auth= SYN Retry Dropped

src_tcp_action_on_ack_init

str

Src TCP Auth= ACK Retry Init

src_tcp_action_on_ack_gap_drop

str

Src TCP Auth= ACK Retry Retry-Gap Dropped

src_tcp_action_on_ack_fail

str

Src TCP Auth= ACK Retry Dropped

src_tcp_out_of_seq_excd

str

Src TCP Out-Of-Seq Exceeded

src_tcp_retransmit_excd

str

Src TCP Retransmit Exceeded

src_tcp_zero_window_excd

str

Src TCP Zero-Window Exceeded

src_tcp_conn_prate_excd

str

Src TCP Rate= Conn Pkt Exceeded

src_udp_min_payload

str

Src UDP Payload Too Small

src_udp_max_payload

str

Src UDP Payload Too Large

src_udp_conn_prate_excd

str

Src UDP Rate= Conn Pkt Exceeded

src_udp_ntp_monlist_req

str

Src UDP NTP Monlist Request

src_udp_ntp_monlist_resp

str

Src UDP NTP Monlist Response

src_udp_wellknown_sport_drop

str

Src UDP SrcPort Wellknown

src_udp_retry_init

str

Src UDP Auth= Retry Init

dst_udp_retry_gap_drop

str

UDP Auth= Retry-Gap Dropped

dst_udp_retry_fail

str

UDP Auth= Retry Timeout

dst_tcp_session_aged

str

TCP Sessions Aged

dst_udp_session_aged

str

UDP Sessions Aged

dst_tcp_conn_close

str

TCP Connections Closed

dst_tcp_conn_close_half_open

str

TCP Half Open Connections Closed

dst_l4_tcp_auth

str

TCP Dst L4-Type Auth= SYN Cookie Sent

tcp_l4_syn_cookie_fail

str

TCP Dst L4-Type Auth= SYN Cookie Failed

tcp_l4_rst_cookie_fail

str

TCP Dst L4-Type Auth= RST Cookie Failed

tcp_l4_unauth_drop

str

TCP Dst L4-Type Auth= Unauth Dropped

src_tcp_filter_action_blacklist

str

Src TCP Filter Action Blacklist

src_tcp_filter_action_whitelist

str

Src TCP Filter Action WL

src_tcp_filter_action_drop

str

Src TCP Filter Action Drop

src_tcp_filter_action_default_pass

str

Src TCP Filter Action Default Pass

src_udp_filter_action_blacklist

str

Src UDP Filter Action Blacklist

src_udp_filter_action_whitelist

str

Src UDP Filter Action WL

src_udp_filter_action_drop

str

Src UDP Filter Action Drop

src_udp_filter_action_default_pass

str

Src UDP Filter Action Default Pass

src_other_filter_action_blacklist

str

Src OTHER Filter Action Blacklist

src_other_filter_action_whitelist

str

Src OTHER Filter Action WL

src_other_filter_action_drop

str

Src OTHER Filter Action Drop

src_other_filter_action_default_pass

str

Src OTHER Filter Action Default Pass

tcp_invalid_syn

str

TCP Invalid SYN Received

dst_tcp_conn_close_w_rst

str

TCP RST Connections Closed

dst_tcp_conn_close_w_fin

str

TCP FIN Connections Closed

dst_tcp_conn_close_w_idle

str

TCP Idle Connections Closed

dst_tcp_conn_create_from_syn

str

TCP Connections Created From SYN

dst_tcp_conn_create_from_ack

str

TCP Connections Created From ACK

src_frag_drop

str

Src Fragmented Packets Dropped

dst_l4_tcp_blacklist_drop

str

Dst L4-type TCP Blacklist Dropped

dst_l4_udp_blacklist_drop

str

Dst L4-type UDP Blacklist Dropped

dst_l4_icmp_blacklist_drop

str

Dst L4-type ICMP Blacklist Dropped

dst_l4_other_blacklist_drop

str

Dst L4-type OTHER Blacklist Dropped

src_l4_tcp_blacklist_drop

str

Src L4-type TCP Blacklist Dropped

src_l4_udp_blacklist_drop

str

Src L4-type UDP Blacklist Dropped

src_l4_icmp_blacklist_drop

str

Src L4-type ICMP Blacklist Dropped

src_l4_other_blacklist_drop

str

Src L4-type OTHER Blacklist Dropped

dst_port_kbit_rate_exceed_pkt

str

Port Rate= KiBit Pkt Exceeded

dst_tcp_bytes_rcv

str

TCP Total Bytes Received

dst_udp_bytes_rcv

str

UDP Total Bytes Received

dst_icmp_bytes_rcv

str

ICMP Total Bytes Received

dst_other_bytes_rcv

str

OTHER Total Bytes Received

dst_tcp_bytes_sent

str

TCP Total Bytes Forwarded

dst_udp_bytes_sent

str

UDP Total Bytes Forwarded

dst_icmp_bytes_sent

str

ICMP Total Bytes Forwarded

dst_other_bytes_sent

str

OTHER Total Bytes Forwarded

dst_udp_auth_drop

str

UDP Auth= Dropped

dst_tcp_auth_drop

str

TCP Auth= Dropped

dst_tcp_auth_resp

str

TCP Auth= Responded

inbound_pkt_drop

str

Inbound= Packets Dropped

dst_entry_pkt_rate_exceed

str

Entry Rate= Packet Exceeded

dst_entry_kbit_rate_exceed

str

Entry Rate= KiBit Exceeded

dst_entry_conn_limit_exceed

str

Entry Limit= Conn Exceeded

dst_entry_conn_rate_exceed

str

Entry Rate= Conn Exceeded

dst_entry_frag_pkt_rate_exceed

str

Entry Rate= Frag Packet Exceeded

dst_icmp_any_exceed

str

ICMP Rate= Total Exceed

dst_other_any_exceed

str

OTHER Rate= Total Exceed

src_dst_pair_entry_total

str

Src-Dst Pair Entry Total Count

src_dst_pair_entry_udp

str

Src-Dst Pair Entry UDP Count

src_dst_pair_entry_tcp

str

Src-Dst Pair Entry TCP Count

src_dst_pair_entry_icmp

str

Src-Dst Pair Entry ICMP Count

src_dst_pair_entry_other

str

Src-Dst Pair Entry OTHER Count

dst_clist_overflow_policy_at_learning

str

Dst Src-Based Overflow Policy Hit

tcp_rexmit_syn_limit_drop

str

TCP SYN Retransmit Exceeded Drop

tcp_rexmit_syn_limit_bl

str

TCP SYN Retransmit Exceeded Blacklist

dst_tcp_wellknown_sport_drop

str

TCP SrcPort Wellknown

src_tcp_wellknown_sport_drop

str

Src TCP SrcPort Wellknown

dst_frag_rcvd

str

Fragmented Packets Received

no_policy_class_list_match

str

No Policy Class-list Match

src_udp_retry_gap_drop

str

Src UDP Auth= Retry-Gap Dropped

dst_entry_kbit_rate_exceed_count

str

Entry Rate= KiBit Exceeded Count

dst_port_undef_hit

str

Dst Port Undefined Hit

dst_tcp_action_on_ack_timeout

str

TCP Auth= ACK Retry Timeout

dst_tcp_action_on_ack_reset

str

TCP Auth= ACK Retry Timeout Reset

dst_tcp_action_on_ack_blacklist

str

TCP Auth= ACK Retry Timeout Blacklisted

src_tcp_action_on_ack_timeout

str

Src TCP Auth= ACK Retry Timeout

src_tcp_action_on_ack_reset

str

Src TCP Auth= ACK Retry Timeout Reset

src_tcp_action_on_ack_blacklist

str

Src TCP Auth= ACK Retry Timeout Blacklisted

dst_tcp_action_on_syn_timeout

str

TCP Auth= SYN Retry Timeout

dst_tcp_action_on_syn_reset

str

TCP Auth= SYN Retry Timeout Reset

dst_tcp_action_on_syn_blacklist

str

TCP Auth= SYN Retry Timeout Blacklisted

src_tcp_action_on_syn_timeout

str

Src TCP Auth= SYN Retry Timeout

src_tcp_action_on_syn_reset

str

Src TCP Auth= SYN Retry Timeout Reset

src_tcp_action_on_syn_blacklist

str

Src TCP Auth= SYN Retry Timeout Blacklisted

dst_udp_frag_pkt_rate_exceed

str

UDP Dst L4-Type Rate= Frag Exceeded

dst_udp_frag_src_rate_drop

str

UDP Src Rate= Frag Exceeded

dst_tcp_frag_pkt_rate_exceed

str

TCP Dst L4-Type Rate= Frag Exceeded

dst_tcp_frag_src_rate_drop

str

TCP Src Rate= Frag Exceeded

dst_icmp_frag_pkt_rate_exceed

str

ICMP Dst L4-Type Rate= Frag Exceeded

dst_icmp_frag_src_rate_drop

str

ICMP Src Rate= Frag Exceeded

sflow_internal_samples_packed

str

Sflow Internal Samples Packed

sflow_external_samples_packed

str

Sflow External Samples Packed

sflow_internal_packets_sent

str

Sflow Internal Packets Sent

sflow_external_packets_sent

str

Sflow External Packets Sent

dns_outbound_total_query

str

DNS Outbound Total Query

dns_outbound_query_malformed

str

DNS Outbound Query Malformed

dns_outbound_query_resp_chk_failed

str

DNS Outbound Query Resp Check Failed

dns_outbound_query_resp_chk_blacklisted

str

DNS Outbound Query Resp Check Blacklisted

dns_outbound_query_resp_chk_refused_sent

str

DNS Outbound Query Resp Check REFUSED Sent

dns_outbound_query_resp_chk_reset_sent

str

DNS Outbound Query Resp Check RESET Sent

dns_outbound_query_resp_chk_no_resp_sent

str

DNS Outbound Query Resp Check No Response Sent

dns_outbound_query_resp_size_exceed

str

DNS Outbound Query Response Size Exceed

dns_outbound_query_sess_timed_out

str

DNS Outbound Query Session Timed Out

dst_exceed_action_tunnel

str

Entry Exceed Action= Tunnel

src_udp_auth_timeout

str

Src UDP Auth= Retry Timeout

src_udp_retry_pass

str

Src UDP Retry Passed

dst_hw_drop_rule_insert

str

Dst Hardware Drop Rules Inserted

dst_hw_drop_rule_remove

str

Dst Hardware Drop Rules Removed

src_hw_drop_rule_insert

str

Src Hardware Drop Rules Inserted

src_hw_drop_rule_remove

str

Src Hardware Drop Rules Removed

prog_first_req_time_exceed

str

Req-Resp= First Request Time Exceed

prog_req_resp_time_exceed

str

Req-Resp= Request to Response Time Exceed

prog_request_len_exceed

str

Req-Resp= Request Length Exceed

prog_response_len_exceed

str

Req-Resp= Response Length Exceed

prog_resp_req_ratio_exceed

str

Req-Resp= Response to Request Ratio Exceed

prog_resp_req_time_exceed

str

Req-Resp= Response to Request Time Exceed

entry_sync_message_received

str

Entry Sync Message Received

entry_sync_message_sent

str

Entry Sync Message Sent

prog_conn_sent_exceed

str

Connection= Sent Exceed

prog_conn_rcvd_exceed

str

Connection= Received Exceed

prog_conn_time_exceed

str

Connection= Time Exceed

prog_conn_rcvd_sent_ratio_exceed

str

Connection= Received to Sent Ratio Exceed

prog_win_sent_exceed

str

Time Window= Sent Exceed

prog_win_rcvd_exceed

str

Time Window= Received Exceed

prog_win_rcvd_sent_ratio_exceed

str

Time Window= Received to Sent Exceed

prog_exceed_drop

str

Req-Resp= Violation Exceed Dropped

prog_exceed_bl

str

Req-Resp= Violation Exceed Blacklisted

prog_conn_exceed_drop

str

Connection= Violation Exceed Dropped

prog_conn_exceed_bl

str

Connection= Violation Exceed Blacklisted

prog_win_exceed_drop

str

Time Window= Violation Exceed Dropped

prog_win_exceed_bl

str

Time Window= Violation Exceed Blacklisted

dst_exceed_action_drop

str

Entry Exceed Action= Dropped

prog_conn_samples

str

Sample Collected= Connection

prog_req_samples

str

Sample Collected= Req-Resp

prog_win_samples

str

Sample Collected= Time Window

prog_conn_samples_processed

str

Sample Processed= Connnection

prog_req_samples_processed

str

Sample Processed= Req-Resp

prog_win_samples_processed

str

Sample Processed= Time Window

src_hw_drop

str

Src Hardware Packets Dropped

dst_tcp_auth_rst

str

TCP Auth= Reset

dst_src_learn_overflow

str

Src Dynamic Entry Count Overflow

tcp_fwd_sent

str

TCP Inbound Packets Forwarded

udp_fwd_sent

str

UDP Inbound Packets Forwarded

dst_entry_name

str

Field dst_entry_name

Examples

Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks