ddos dst zone ip-proto proto-number¶
DDOS IP protocol configuration
proto-number Specification¶
Type Collection Object Key(s) protocol-num Collection Name proto-number-list Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number Element Name proto-number Element URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} Element Attributes proto-number_attributes Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/stats Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/oper Schema proto-number schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number | ||
Create List | POST | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number | ||
Get Object | GET | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} | ||
Get List | GET | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number | ||
Modify Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} | ||
Replace List | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} |
proto-number-list¶
proto-number-list is JSON List of proto-number attributes
proto-number-list : [
]
proto-number attributes¶
age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for esp-inspect
Type: Object
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind
protocol-num
Description Protocol Number
Type: number
Range: 0-255
src-based-policy-list
topk-sources
Description: topk-sources is a JSON Block. Please see below for topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list¶
Specification Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
esp-inspect¶
Specification Type object auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template
Type: Object
dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
topk-sources¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
level-list¶
Specification Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
level-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
glid-cfg¶
Specification Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template
Type: Object
manual-mode-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
stats other-zone-ipproto¶
| Counter | Size | Description | |
|---|---|---|---|
| filter_none_match | 8 | Filter No Match | |
| secondary_port_kbit_rate_exceed_pkt | 8 | Per Addr-Port KiBit Rate Exceeded Count | |
| filter3_match | 8 | Filter3 Match | |
| sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
| src_filter3_match | 8 | Src Filter3 Match | |
| outbound_port_drop | 8 | Outbound Packets Dropped | |
| secondary_port_pkt_rate_exceed | 8 | Per Addr-Port Packet Rate Exceeded | |
| src_filter2_match | 8 | Src Filter2 Match | |
| src_filter_action_whitelist | 8 | Src Filter Action Whitelist | |
| port_bytes_drop | 8 | Inbound Bytes Dropped | |
| exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
| outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
| dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
| src_zone_service_entry_learned | 8 | SrcZoneService Entry Learned | |
| filter_total_not_match | 8 | Filter Not Matched on Pkt | |
| filter4_match | 8 | Filter4 Match | |
| no_policy_class_list_match | 8 | No Policy Class-list Match | |
| src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
| src_zone_service_entry_aged | 8 | SrcZoneService Entry Aged | |
| src_filter_none_match | 8 | Src Filter No Match | |
| port_bytes_sent | 8 | Inbound Bytes Forwarded | |
| exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
| src_hw_drop_inserted | 8 | Src Hardware Drop Rules Inserted | |
| src_frag_drop | 8 | Src Fragmented Packets Dropped | |
| port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
| port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
| sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
| src_filter4_match | 8 | Src Filter4 Match | |
| sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
| secondary_port_kbit_rate_exceed | 8 | Per Addr-Port KiBit Rate Exceeded | |
| filter_action_default_pass | 8 | Filter Action Default Pass | |
| filter_action_whitelist | 8 | Filter Action Whitelist | |
| port_src_bl | 8 | Src Blacklisted | |
| frag_timeout | 8 | Fragmented Packets Timeout | |
| outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
| secondary_port_hit | 8 | Per Addr-Port Hit | |
| outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
| sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
| bl | 8 | Dst Blacklisted | |
| current_es_level | 8 | Current Escalation Level | |
| src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
| filter_action_drop | 8 | Filter Action Drop | |
| filter1_match | 8 | Filter1 Match | |
| src_hw_drop_removed | 8 | Src Hardware Drop Rules Removed | |
| filter_auth_fail | 8 | Filter Auth Failed | |
| exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
| exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
| src_filter1_match | 8 | Src Filter1 Match | |
| filter_action_blacklist | 8 | Filter Action Blacklist | |
| port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
| port_pkt_sent | 8 | Inbound Packets Forwarded | |
| outbound_port_rcvd | 8 | Outbound Packets Received | |
| filter5_match | 8 | Filter5 Match | |
| outbound_port_bytes | 8 | Outbound Bytes Received | |
| src_filter_auth_fail | 8 | Src Filter Auth Failed | |
| port_rcvd | 8 | Inbound Packets Received | |
| src_filter5_match | 8 | Src Filter5 Match | |
| port_src_escalation | 8 | Src Escalation | |
| src_drop | 8 | Src Packets Dropped | |
| port_bytes | 8 | Inbound Bytes Received | |
| dst_hw_drop_inserted | 8 | Dst Hardware Drop Rules Inserted | |
| frag_rcvd | 8 | Fragmented Packets Received | |
| src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
| filter2_match | 8 | Filter2 Match | |
| frag_drop | 8 | Fragmented Packets Dropped | |
| port_drop | 8 | Inbound Packets Dropped | |
| src_filter_action_drop | 8 | Src Filter Action Drop | |
| dst_hw_drop_removed | 8 | Dst Hardware Drop Rules Removed |
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| app-stat | flag | app-stat | |
| black-listed | flag | black-listed | |
| authenticated | flag | authenticated | |
| overflow-policy | flag | overflow-policy | |
| class-list | string | class-list | |
| entry-displayed-count | number | entry-displayed-count | |
| subnet-ip-addr | ipv4-cidr | subnet-ip-addr | |
| exceeded | flag | exceeded | |
| ddos_entry_list | ddos_entry_list | ||
| service-displayed-count | number | service-displayed-count | |
| white-listed | flag | white-listed | |
| sources | flag | sources | |
| hw-blacklisted | flag | hw-blacklisted | |
| ipv6 | ipv6-address | ipv6 | |
| sources-all-entries | flag | sources-all-entries | |
| indicator-detail | flag | indicator-detail | |
| level | flag | level | |
| subnet-ipv6-addr | ipv6-address-plen | subnet-ipv6-addr | |
| indicators | flag | indicators |