ddos protection¶
DDOS protection
protection Specification¶
Type Configuration Resource Element Name protection Element URI /axapi/v3/ddos/protection Element Attributes protection_attributes Operational Data URI /axapi/v3/ddos/protection/oper Schema protection schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/protection | ||
Get Object | GET | /axapi/v3/ddos/protection | ||
Modify Object | POST | /axapi/v3/ddos/protection | ||
Replace Object | PUT | /axapi/v3/ddos/protection | ||
Delete Object | DELETE | /axapi/v3/ddos/protection | ||
protection attributes¶
disable-on-reboot
Description Disable DDoS protection upon reboot/reload
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-now
Description Override disable-on-reboot to enable runtime DDOS protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-aging
Description: fast-aging is a JSON Block. Please see below for fast-aging
Type: Object
force-routing-on-transp
Description Force use of routing in transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-blocking-enable
Description Enable hardware blacklist blocking for src or dst default entries (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interblade-sync-accuracy
Description ‘High’: Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; ‘Medium’: Enforced limit is close to configured value, but has worse under-commit issue in certain situations; ‘Low’: Enforced limit is less close to configured value, but has least under-commit issue in certain situations;
Type: string
Supported Values: High, Medium, Low
Default: Medium
mpls
Description Enable MPLS packet inspection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 100ms
src-dst-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
src-zone-port-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
traffic-distribution-mode
Description ‘dest-ip-based’: Distribute traffic to one slot using default distribution mechanism (Destination IP based); ‘source-ip-based’: Distribute traffic between slots, based on source ip;
Type: string
Supported Values: dest-ip-based, source-ip-based
Default: dest-ip-based
use-route
Description Use route table, default use receive hop for device initiated traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
fast-aging¶
Specification Type object half-open-conn-ratio
Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)
Type: number
Range: 1-99
Default: 25
half-open-conn-threshold
Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)
Type: number
Range: 1-99
Default: 1
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| ip-ano-sec-l4-tcp | enum | Output contains one of the following values: - enabled, disabled | |
| pattern-recognition | enum | Output contains one of the following values: - enabled, disabled | |
| mpls-pkt-inspect | enum | Output contains one of the following values: - enabled, disabled | |
| bgp-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| pattern-recognition-hardware-filter | enum | Output contains one of the following values: - enabled, disabled | |
| sync | enum | Output contains one of the following values: - enabled, disabled | |
| hw-blocking-threshold | number | hw-blocking-threshold | |
| detection | enum | Output contains one of the following values: - enabled, disabled | |
| interblade-sync-accuracy | enum | Output contains one of the following values: - High, Low, Medium | |
| src-delay-learning | enum | Output contains one of the following values: - enabled, disabled | |
| vrrp-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| ddet-cpus | number | ddet-cpus | |
| dns-cache-mode | enum | Output contains one of the following values: - enabled, disabled | |
| sync-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| rate-interval | enum | Output contains one of the following values: - 100ms, 1sec | |
| use-route | enum | Output contains one of the following values: - enabled, disabled | |
| vrrp | enum | Output contains one of the following values: - enabled, disabled | |
| ip-ano-def-l3 | enum | Output contains one of the following values: - enabled, disabled | |
| hw-syn-cookie | enum | Output contains one of the following values: - enabled, disabled | |
| ip-ano-def-l4 | enum | Output contains one of the following values: - enabled, disabled | |
| dns-zone-transfer-dedicated-cpus | number | dns-zone-transfer-dedicated-cpus | |
| ip-ano-sec-l4-udp | enum | Output contains one of the following values: - enabled, disabled | |
| ip-ano-sec-l3 | enum | Output contains one of the following values: - enabled, disabled | |
| src-zone-port-entry-limit | enum | Output contains one of the following values: - 8M, 16M, unlimited, platform-default | |
| src-dynamic-overflow-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-dynamic-overflow-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| src-dynamic-overflow-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-dynamic-overflow-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| hw-blocking | enum | Output contains one of the following values: - enabled, disabled | |
| one-arm-mode | enum | Output contains one of the following values: - enabled, disabled | |
| warm-up | string | warm-up | |
| src-dst-entry-limit | enum | Output contains one of the following values: - 8M, 16M, unlimited, platform-default | |
| bgp | enum | Output contains one of the following values: - enabled, disabled | |
| mode | string | mode | |
| tap-interfaces | enum | Output contains one of the following values: - enabled, disabled | |
| pattern-recognition-cpus | number | pattern-recognition-cpus | |
| ddos-protection | enum | Output contains one of the following values: - enabled, disabled | |
| dst-auto-learning-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| src-auto-learning-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-auto-learning-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| src-auto-learning-ipv6 | enum | Output contains one of the following values: - enabled, disabled |