.. _ddos_dst_entry: ddos dst entry ============== Configure IP/IPv6 static entry entry Specification ------------------- ===================================== ======================================================================== ===================================== ======================================================================== **Type** *Collection* **Object Key(s)** *dst-entry-name* **Collection Name** :ref:`1053_entry_list` **Collection URI** /axapi/v3/ddos/dst/entry **Element Name** entry **Element URI** /axapi/v3/ddos/dst/entry/{dst-entry-name} **Element Attributes** entry_attributes **Statistics Data URI** /axapi/v3/ddos/dst/entry/{dst-entry-name}/stats **Operational Data URI** /axapi/v3/ddos/dst/entry/{dst-entry-name}/oper **Schema** :download:`entry schema ` ===================================== ======================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/entry .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/entry .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/entry/{dst-entry-name} .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/entry .. raw:: html :ref:`1053_entry_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/entry/{dst-entry-name} .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/entry/{dst-entry-name} .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/entry .. raw:: html :ref:`1053_entry_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/dst/entry/{dst-entry-name} .. raw:: html :ref:`1053_entry_attributes` .. raw:: html
.. _1053_entry_list: entry-list ---------- entry-list is **JSON List** of :ref:`1053_entry_attributes` entry-list : [ { :ref:`1053_entry_attributes` }, { :ref:`1053_entry_attributes` }, ... ] .. _1053_entry_attributes: entry attributes ---------------- **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **blackhole-on-glid-exceed** **Description** Blackhole destination entry for X minutes upon glid limit exceeded **Type:** number **Range:** 1-30 **capture-config-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name} ` **description** **Description** Description for this Destination Entry **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-src-dst-default** **Description** Drop if no match with src-based-policy class-list, and default is not configured **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-entry-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name} ` **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1053_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1053_glid-exceed-action` **Type:** Object **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1053_hw-blacklist-blocking` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-addr** **Description** **Type:** string **Format:** ipv4-address **ip-proto-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num} ` **ipv6-addr** **Description** **Type:** string **Format:** ipv6-address **l4-type-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'protection': Protection mode; 'bypass': Bypass mode; **Type:** string **Supported Values:** protection, bypass **Default:** protection **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol} ` **port-range-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1053_sflow` **Type:** Object **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-dst-pair** **Description:** src-dst-pair is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair ` **src-dst-pair-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name} ` **src-dst-pair-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name} ` **src-dst-pair-settings-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types} ` **src-port-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol} ` **src-port-range-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-list: port-list ^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1053_port-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache** **Description** DNS Cache Instance **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/dns-cache ` **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1053_port-list_glid-exceed-action` **Type:** Object **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1053_port-list_pattern-recognition` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1053_port-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1053_port-list_sflow` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1053_port-list_signature-extraction` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_port-list_template` **Type:** Object **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1053_port-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-list_pattern-recognition: port-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-list_sflow: port-list_sflow ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1053_port-list_sflow_polling` **Type:** Object .. _1053_port-list_sflow_polling: port-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1053_port-list_sflow_polling_sflow-tcp` **Type:** Object .. _1053_port-list_sflow_polling_sflow-tcp: port-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_port-list_capture-config: port-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_port-list_port-ind: port-list_port-ind ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-list_signature-extraction: port-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **manual-mode** **Description** Enable manual mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-list_template: port-list_template ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_port-list_glid-exceed-action: port-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1053_port-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1053_port-list_glid-exceed-action_stateless-encap-action-cfg: port-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1053_port-list_topk-sources: port-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_capture-config-list: capture-config-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list: dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_template: dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_app-type-src-dst-list: dynamic-entry-overflow-policy-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template: dynamic-entry-overflow-policy-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_l4-type-src-dst-list: dynamic-entry-overflow-policy-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template: dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_dynamic-entry-overflow-policy-list_exceed-log-cfg: dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_port-range-list: port-range-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1053_port-range-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1053_port-range-list_glid-exceed-action` **Type:** Object **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1053_port-range-list_pattern-recognition` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1053_port-range-list_sflow` **Type:** Object **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_port-range-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-range-list_pattern-recognition: port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_port-range-list_capture-config: port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_port-range-list_sflow: port-range-list_sflow ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1053_port-range-list_sflow_polling` **Type:** Object .. _1053_port-range-list_sflow_polling: port-range-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1053_port-range-list_sflow_polling_sflow-tcp` **Type:** Object .. _1053_port-range-list_sflow_polling_sflow-tcp: port-range-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_port-range-list_template: port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_port-range-list_glid-exceed-action: port-range-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1053_port-range-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1053_port-range-list_glid-exceed-action_stateless-encap-action-cfg: port-range-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1053_hw-blacklist-blocking: hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list: src-dst-pair-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **cid-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num} ` **class-list-name** **Description** Class-list name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list: src-dst-pair-class-list-list_cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-cid-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/app-type-src-dst-cid/{protocol} ` **cid-num** **Description** Class-list id **Type:** number **Range:** 1-32 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_cid-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-cid-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/l4-type-src-dst-cid/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list: src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template: src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list: src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template: src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_cid-list_exceed-log-cfg: src-dst-pair-class-list-list_cid-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_src-dst-pair-class-list-list_app-type-src-dst-list: src-dst-pair-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_app-type-src-dst-list_template: src-dst-pair-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_l4-type-src-dst-list: src-dst-pair-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_l4-type-src-dst-list_template: src-dst-pair-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-class-list-list_exceed-log-cfg: src-dst-pair-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_template: template ^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_glid-exceed-action: glid-exceed-action ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1053_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1053_glid-exceed-action_stateless-encap-action-cfg: glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1053_l4-type-list: l4-type-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_glid-exceed-action` **Type:** Object **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow **Type:** number **Range:** 1-6 **max-rexmit-syn-per-flow-exceed-action** **Description** 'drop': Drop the packet; 'black-list': Add the source IP into black list; **Type:** string **Supported Values:** drop, black-list **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind ` **protocol** **Description** 'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_template` **Type:** Object **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources ` **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_tunnel-rate-limit` **Type:** Object **undefined-port-hit-statistics** **Description:** undefined-port-hit-statistics is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_undefined-port-hit-statistics` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_l4-type-list_undefined-port-hit-statistics: l4-type-list_undefined-port-hit-statistics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **reset-interval** **Description** Configure port scanning counter reset interval (minutes), Default 60 mins **Type:** number **Range:** 1-64000 **Default:** 60 **undefined-port-hit-statistics** **Description** Enable port scanning statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_l4-type-list_template: l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_l4-type-list_glid-exceed-action: l4-type-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1053_l4-type-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1053_l4-type-list_glid-exceed-action_stateless-encap-action-cfg: l4-type-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1053_l4-type-list_tunnel-decap: l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1053_l4-type-list_tunnel-decap_key-cfg: l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1053_l4-type-list_port-ind: l4-type-list_port-ind ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_l4-type-list_topk-sources: l4-type-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_l4-type-list_tunnel-rate-limit: l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_src-dst-pair-settings-list: src-dst-pair-settings-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **all-types** **Description** 'all-types': Settings for all types (default or class-list); **Type:** string **Supported Values:** all-types **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **l4-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **src-prefix-len** **Description** Specify src prefix length for IPv6 (default: not set) **Type:** number **Range:** 32-127 **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot only; 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** default, source-ip-based **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-settings-list_l4-type-src-dst-list: src-dst-pair-settings-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-port-range-list: src-port-range-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-port-range-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-port-range-list_template: src-port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_ip-proto-list: ip-proto-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`1053_ip-proto-list_esp-inspect` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1053_ip-proto-list_glid-exceed-action` **Type:** Object **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_ip-proto-list_esp-inspect: ip-proto-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _1053_ip-proto-list_template: ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_ip-proto-list_glid-exceed-action: ip-proto-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1053_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1053_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg: ip-proto-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1053_src-port-list: src-port-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-port-list_template: src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_exceed-log-cfg: exceed-log-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rate-limit** **Description** Rate limit per second per entry(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 .. _1053_sflow: sflow ^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1053_sflow_polling` **Type:** Object .. _1053_sflow_polling: sflow_polling ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1053_sflow_polling_sflow-tcp` **Type:** Object **sflow-undef-port-hit-stats** **Description** Enable sFlow undefined-port-hit-statistics polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-undef-port-hit-stats-brief** **Description** Enable sFlow undefined-port-hit-statistics polling in brief mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_sflow_polling_sflow-tcp: sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_src-dst-pair: src-dst-pair ^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **app-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default** **Description** Configure default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair_template` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_template: src-dst-pair_template ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_app-type-src-dst-list: src-dst-pair_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_app-type-src-dst-list_template: src-dst-pair_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_l4-type-src-dst-list: src-dst-pair_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_l4-type-src-dst-list_template: src-dst-pair_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair_exceed-log-cfg: src-dst-pair_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_src-dst-pair-policy-list: src-dst-pair-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Src-based-policy name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list: src-dst-pair-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry under class-list **Type:** number **Range:** 0-2147483647 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_template: src-dst-pair-policy-list_policy-class-list-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list: src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template: src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list: src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template: src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-overflow-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/app-type-src-dst-overflow/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy for class-list; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-overflow-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/l4-type-src-dst-overflow/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1053_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg: src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg: src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_exceed-log-dep-cfg: exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1053_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - dst_entry_conn_limit_exceed - 8 - Entry Limit: Conn Exceeded * - - egress_bytes - 8 - Outbound: Bytes Received * - - dst_udp_wellknown_sport_drop - 8 - UDP SrcPort Wellknown * - - dst_pkt_sent - 8 - Inbound: Packets Forwarded * - - dst_udp_any_exceed - 8 - UDP Dst L4-Type Rate: Total Exceeded * - - sflow_external_packets_sent - 8 - Sflow External Packets Sent * - - dst_tcp_auth_drop - 8 - TCP Auth: Dropped * - - dst_tcp_session_created - 8 - TCP Sessions Created * - - dst_tcp_drop - 8 - TCP Total Packets Dropped * - - src_tcp_unauth_drop - 8 - Src TCP Auth: Unauth Dropped * - - src_udp_retry_gap_drop - 8 - Src UDP Auth: Retry-Gap Dropped * - - dst_other_bytes_rcv - 8 - OTHER Total Bytes Received * - - tcp_syn_rcvd - 8 - TCP Inbound SYN Received * - - src_tcp_action_on_ack_blacklist - 8 - Src TCP Auth: ACK Retry Timeout Blacklisted * - - dst_src_port_conn_rate_exceed - 8 - SrcPort Rate: Conn Exceeded * - - tcp_syn_cookie_fail - 8 - TCP Auth: SYN Cookie Failed * - - dst_tcp_action_on_ack_pass - 8 - TCP Auth: ACK Retry Passed * - - src_udp_filter_action_drop - 8 - Src UDP Filter Action Drop * - - dst_tcp_action_on_syn_gap_drop - 8 - TCP Auth: SYN Retry-Gap Dropped * - - src_udp_ntp_monlist_req - 8 - Src UDP NTP Monlist Request * - - sflow_internal_packets_sent - 8 - Sflow Internal Packets Sent * - - src_dst_pair_entry_tcp - 8 - Src-Dst Pair Entry TCP Count * - - dst_tcp_src_drop - 8 - TCP Src Packets Dropped * - - src_tcp_action_on_syn_fail - 8 - Src TCP Auth: SYN Retry Dropped * - - dst_other_src_drop - 8 - OTHER Src Packets Dropped * - - dst_tcp_action_on_syn_fail - 8 - TCP Auth: SYN Retry Dropped * - - dst_udp_session_aged - 8 - UDP Sessions Aged * - - tcp_rexmit_syn_limit_drop - 8 - TCP SYN Retransmit Exceeded Drop * - - dst_other_bytes_sent - 8 - OTHER Total Bytes Forwarded * - - dst_tcp_unauth_drop - 8 - TCP Auth: Unauth Dropped * - - dst_tcp_action_on_syn_reset - 8 - TCP Auth: SYN Retry Timeout Reset * - - udp_payload_too_big - 8 - UDP Payload Too Large * - - src_tcp_syn_cookie_sent - 8 - Src TCP Auth: SYN Cookie Sent * - - dst_port_kbit_rate_exceed - 8 - Port Rate: KiBit Exceeded * - - dns_outbound_query_resp_chk_reset_sent - 8 - DNS Outbound Query Resp Check RESET Sent * - - dst_udp_auth_drop - 8 - UDP Auth: Dropped * - - dst_udp_frag_src_rate_drop - 8 - UDP Src Rate: Frag Exceeded * - - dst_other_filter_match - 8 - OTHER Filter Match * - - dst_hw_drop_rule_remove - 8 - Dst Hardware Drop Rules Inserted * - - dst_l4_tcp_auth - 8 - TCP Dst L4-Type Auth: SYN Cookie Sent * - - src_l4_icmp_blacklist_drop - 8 - Src L4-type ICMP Blacklist Dropped * - - dst_blackhole_inject - 8 - Dst Blackhole Inject * - - dst_udp_retry_fail - 8 - UDP Auth: Retry Timeout * - - dst_udp_frag_pkt_rate_exceed - 8 - UDP Dst L4-Type Rate: Frag Exceeded * - - dst_exceed_action_tunnel - 8 - Entry Exceed Action: Tunnel * - - dst_port_conn_limit_exceed - 8 - Port Limit: Conn Exceeded * - - src_udp_retry_pass - 8 - Src UDP Retry Passed * - - dst_l4_udp_blacklist_drop - 8 - Dst L4-type UDP Blacklist Dropped * - - dst_clist_overflow_policy_at_learning - 8 - Dst Src-Based Overflow Policy Hit * - - dst_tcp_filter_not_match - 8 - TCP Filter Not Matched on Pkt * - - src_tcp_action_on_syn_gap_drop - 8 - Src TCP Auth: SYN Retry-Gap Dropped * - - src_tcp_out_of_seq_excd - 8 - Src TCP Out-Of-Seq Exceeded * - - dst_other_bytes_drop - 8 - OTHER Total Bytes Dropped * - - src_dst_pair_entry_total - 8 - Src-Dst Pair Entry Total Count * - - dst_icmp_src_drop - 8 - ICMP Src Packets Dropped * - - outbound_bytes_sent - 8 - Outbound: Bytes Forwarded * - - src_tcp_rst_cookie_fail - 8 - Src TCP Auth: RST Cookie Failed * - - dst_icmp_drop - 8 - ICMP Total Packets Dropped * - - inbound_pkt_drop - 8 - Inbound: Packets Dropped * - - dst_tcp_filter_action_blacklist - 8 - TCP Filter Action Blacklist * - - dst_l4_icmp_blacklist_drop - 8 - Dst L4-type ICMP Blacklist Dropped * - - dst_udp_retry_init - 8 - UDP Auth: Retry Init * - - dst_tcp_pkt_rate_exceed - 8 - TCP Dst L4-Type Rate: Packet Exceeded * - - dst_icmp_bytes_sent - 8 - ICMP Total Bytes Forwarded * - - dst_tcp_kibit_rate_drop - 8 - TCP Dst L4-Type Rate: KiBit Exceeded * - - src_tcp_action_on_ack_timeout - 8 - Src TCP Auth: ACK Retry Timeout * - - dst_udp_pkt_rcvd - 8 - UDP Total Packets Received * - - dst_tcp_conn_close_half_open - 8 - TCP Half Open Connections Closed * - - dst_entry_conn_rate_exceed - 8 - Entry Rate: Conn Exceeded * - - dns_outbound_query_resp_chk_no_resp_sent - 8 - DNS Outbound Query Resp Check No Response Sent * - - dst_src_port_conn_limit_exceed - 8 - SrcPort Limit: Conn Exceeded * - - dst_icmp_frag_src_rate_drop - 8 - ICMP Src Rate: Frag Exceeded * - - dst_src_port_pkt_rate_exceed - 8 - SrcPort Rate: Packet Exceeded * - - dst_tcp_action_on_syn_init - 8 - TCP Auth: SYN Retry Init * - - dst_udp_conn_rate_exceed - 8 - UDP Dst L4-Type Rate: Conn Exceeded * - - outbound_bytes_drop - 8 - Outbound: Bytes Dropped * - - dst_udp_retry_pass - 8 - UDP Auth: Retry Passed * - - dst_udp_ntp_monlist_resp - 8 - UDP NTP Monlist Response * - - src_tcp_filter_action_blacklist - 8 - Src TCP Filter Action Blacklist * - - dst_tcp_action_on_ack_gap_drop - 8 - TCP Auth: ACK Retry Retry-Gap Dropped * - - no_policy_class_list_match - 8 - No Policy Class-list Match * - - dst_tcp_retransmit_excd - 8 - TCP Retransmit Exceeded * - - dst_tcp_frag_src_rate_drop - 8 - TCP Src Rate: Frag Exceeded * - - src_tcp_conn_prate_excd - 8 - Src TCP Rate: Conn Pkt Exceeded * - - tcp_l4_rst_cookie_fail - 8 - TCP Dst L4-Type Auth: RST Cookie Failed * - - dst_other_any_exceed - 8 - OTHER Rate: Total Exceed * - - tcp_rst_rcvd - 8 - TCP RST Received * - - dst_udp_filter_action_blacklist - 8 - UDP Filter Action Blacklist * - - icmp_fwd_recv - 8 - ICMP Inbound Packets Received * - - src_udp_filter_action_whitelist - 8 - Src UDP Filter Action WL * - - src_dst_pair_entry_udp - 8 - Src-Dst Pair Entry UDP Count * - - src_udp_filter_action_blacklist - 8 - Src UDP Filter Action Blacklist * - - udp_payload_too_small - 8 - UDP Payload Too Small * - - dst_icmp_any_exceed - 8 - ICMP Rate: Total Exceed * - - src_dst_pair_entry_icmp - 8 - Src-Dst Pair Entry ICMP Count * - - ingress_packets - 8 - Inbound: Packets Received * - - dst_udp_pkt_rate_exceed - 8 - UDP Dst L4-Type Rate: Packet Exceeded * - - src_udp_retry_init - 8 - Src UDP Auth: Retry Init * - - src_l4_udp_blacklist_drop - 8 - Src L4-type UDP Blacklist Dropped * - - dst_tcp_auth_pass - 8 - TCP Auth: SYN Auth Passed * - - dst_entry_frag_pkt_rate_exceed - 8 - Entry Rate: Frag Packet Exceeded * - - dst_icmp_kibit_rate_drop - 8 - ICMP Dst Rate: KiBit Exceeded * - - dst_tcp_auth_resp - 8 - TCP Auth: Responded * - - dst_tcp_port_any_exceed - 8 - TCP Port Rate: Total Exceed * - - dst_tcp_conn_close_w_rst - 8 - TCP RST Connections Closed * - - src_tcp_wellknown_sport_drop - 8 - Src TCP SrcPort Wellknown * - - dst_udp_session_created - 8 - UDP Sessions Created * - - dst_udp_filter_action_whitelist - 8 - UDP Filter Action WL * - - outbound_pkt_sent - 8 - Outbound: Packets Forwarded * - - src_tcp_action_on_ack_init - 8 - Src TCP Auth: ACK Retry Init * - - dst_icmp_pkt_sent - 8 - ICMP Total Packets Forwarded * - - src_tcp_retransmit_excd - 8 - Src TCP Retransmit Exceeded * - - dns_outbound_total_query - 8 - DNS Outbound Total Query * - - src_tcp_action_on_syn_blacklist - 8 - Src TCP Auth: SYN Retry Timeout Blacklisted * - - src_udp_min_payload - 8 - Src UDP Payload Too Small * - - dst_other_drop - 8 - OTHER Total Packets Dropped * - - src_udp_conn_prate_excd - 8 - Src UDP Rate: Conn Pkt Exceeded * - - dst_tcp_conn_close_w_fin - 8 - TCP FIN Connections Closed * - - dst_other_kibit_rate_drop - 8 - OTHER Dst L4-Type Rate: KiBit Exceeded * - - dst_src_port_kbit_rate_exceed - 8 - SrcPort Rate: KiBit Exceeded * - - tcp_rexmit_syn_limit_bl - 8 - TCP SYN Retransmit Exceeded Blacklist * - - dst_tcp_auth - 8 - TCP Auth: SYN Cookie Sent * - - sflow_external_samples_packed - 8 - Sflow External Samples Packed * - - dst_other_src_rate_drop - 8 - OTHER Src Rate: Total Exceeded * - - dst_other_pkt_rate_exceed - 8 - OTHER Dst L4-Type Rate: Packet Exceeded * - - dst_tcp_bytes_rcv - 8 - TCP Total Bytes Received * - - dst_tcp_filter_action_whitelist - 8 - TCP Filter Action WL * - - src_dst_pair_entry_other - 8 - Src-Dst Pair Entry OTHER Count * - - dst_frag_rcvd - 8 - Fragmented Packets Received * - - dst_tcp_action_on_ack_fail - 8 - TCP Auth: ACK Retry Dropped * - - dst_tcp_frag_pkt_rate_exceed - 8 - TCP Dst L4-Type Rate: Frag Exceeded * - - src_l4_tcp_blacklist_drop - 8 - Src L4-type TCP Blacklist Dropped * - - src_tcp_action_on_syn_timeout - 8 - Src TCP Auth: SYN Retry Timeout * - - dst_tcp_wellknown_sport_drop - 8 - TCP SrcPort Wellknown * - - dst_tcp_conn_close - 8 - TCP Connections Closed * - - dst_l4_other_blacklist_drop - 8 - Dst L4-type OTHER Blacklist Dropped * - - src_tcp_action_on_syn_reset - 8 - Src TCP Auth: SYN Retry Timeout Reset * - - src_tcp_syn_auth_fail - 8 - Src TCP Auth: SYN Auth Failed * - - dst_tcp_syn - 8 - TCP Total SYN Received * - - dst_ip_proto_kbit_rate_exceed - 8 - IP-Proto Rate: KiBit Exceeded * - - inbound_bytes_sent - 8 - Inbound: Bytes Forwarded * - - dst_other_frag_pkt_rate_exceed - 8 - OTHER Dst L4-Type Rate: Frag Exceeded * - - dst_tcp_any_exceed - 8 - TCP Dst L4-Type Rate: Total Exceeded * - - dst_udp_filter_not_match - 8 - UDP Filter Not Matched on Pkt * - - dst_other_filter_action_whitelist - 8 - OTHER Filter Action WL * - - dst_udp_kibit_rate_drop - 8 - UDP Dst L4-Type Rate: KiBit Exceeded * - - src_frag_drop - 8 - Src Fragmented Packets Dropped * - - dst_tcp_action_on_ack_blacklist - 8 - TCP Auth: ACK Retry Timeout Blacklisted * - - dst_port_conn_rate_exceed - 8 - Port Rate: Conn Exceeded * - - src_tcp_action_on_ack_reset - 8 - Src TCP Auth: ACK Retry Timeout Reset * - - dst_udp_ntp_monlist_req - 8 - UDP NTP Monlist Request * - - dst_tcp_session_aged - 8 - TCP Sessions Aged * - - dst_other_frag_src_rate_drop - 8 - OTHER Src Rate: Frag Exceeded * - - src_tcp_syn_cookie_fail - 8 - Src TCP Auth: SYN Cookie Failed * - - dst_udp_filter_match - 8 - UDP Filter Match * - - dst_port_kbit_rate_exceed_pkt - 8 - Port Rate: KiBit Pkt Exceeded * - - dst_udp_src_drop - 8 - UDP Src Packets Dropped * - - dst_tcp_action_on_syn_timeout - 8 - TCP Auth: SYN Retry Timeout * - - dst_tcp_filter_action_default_pass - 8 - TCP Filter Action Default Pass * - - dst_other_filter_action_default_pass - 8 - OTHER Filter Action Default Pass * - - inbound_bytes_drop - 8 - Inbound: Bytes Dropped * - - dst_icmp_bytes_rcv - 8 - ICMP Total Bytes Received * - - src_tcp_action_on_ack_gap_drop - 8 - Src TCP Auth: ACK Retry Retry-Gap Dropped * - - dns_outbound_query_resp_chk_failed - 8 - DNS Outbound Query Resp Check Failed * - - dst_tcp_zero_window_excd - 8 - TCP Zero-Window Exceeded * - - dst_udp_bytes_sent - 8 - UDP Total Bytes Forwarded * - - dst_tcp_pkt_sent - 8 - TCP Total Packets Forwarded * - - dst_tcp_action_on_ack_init - 8 - TCP Auth: ACK Retry Init * - - dst_udp_pkt_sent - 8 - UDP Total Packets Forwarded * - - dns_outbound_query_resp_chk_blacklisted - 8 - DNS Outbound Query Resp Check Blacklisted * - - dst_out_no_route - 8 - Dst IPv4/v6 Out No Route * - - tcp_l4_unauth_drop - 8 - TCP Dst L4-Type Auth: Unauth Dropped * - - dst_tcp_filter_action_drop - 8 - TCP Filter Action Drop * - - dst_tcp_rst_cookie_fail - 8 - TCP Auth: RST Cookie Failed * - - dst_tcp_conn_create_from_ack - 8 - TCP Connections Created From ACK * - - dst_blackhole_withdraw - 8 - Dst Blackhole Withdraw * - - dst_tcp_action_on_ack_reset - 8 - TCP Auth: ACK Retry Timeout Reset * - - dst_tcp_bytes_sent - 8 - TCP Total Bytes Forwarded * - - dst_tcp_action_on_syn_pass - 8 - TCP Auth: SYN Retry Passed * - - tcp_ack_rcvd - 8 - TCP ACK Received * - - dst_src_port_bl - 8 - Dst SrcPort Blacklist Packets Dropped * - - dst_icmp_pkt_rate_exceed - 8 - ICMP Dst Rate: Packet Exceeded * - - dst_tcp_conn_close_w_idle - 8 - TCP Idle Connections Closed * - - src_tcp_filter_action_whitelist - 8 - Src TCP Filter Action WL * - - dst_icmp_bytes_drop - 8 - ICMP Total Bytes Dropped * - - dst_udp_filter_action_default_pass - 8 - UDP Filter Action Default Pass * - - src_hw_drop_rule_insert - 8 - Src Hardware Drop Rules Inserted * - - src_other_filter_action_blacklist - 8 - Src OTHER Filter Action Blacklist * - - dns_outbound_query_resp_size_exceed - 8 - DNS Outbound Query Response Size Exceed * - - dst_tcp_out_of_seq_excd - 8 - TCP Out-Of-Seq Exceeded * - - dst_port_pkt_rate_exceed - 8 - Port Rate: Packet Exceeded * - - udp_fwd_recv - 8 - UDP Inbound Packets Received * - - src_tcp_filter_action_drop - 8 - Src TCP Filter Action Drop * - - tcp_invalid_syn - 8 - TCP Invalid SYN Received * - - src_hw_drop_rule_remove - 8 - Src Hardware Drop Rules Inserted * - - dst_entry_kbit_rate_exceed_count - 8 - Entry Rate: KiBit Exceeded Count * - - dst_udp_bytes_rcv - 8 - UDP Total Bytes Received * - - egress_packets - 8 - Outbound: Packets Received * - - dst_tcp_pkt_rcvd - 8 - TCP Total Packets Received * - - dst_l4_tcp_blacklist_drop - 8 - Dst L4-type TCP Blacklist Dropped * - - src_other_filter_action_whitelist - 8 - Src OTHER Filter Action WL * - - dst_udp_src_rate_drop - 8 - UDP Src Rate: Total Exceeded * - - src_tcp_filter_action_default_pass - 8 - Src TCP Filter Action Default Pass * - - dst_tcp_conn_create_from_syn - 8 - TCP Connections Created From SYN * - - dst_tcp_bytes_drop - 8 - TCP Total Bytes Dropped * - - outbound_pkt_drop - 8 - Outbound: Packets Dropped * - - dst_tcp_conn_limit_exceed - 8 - TCP Dst L4-Type Limit: Conn Exceeded * - - dst_udp_filter_action_drop - 8 - UDP Filter Action Drop * - - dst_udp_conn_limit_exceed - 8 - UDP Dst L4-Type Limit: Conn Exceeded * - - src_l4_other_blacklist_drop - 8 - Src L4-type OTHER Blacklist Dropped * - - dst_tcp_filter_match - 8 - TCP Filter Match * - - dst_icmp_src_rate_drop - 8 - ICMP Src Rate: Total Exceeded * - - dst_entry_kbit_rate_exceed - 8 - Entry Rate: KiBit Exceeded * - - src_other_filter_action_default_pass - 8 - Src OTHER Filter Action Default Pass * - - dst_other_filter_not_match - 8 - OTHER Filter Not Matched on Pkt * - - dst_tcp_conn_prate_excd - 8 - TCP Rate: Conn Pkt Exceeded * - - src_tcp_action_on_ack_fail - 8 - Src TCP Auth: ACK Retry Dropped * - - src_tcp_zero_window_excd - 8 - Src TCP Zero-Window Exceeded * - - dst_other_pkt_rcvd - 8 - OTHER Total Packets Received * - - dst_entry_pkt_rate_exceed - 8 - Entry Rate: Packet Exceeded * - - src_udp_max_payload - 8 - Src UDP Payload Too Large * - - ingress_bytes - 8 - Inbound: Bytes Received * - - dst_udp_bytes_drop - 8 - UDP Total Bytes Dropped * - - dns_outbound_query_sess_timed_out - 8 - DNS Outbound Query Session Timed Out * - - sflow_internal_samples_packed - 8 - Sflow Internal Samples Packed * - - dst_tcp_conn_rate_exceed - 8 - TCP Dst L4-Type Rate: Conn Exceeded * - - dst_tcp_syn_drop - 8 - TCP SYN Packets Dropped * - - dst_icmp_pkt_rcvd - 8 - ICMP Total Packets Received * - - tcp_fin_rcvd - 8 - TCP FIN Received * - - dst_udp_retry_gap_drop - 8 - UDP Auth: Retry-Gap Dropped * - - dst_ip_proto_pkt_rate_exceed - 8 - IP-Proto Rate: Packet Exceeded * - - src_tcp_action_on_syn_init - 8 - Src TCP Auth: SYN Retry Init * - - src_udp_ntp_monlist_resp - 8 - Src UDP NTP Monlist Response * - - tcp_syn_ack_rcvd - 8 - TCP SYN ACK Received * - - src_udp_wellknown_sport_drop - 8 - Src UDP SrcPort Wellknown * - - dst_tcp_src_rate_drop - 8 - TCP Src Rate: Total Exceeded * - - dst_port_undef_hit - 8 - Dst Port Undefined Hit * - - dst_hw_drop_rule_insert - 8 - Dst Hardware Drop Rules Inserted * - - src_udp_filter_action_default_pass - 8 - Src UDP Filter Action Default Pass * - - dst_frag_drop - 8 - Fragmented Packets Dropped * - - dst_udp_port_any_exceed - 8 - UDP Port Rate: Total Exceed * - - dst_udp_conn_prate_excd - 8 - UDP Rate: Conn Pkt Exceeded * - - dst_other_filter_action_blacklist - 8 - OTHER Filter Action Blacklist * - - dst_port_bl - 8 - Dst Port Blacklist Packets Dropped * - - dst_udp_drop - 8 - UDP Total Packets Dropped * - - dst_other_pkt_sent - 8 - OTHER Total Packets Forwarded * - - dst_tcp_action_on_syn_blacklist - 8 - TCP Auth: SYN Retry Timeout Blacklisted * - - src_other_filter_action_drop - 8 - Src OTHER Filter Action Drop * - - dns_outbound_query_resp_chk_refused_sent - 8 - DNS Outbound Query Resp Check REFUSED Sent * - - dst_port_undef_drop - 8 - Dst Port Undefined Dropped * - - dst_icmp_frag_pkt_rate_exceed - 8 - ICMP Dst L4-Type Rate: Frag Exceeded * - - dst_tcp_action_on_ack_timeout - 8 - TCP Auth: ACK Retry Timeout * - - dns_outbound_query_malformed - 8 - DNS Outbound Query Malformed * - - dst_other_filter_action_drop - 8 - OTHER Filter Action Drop * - - tcp_l4_syn_cookie_fail - 8 - TCP Dst L4-Type Auth: SYN Cookie Failed * - - tcp_fwd_recv - 8 - TCP Inbound Packets Received * - - src_udp_auth_timeout - 8 - Src UDP Auth: Retry Timeout .. _1053_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - dst-all-entries - flag - dst-all-entries * - - protocol - string - protocol * - - all-src-ports - flag - all-src-ports * - - source-entry-limit - string-rlx - source-entry-limit * - - entry-displayed-count - number - entry-displayed-count * - - all-l4-types - flag - all-l4-types * - - subnet-ip-addr - ipv4-cidr - subnet-ip-addr * - - src-port-range-end - number - src-port-range-end * - - white-listed - flag - white-listed * - - sources - flag - sources * - - sflow-source-id - flag - sflow-source-id * - - exceeded - flag - exceeded * - - tcp-dynamic-entry-limit - string - tcp-dynamic-entry-limit * - - ip-proto-num - number - ip-proto-num * - - src-port-num - number - src-port-num * - - traffic-distribution-status - string - traffic-distribution-status * - - entry-status - flag - entry-status * - - authenticated - flag - authenticated * - - all-ip-protos - flag - all-ip-protos * - - overflow-policy - flag - overflow-policy * - - source-entry-remain - string-rlx - source-entry-remain * - - app-type - string - app-type * - - hw-blacklisted - string - hw-blacklisted * - - ipv6 - ipv6-address - ipv6 * - - l4-ext-rate - flag - l4-ext-rate * - - black-holed - flag - black-holed * - - subnet-ipv6-addr - ipv6-address-plen - subnet-ipv6-addr * - - resource-usage - flag - resource-usage * - - entry-count - flag - entry-count * - - port-num - number - port-num * - - class-list - string - class-list * - - opt-sport-protocol - string - opt-sport-protocol * - - dst-service-remain - string-rlx - dst-service-remain * - - port-app-stat - flag - port-app-stat * - - sources-all-entries - flag - sources-all-entries * - - port-range-start - number - port-range-start * - - operational-mode - string - operational-mode * - - sport-protocol - string - sport-protocol * - - l4-type-str - string - l4-type-str * - - dst-service-alloc - string-rlx - dst-service-alloc * - - all-ports - flag - all-ports * - - dst-entry-name - string-rlx - dst-entry-name * - - other-dynamic-entry-count - string - other-dynamic-entry-count * - - udp-dynamic-entry-count - string - udp-dynamic-entry-count * - - app-stat - flag - app-stat * - - black-listed - flag - black-listed * - - total-dynamic-entry-limit - string - total-dynamic-entry-limit * - - total-dynamic-entry-count - string - total-dynamic-entry-count * - - udp-dynamic-entry-limit - string - udp-dynamic-entry-limit * - - icmp-dynamic-entry-count - string - icmp-dynamic-entry-count * - - tcp-dynamic-entry-count - string - tcp-dynamic-entry-count * - - ddos_entry_list - - ddos_entry_list * - - service-displayed-count - number - service-displayed-count * - - src-port-range-start - number - src-port-range-start * - - dst-service-limit - string-rlx - dst-service-limit * - - icmp-dynamic-entry-limit - string - icmp-dynamic-entry-limit * - - display-traffic-distribution-status - flag - display-traffic-distribution-status * - - entry-address-str - string-rlx - entry-address-str * - - opt-protocol - string - opt-protocol * - - source-entry-alloc - string-rlx - source-entry-alloc * - - other-dynamic-entry-limit - string - other-dynamic-entry-limit * - - port-range-end - number - port-range-end