ddos protection¶
DDOS protection
protection Specification¶
Type
Configuration Resource
Element Name
protection
Element URI
/axapi/v3/ddos/protection
Element Attributes
protection_attributes
Operational Data URI
/axapi/v3/ddos/protection/oper
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/protection | ||
Get Object | GET | /axapi/v3/ddos/protection | ||
Modify Object | POST | /axapi/v3/ddos/protection | ||
Replace Object | PUT | /axapi/v3/ddos/protection | ||
Delete Object | DELETE | /axapi/v3/ddos/protection |
protection attributes¶
disable-advanced-core-analysis
Description Disable advanced context info in coredump file
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-delay-dynamic-src-learning
Description Disable delay dynamic src entry learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-on-reboot
Description Disable DDoS protection upon reboot/reload
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-now
Description Override disable-on-reboot to enable runtime DDOS protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-aging
Description: fast-aging is a JSON Block. Please see below for fast-aging
Type: Object
force-routing-on-transp
Description Force use of routing in transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-traffic-to-same-blade-disable
Description Allow traffic to be distributed among blades on Chassis
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-blocking-enable
Description Enable hardware blacklist blocking for src or dst default entries (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-blocking-threshold-limit
Description Threshold to initiate hardware blocking (default 10000)
Type: number
Range: 1-16000000
Default: 10000
ipv6-src-hash-mask-bits
Description: ipv6-src-hash-mask-bits is a JSON Block. Please see below for ipv6-src-hash-mask-bits
Type: Object
Refernce Object: /axapi/v3/ddos/protection/ipv6-src-hash-mask-bits
mpls
Description Enable MPLS packet inspection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 100ms
rexmit-syn-log
Description Enable ddos per flow rexmit syn exceeded log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
src-ip-hash-bit
Description Configure which bit hashed on
Type: number
Range: 0-31
Default: 2
src-ipv6-hash-bit
Description Configure which bit hashed on
Type: number
Range: 0-127
Default: 2
src-zone-port-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
use-route
Description Use route table, default use receive hop for device initiated traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ipv6-src-hash-mask-bits¶
Specification
Type
object
mask-bit-offset-1
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-2
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-3
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-4
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-5
Description Configure mask bits
Type: number
Range: 0-127
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
fast-aging¶
Specification
Type
object
half-open-conn-ratio
Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)
Type: number
Range: 1-99
Default: 25
half-open-conn-threshold
Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)
Type: number
Range: 1-99
Default: 1
operational data¶
Counter |
Size |
Description |
|
|---|---|---|---|
ip-ano-sec-l4-tcp |
enum |
Output contains one of the following values: - enabled, disabled |
|
pattern-recognition |
enum |
Output contains one of the following values: - enabled, disabled |
|
mpls-pkt-inspect |
enum |
Output contains one of the following values: - enabled, disabled |
|
bgp-auto-wl |
enum |
Output contains one of the following values: - enabled, disabled |
|
pattern-recognition-hardware-filter |
enum |
Output contains one of the following values: - enabled, disabled |
|
ddet-mode |
string |
ddet-mode |
|
sync |
enum |
Output contains one of the following values: - enabled, disabled |
|
hw-blocking-threshold |
number |
hw-blocking-threshold |
|
detection |
enum |
Output contains one of the following values: - enabled, disabled |
|
interblade-sync-accuracy |
enum |
Output contains one of the following values: - High, Low, Medium |
|
src-delay-learning |
enum |
Output contains one of the following values: - enabled, disabled |
|
vrrp-auto-wl |
enum |
Output contains one of the following values: - enabled, disabled |
|
ddet-cpus |
number |
ddet-cpus |
|
dns-cache-mode |
enum |
Output contains one of the following values: - enabled, disabled |
|
sync-auto-wl |
enum |
Output contains one of the following values: - enabled, disabled |
|
rate-interval |
enum |
Output contains one of the following values: - 100ms, 1sec |
|
use-route |
enum |
Output contains one of the following values: - enabled, disabled |
|
interface-http-health-check |
enum |
Output contains one of the following values: - enabled, disabled |
|
vrrp |
enum |
Output contains one of the following values: - enabled, disabled |
|
ip-ano-def-l3 |
enum |
Output contains one of the following values: - enabled, disabled |
|
hw-syn-cookie |
enum |
Output contains one of the following values: - enabled, disabled |
|
ip-ano-def-l4 |
enum |
Output contains one of the following values: - enabled, disabled |
|
dns-zone-transfer-dedicated-cpus |
number |
dns-zone-transfer-dedicated-cpus |
|
ip-ano-sec-l4-udp |
enum |
Output contains one of the following values: - enabled, disabled |
|
ip-ano-sec-l3 |
enum |
Output contains one of the following values: - enabled, disabled |
|
src-zone-port-entry-limit |
enum |
Output contains one of the following values: - 8M, 16M, unlimited, platform-default |
|
detection-window-size |
number |
detection-window-size |
|
src-dynamic-overflow-ipv6 |
enum |
Output contains one of the following values: - enabled, disabled |
|
dst-dynamic-overflow-ipv4 |
enum |
Output contains one of the following values: - enabled, disabled |
|
src-dynamic-overflow-ipv4 |
enum |
Output contains one of the following values: - enabled, disabled |
|
dst-dynamic-overflow-ipv6 |
enum |
Output contains one of the following values: - enabled, disabled |
|
hw-blocking |
enum |
Output contains one of the following values: - enabled, disabled |
|
one-arm-mode |
enum |
Output contains one of the following values: - enabled, disabled |
|
warm-up |
string |
warm-up |
|
src-dst-entry-limit |
enum |
Output contains one of the following values: - 8M, 16M, unlimited, platform-default |
|
bgp |
enum |
Output contains one of the following values: - enabled, disabled |
|
mode |
string |
mode |
|
tap-interfaces |
enum |
Output contains one of the following values: - enabled, disabled |
|
pattern-recognition-cpus |
number |
pattern-recognition-cpus |
|
ddos-protection |
enum |
Output contains one of the following values: - enabled, disabled |
|
dst-auto-learning-ipv4 |
enum |
Output contains one of the following values: - enabled, disabled |
|
src-auto-learning-ipv4 |
enum |
Output contains one of the following values: - enabled, disabled |
|
dst-auto-learning-ipv6 |
enum |
Output contains one of the following values: - enabled, disabled |
|
src-auto-learning-ipv6 |
enum |
Output contains one of the following values: - enabled, disabled |