{ "id":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}", "type":"object", "node-type":"list", "title":"proto-name", "description":"DDOS IP protocol configuration", "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; ", "enum":[ "icmp-v4", "icmp-v6", "other", "gre", "ipv4-encap", "ipv6-encap" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Blacklist and Drop all incoming packets for ip-proto icmp-v4", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "tunnel-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Enable tunnel decapsulation", "optional":true }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":10, "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "optional":true } } ] }, "tunnel-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Enable DDOS-protection on tunnel traffic", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Drop fragmented packets", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos top-k detection", "optional":true }, "age":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":2, "maximum":1023, "default":5, "description":"Idle age for ip entry", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization" ], "optional":false }, "data-packet-size":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "description":"Indicator per-src threshold", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "description":"Threshold for the entire zone", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS logging template" }, "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "protocol" ], "required":[ "protocol" ] }