.. _ddos_protection:

ddos protection
===============

DDOS protection


protection Specification
------------------------

	===================================== ========================================================
	 **Parameter**                         **Value** 

	===================================== ========================================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      protection

	 **Element URI**                       /axapi/v3/ddos/protection

	 **Element Attributes**                protection_attributes

	 **Partition Visibility**              None

	 **Operational Data URI**              /axapi/v3/ddos/protection/oper

	 **Schema**                             :download:`protection schema <ddos-protection/ddos-protection.txt>`
	===================================== ========================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/ddos/protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`373_protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/ddos/protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`373_protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/ddos/protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`373_protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/ddos/protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`373_protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/ddos/protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`373_protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   </table>

.. _373_protection_attributes:

protection attributes
---------------------

    **disable-on-reboot**

        **Description** Disable DDoS protection upon reboot/reload

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **enable-now**

        **Description** Override disable-on-reboot to enable runtime DDOS protection

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **fast-aging**

        **Description:** fast-aging is a **JSON Block**.  Please see below for :ref:`373_fast-aging` 

        **Type:** Object

    **force-routing-on-transp**

        **Description** Force use of routing in transparent mode

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **hw-blocking-enable**

        **Description** Enable hardware blacklist blocking for src or dst default entries (default disabled)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **interblade-sync-accuracy**

        **Description** 'High': Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; 'Medium': Enforced limit is close to configured value, but has worse under-commit issue in certain situations; 'Low': Enforced limit is less close to configured value, but has least under-commit issue in certain situations; 

        **Type:** string

        **Supported Values:** High, Medium, Low

        **Default:** Medium

    **mpls**

        **Description** Enable MPLS packet inspection

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **rate-interval**

        **Description** '100ms': 100ms; '1sec': 1sec; 

        **Type:** string

        **Supported Values:** 100ms, 1sec

        **Default:** 100ms

    **src-dst-entry-limit**

        **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; 

        **Type:** string

        **Supported Values:** 8M, 16M, unlimited, platform-default

        **Default:** 16M

    **src-zone-port-entry-limit**

        **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; 

        **Type:** string

        **Supported Values:** 8M, 16M, unlimited, platform-default

        **Default:** 16M

    **toggle**

        **Description** 'enable': enable; 'disable': disable; 

        **Type:** string

        **Supported Values:** enable, disable

        **Default:** disable

    **traffic-distribution-mode**

        **Description** 'dest-ip-based': Distribute traffic to one slot using default distribution mechanism (Destination IP based); 'source-ip-based': Distribute traffic between slots, based on source ip; 

        **Type:** string

        **Supported Values:** dest-ip-based, source-ip-based

        **Default:** dest-ip-based

    **use-route**

        **Description** Use route table, default use receive hop for device initiated traffic

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _373_fast-aging:

fast-aging
^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **half-open-conn-ratio**

        **Description** Minimum half-open session to total session ratio before session fast aging will take effect (default 25)

        **Type:** number

        **Range:** 1-99

        **Default:** 25

    **half-open-conn-threshold**

        **Description** Minimum half-open session (percentage) before session fast aging will take effect (default 1)

        **Type:** number

        **Range:** 1-99

        **Default:** 1