ddos protection

DDOS protection

protection Specification

Parameter Value
Type Configuration Resource
Element Name protection
Element URI /axapi/v3/ddos/protection
Element Attributes protection_attributes
Partition Visibility None
Operational Data URI /axapi/v3/ddos/protection/oper
Schema protection schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/protection

protection attributes

Get Object

GET

/axapi/v3/ddos/protection

protection attributes

Modify Object

POST

/axapi/v3/ddos/protection

protection attributes

Replace Object

PUT

/axapi/v3/ddos/protection

protection attributes

Delete Object

DELETE

/axapi/v3/ddos/protection

protection attributes

protection attributes

disable-on-reboot

Description Disable DDoS protection upon reboot/reload

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-now

Description Override disable-on-reboot to enable runtime DDOS protection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fast-aging

Description: fast-aging is a JSON Block. Please see below for fast-aging

Type: Object

force-routing-on-transp

Description Force use of routing in transparent mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hw-blocking-enable

Description Enable hardware blacklist blocking for src or dst default entries (default disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interblade-sync-accuracy

Description ‘High’: Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; ‘Medium’: Enforced limit is close to configured value, but has worse under-commit issue in certain situations; ‘Low’: Enforced limit is less close to configured value, but has least under-commit issue in certain situations;

Type: string

Supported Values: High, Medium, Low

Default: Medium

mpls

Description Enable MPLS packet inspection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 100ms

src-dst-entry-limit

Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;

Type: string

Supported Values: 8M, 16M, unlimited, platform-default

Default: 16M

src-zone-port-entry-limit

Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;

Type: string

Supported Values: 8M, 16M, unlimited, platform-default

Default: 16M

toggle

Description ‘enable’: enable; ‘disable’: disable;

Type: string

Supported Values: enable, disable

Default: disable

traffic-distribution-mode

Description ‘dest-ip-based’: Distribute traffic to one slot using default distribution mechanism (Destination IP based); ‘source-ip-based’: Distribute traffic between slots, based on source ip;

Type: string

Supported Values: dest-ip-based, source-ip-based

Default: dest-ip-based

use-route

Description Use route table, default use receive hop for device initiated traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

fast-aging

Specification Value
Type object

half-open-conn-ratio

Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)

Type: number

Range: 1-99

Default: 25

half-open-conn-threshold

Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)

Type: number

Range: 1-99

Default: 1