flowspec¶

Configure Flowspec

flowspec Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name flowspec-list

Collection URI /axapi/v3/flowspec

Element Name flowspec

Element URI /axapi/v3/flowspec/{name}

Element Attributes flowspec_attributes

Partition Visibility None

Operational Data URI /axapi/v3/flowspec/{name}/oper

Schema flowspec schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/flowspec	flowspec attributes
Create List	POST	/axapi/v3/flowspec	flowspec attributes
Get Object	GET	/axapi/v3/flowspec/{name}	flowspec attributes
Get List	GET	/axapi/v3/flowspec	flowspec-list
Modify Object	POST	/axapi/v3/flowspec/{name}	flowspec attributes
Replace Object	PUT	/axapi/v3/flowspec/{name}	flowspec attributes
Replace List	PUT	/axapi/v3/flowspec	flowspec-list
Delete Object	DELETE	/axapi/v3/flowspec/{name}	flowspec attributes

flowspec-list¶

flowspec-list is JSON List of flowspec attributes

flowspec-list : [

{ flowspec attributes },

{ flowspec attributes },

…

]

flowspec attributes¶

dest-addr-type

Description ‘ip’: IPv4 Address; ‘ipv6’: IPv6 Address;

Type: string

Supported Values: ip, ipv6

dest-ip-host

Description IPv4 host address

Type: string

Format: ipv4-address

Mutual Exclusion: dest-ip-host and dest-ip-subnet are mutually exclusive

dest-ip-subnet

Description IPv4 Subnet address

Type: string

Format: ipv4-cidr

Mutual Exclusion: dest-ip-subnet and dest-ip-host are mutually exclusive

dest-ipv6-host

Description IPv6 host address

Type: string

Format: ipv6-address

Mutual Exclusion: dest-ipv6-host and dest-ipv6-subnet are mutually exclusive

dest-ipv6-subnet

Description IPv6 Subnet address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: dest-ipv6-subnet and dest-ipv6-host are mutually exclusive

destination-port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/destination-port/{port-attribute}+{port-num}

flowspec-action

Description ‘deny’: Drop all traffic; ‘rate’: Apply rate for this class of traffic;

Type: string

Supported Values: deny, rate

fragmentation-option-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/fragmentation-option/{frag-attribute}

name

Description Flowspec name

Type: string

Format: string-rlx

Maximum Length: 64 characters

Maximum Length: 1 characters

operational-mode

Description: operational-mode is a JSON Block. Please see below for operational-mode

Type: Object

Reference Object: /axapi/v3/flowspec/{name}/operational-mode

port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/port/{port-attribute}+{port-num}

protocol-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/protocol/{proto-attribute}+{proto-num}

rate-limit

Description Apply rate for this class of traffic

Type: number

Range: 1-1000000

source-port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/source-port/{port-attribute}+{port-num}

src-addr-type

Description ‘ip’: IPv4 Address; ‘ipv6’: IPv6 Address;

Type: string

Supported Values: ip, ipv6

src-ip-host

Description IPv4 host address

Type: string

Format: ipv4-address

Mutual Exclusion: src-ip-host and src-ip-subnet are mutually exclusive

src-ip-subnet

Description IPv4 Subnet address

Type: string

Format: ipv4-cidr

Mutual Exclusion: src-ip-subnet and src-ip-host are mutually exclusive

src-ipv6-host

Description IPv6 host address

Type: string

Format: ipv6-address

Mutual Exclusion: src-ipv6-host and src-ipv6-subnet are mutually exclusive

src-ipv6-subnet

Description IPv6 Subnet address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: src-ipv6-subnet and src-ipv6-host are mutually exclusive

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

fragmentation-option-list¶

Specification Value

Type list

Block object keys

frag-attribute

Description ‘is-fragment’: Is fragmented packet; ‘first-fragment’: Is the first fragment packet; ‘last-fragment’: Is the last fragment; ‘dont-fragment’: Is DF bit set;

Type: string

Supported Values: is-fragment, first-fragment, last-fragment, dont-fragment

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

destination-port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given destination port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

source-port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given source port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

operational-mode¶

Specification Value

Type object

mode

Description ‘enabled’: Enable the flowspec and send the prefix to BGP; ‘disabled’: Disable the flowspec and remove the prefix from BGP;

Type: string

Supported Values: enabled, disabled

Default: disabled

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

protocol-list¶

Specification Value

Type list

Block object keys

proto-attribute

Description ‘eq’: Match only packets on a given protocol; ‘gt’: Match only packets with a greater protocol number; ‘lt’: Match only packets with a lower protocol number; ‘range’: match only packets in the range of protocol numbers;

Type: string

Supported Values: eq, gt, lt, range

proto-num

Description Specify the protocol number(6 for TCP and 17 for UDP)

Type: number

Range: 1-255

proto-num-end

Description Specify the protocol number

Type: number

Range: 2-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters