cgnv6 ddos-protection¶

Configure CGNV6 DDoS Protection

ddos-protection Specification¶

Type Configuration Resource

Element Name ddos-protection

Element URI /axapi/v3/cgnv6/ddos-protection

Element Attributes ddos-protection_attributes

Statistics Data URI /axapi/v3/cgnv6/ddos-protection/stats

Schema ddos-protection schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/cgnv6/ddos-protection	ddos-protection attributes
Get Object	GET	/axapi/v3/cgnv6/ddos-protection	ddos-protection attributes
Modify Object	POST	/axapi/v3/cgnv6/ddos-protection	ddos-protection attributes
Delete Object	DELETE	/axapi/v3/cgnv6/ddos-protection	ddos-protection attributes

ddos-protection attributes¶

disable-nat-ip-by-bgp

Description: disable-nat-ip-by-bgp is a JSON Block. Please see below for disable-nat-ip-by-bgp

Type: Object

Reference Object: /axapi/v3/cgnv6/ddos-protection/disable-nat-ip-by-bgp

ip-entries

Description: ip-entries is a JSON Block. Please see below for ip-entries

Type: Object

Reference Object: /axapi/v3/cgnv6/ddos-protection/ip-entries

l4-entries

Description: l4-entries is a JSON Block. Please see below for l4-entries

Type: Object

Reference Object: /axapi/v3/cgnv6/ddos-protection/l4-entries

logging

Description: logging is a JSON Block. Please see below for logging

Type: Object

max-hw-entries

Description Configure maximum HW entries

Type: number

Range: 0-262144

Default: 262144

packets-per-second

Description: packets-per-second is a JSON Block. Please see below for packets-per-second

Type: Object

sampling-enable

Type: List

toggle

Description ‘enable’: Enable CGNV6 NAT pool DDoS protection (default); ‘disable’: Disable CGNV6 NAT pool DDoS protection;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone

Description Disable NAT IP based on DDoS zone name set in BGP

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging¶

Specification

Type object

logging-toggle

Description ‘enable’: Enable CGNV6 NAT pool DDoS protection logging (default); ‘disable’: Disable CGNV6 NAT pool DDoS protection logging;

Type: string

Supported Values: enable, disable

Default: enable

sampling-enable¶

Specification

Type list

Block object keys

counters1

Description ‘all’: all; ‘entry_added’: Entry Added; ‘entry_deleted’: Entry Deleted; ‘entry_added_to_hw’: Entry added to HW; ‘entry_removed_from_hw’: Entry Removed From HW; ‘hw_out_of_entries’: HW out of Entries; ‘entry_match_drop’: Entry Match Drop; ‘entry_match_drop_hw’: HW Entry Match Drop; ‘entry_list_alloc’: Entry List Alloc; ‘entry_list_free’: Entry List Alloc Free; ‘entry_list_alloc_failure’: Entry List Alloc Failure; ‘ip_node_alloc’: Node Alloc; ‘ip_node_free’: Node Free; ‘ip_node_alloc_failure’: Node Alloc Failure; ‘ip_port_block_alloc’: Port Block Alloc; ‘ip_port_block_free’: Port Block Free; ‘ip_port_block_alloc_failure’: Port Block Alloc Failure; ‘ip_other_block_alloc’: Other Block Alloc; ‘ip_other_block_free’: Other Block Free; ‘ip_other_block_alloc_failure’: Other Block Alloc Failure; ‘entry_added_shadow’: Entry Added Shadow; ‘entry_invalidated’: Entry Invalidated;

Type: string

Supported Values: all, l3_entry_added, l3_entry_deleted, l3_entry_added_to_bgp, l3_entry_removed_from_bgp, l3_entry_added_to_hw, l3_entry_removed_from_hw, l3_entry_too_many, l3_entry_match_drop, l3_entry_match_drop_hw, l3_entry_drop_max_hw_exceeded, l4_entry_added, l4_entry_deleted, l4_entry_added_to_hw, l4_entry_removed_from_hw, l4_hw_out_of_entries, l4_entry_match_drop, l4_entry_match_drop_hw, l4_entry_drop_max_hw_exceeded, l4_entry_list_alloc, l4_entry_list_free, l4_entry_list_alloc_failure, ip_node_alloc, ip_node_free, ip_node_alloc_failure, ip_port_block_alloc, ip_port_block_free, ip_port_block_alloc_failure, ip_other_block_alloc, ip_other_block_free, ip_other_block_alloc_failure, entry_added_shadow, entry_invalidated, l3_entry_add_to_bgp_failure, l3_entry_remove_from_bgp_failure, l3_entry_add_to_hw_failure

ip-entries¶

Specification

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

disable-nat-ip-by-bgp¶

Specification

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

packets-per-second¶

Specification

Type object

action

Description: action is a JSON Block. Please see below for packets-per-second_action

Type: Object

include-existing-session

Description Count traffic associated with existing session into the packets-per-second (Default: Disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip

Description Configure packets-per-second threshold per IP(default 3000000)

Type: number

Range: 0-30000000

Default: 3000000

other

Description Configure packets-per-second threshold for other L4 protocols(default 10000)

Type: number

Range: 0-30000000

Default: 10000

tcp

Description Configure packets-per-second threshold per TCP port (default: 3000)

Type: number

Range: 0-30000000

Default: 3000

udp

Description Configure packets-per-second threshold per UDP port (default: 3000)

Type: number

Range: 0-30000000

Default: 3000

packets-per-second_action¶

Specification

Type object

action-type

Description ‘log’: Log the event only; ‘drop’: Log, and drop all packets (default); ‘redistribute-route’: Log, Drop, and Notify upstream router to reroute the packets;

Type: string

Supported Values: log, drop, redistribute-route

Default: drop

expiration

Description To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 3600 seconds))

Type: number

Range: 10-8640000

Default: 3600

remove-wait-timer

Description Time after which IP will be removed from blackhole

Type: number

Range: 0-300

Default: 300

route-map

Description Route map name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

timer-multiply-max

Description To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6))

Type: number

Range: 1-100

Default: 6

l4-entries¶

Specification

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

stats data¶

Counter	Size	Description

ip_other_block_alloc	8	Other block alloc
l4_entry_list_alloc	8	L4 Entry list alloc
l3_entry_add_to_bgp_failure	8	L3 Entry BGP add failures
ip_node_free	8	Node free
l4_entry_added	8	L4 Entry added
l4_hw_out_of_entries	8	HW out of L4 entries
l4_entry_list_free	8	L4 Entry list free
l4_entry_added_to_hw	8	L4 Entry added to HW
ip_node_alloc	8	Node alloc
l3_entry_match_drop_hw	8	L3 HW entry match drop
l4_entry_deleted	8	L4 Entry deleted
l3_entry_remove_from_bgp_failure	8	L3 entry BGP remove failures
l3_entry_removed_from_hw	8	L3 Entry removed from HW
l3_entry_deleted	8	L3 Entry Deleted
l3_entry_removed_from_bgp	8	Entry removed from BGP
l3_entry_too_many	8	L3 Too many entries
l3_entry_match_drop	8	L3 Entry match drop
l3_entry_drop_max_hw_exceeded	8	L3 Entry Drop due to HW Limit Exceeded
l4_entry_match_drop	8	L4 Entry match drop
ip_port_block_free	8	Port block free
entry_invalidated	8	Entry invalidated
l4_entry_drop_max_hw_exceeded	8	L4 Entry Drop due to HW Limit Exceeded
l3_entry_add_to_hw_failure	8	L3 entry HW add failure
ip_other_block_alloc_failure	8	Other block alloc failure
ip_port_block_alloc	8	Port block alloc
l3_entry_added_to_hw	8	L3 Entry added to HW
l4_entry_list_alloc_failure	8	L4 Entry list alloc failures
ip_other_block_free	8	Other block free
l4_entry_match_drop_hw	8	L4 HW Entry match drop
l3_entry_added	8	L3 Entry Added
entry_added_shadow	8	Entry added shadow
l4_entry_removed_from_hw	8	L4 Entry removed from HW
l3_entry_added_to_bgp	8	L3 Entry added to BGP
ip_port_block_alloc_failure	8	Port block alloc failure
ip_node_alloc_failure	8	Node alloc failures