ddos dst entry l4-type¶
DDOS L4 type
l4-type Specification¶
Parameter Value Type Collection Object Key(s) protocol Collection Name l4-type-list Collection URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type Element Name l4-type Element URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} Element Attributes l4-type_attributes Partition Visibility shared Statistics Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/stats Operational Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/oper Schema l4-type schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Create List | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Get Object | GET | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Get List | GET | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Modify Object | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Replace List | PUT | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} |
l4-type-list¶
l4-type-list is JSON List of l4-type attributes
l4-type-list : [
]
l4-type attributes¶
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for glid-exceed-action
Type: Object
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-exceed-action
Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;
Type: string
Supported Values: drop, black-list
port-ind
Description: port-ind is a JSON Block. Please see below for port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind
protocol
Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for tunnel-rate-limit
Type: Object
undefined-port-hit-statistics
Description: undefined-port-hit-statistics is a JSON Block. Please see below for undefined-port-hit-statistics
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
undefined-port-hit-statistics¶
Specification Value Type object reset-interval
Description Configure port scanning counter reset interval (minutes), Default 60 mins
Type: number
Range: 1-64000
Default: 60
undefined-port-hit-statistics
Description Enable port scanning statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template¶
Specification Value Type object template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for glid-exceed-action_stateless-encap-action-cfg
Type: Object
glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0