{ "id":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}", "type":"object", "node-type":"list", "title":"l4-type", "partition-visibility":"shared", "description":"DDOS L4 type", "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow", "optional":true }, "max-rexmit-syn-per-flow-exceed-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop the packet; 'black-list': Add the source IP into black list; ", "enum":[ "drop", "black-list" ], "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"enable", "partition-visibility":"shared", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "optional":true } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "undefined-port-hit-statistics":{ "type":"object", "properties":{ "undefined-port-hit-statistics":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable port scanning statistics" }, "reset-interval":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":64000, "default":60, "partition-visibility":"shared", "description":"Configure port scanning counter reset interval (minutes), Default 60 mins" } } }, "template":{ "type":"object", "properties":{ "template-icmp-v4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "not":"template-icmp-v6", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "not":"template-icmp-v4", "description":"DDOS icmp-v6 template" } } }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k entries", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "protocol" ], "required":[ "protocol" ] }