.. _ddos_protection: ddos protection =============== DDOS protection protection Specification ------------------------ ===================================== ======================================================== ===================================== ======================================================== **Type** *Configuration Resource* **Element Name** protection **Element URI** /axapi/v3/ddos/protection **Element Attributes** protection_attributes **Operational Data URI** /axapi/v3/ddos/protection/oper **Schema** :download:`protection schema ` ===================================== ======================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/protection .. raw:: html :ref:`410_protection_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/protection .. raw:: html :ref:`410_protection_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/protection .. raw:: html :ref:`410_protection_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/protection .. raw:: html :ref:`410_protection_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/protection .. raw:: html :ref:`410_protection_attributes` .. raw:: html
.. _410_protection_attributes: protection attributes --------------------- **disable-on-reboot** **Description** Disable DDoS protection upon reboot/reload **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-now** **Description** Override disable-on-reboot to enable runtime DDOS protection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fast-aging** **Description:** fast-aging is a **JSON Block**. Please see below for :ref:`410_fast-aging` **Type:** Object **force-routing-on-transp** **Description** Force use of routing in transparent mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-blocking-enable** **Description** Enable hardware blacklist blocking for src or dst default entries (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **interblade-sync-accuracy** **Description** 'High': Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; 'Medium': Enforced limit is close to configured value, but has worse under-commit issue in certain situations; 'Low': Enforced limit is less close to configured value, but has least under-commit issue in certain situations; **Type:** string **Supported Values:** High, Medium, Low **Default:** Medium **mpls** **Description** Enable MPLS packet inspection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 100ms **src-dst-entry-limit** **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; **Type:** string **Supported Values:** 8M, 16M, unlimited, platform-default **Default:** 16M **src-zone-port-entry-limit** **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; **Type:** string **Supported Values:** 8M, 16M, unlimited, platform-default **Default:** 16M **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **traffic-distribution-mode** **Description** 'dest-ip-based': Distribute traffic to one slot using default distribution mechanism (Destination IP based); 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** dest-ip-based, source-ip-based **Default:** dest-ip-based **use-route** **Description** Use route table, default use receive hop for device initiated traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _410_fast-aging: fast-aging ^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **half-open-conn-ratio** **Description** Minimum half-open session to total session ratio before session fast aging will take effect (default 25) **Type:** number **Range:** 1-99 **Default:** 25 **half-open-conn-threshold** **Description** Minimum half-open session (percentage) before session fast aging will take effect (default 1) **Type:** number **Range:** 1-99 **Default:** 1 .. _410_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - ip-ano-sec-l4-tcp - enum - Output contains one of the following values: - enabled, disabled * - - pattern-recognition - enum - Output contains one of the following values: - enabled, disabled * - - mpls-pkt-inspect - enum - Output contains one of the following values: - enabled, disabled * - - bgp-auto-wl - enum - Output contains one of the following values: - enabled, disabled * - - pattern-recognition-hardware-filter - enum - Output contains one of the following values: - enabled, disabled * - - sync - enum - Output contains one of the following values: - enabled, disabled * - - hw-blocking-threshold - number - hw-blocking-threshold * - - detection - enum - Output contains one of the following values: - enabled, disabled * - - interblade-sync-accuracy - enum - Output contains one of the following values: - High, Low, Medium * - - src-delay-learning - enum - Output contains one of the following values: - enabled, disabled * - - vrrp-auto-wl - enum - Output contains one of the following values: - enabled, disabled * - - ddet-cpus - number - ddet-cpus * - - dns-cache-mode - enum - Output contains one of the following values: - enabled, disabled * - - sync-auto-wl - enum - Output contains one of the following values: - enabled, disabled * - - rate-interval - enum - Output contains one of the following values: - 100ms, 1sec * - - use-route - enum - Output contains one of the following values: - enabled, disabled * - - vrrp - enum - Output contains one of the following values: - enabled, disabled * - - ip-ano-def-l3 - enum - Output contains one of the following values: - enabled, disabled * - - hw-syn-cookie - enum - Output contains one of the following values: - enabled, disabled * - - ip-ano-def-l4 - enum - Output contains one of the following values: - enabled, disabled * - - dns-zone-transfer-dedicated-cpus - number - dns-zone-transfer-dedicated-cpus * - - ip-ano-sec-l4-udp - enum - Output contains one of the following values: - enabled, disabled * - - ip-ano-sec-l3 - enum - Output contains one of the following values: - enabled, disabled * - - src-zone-port-entry-limit - enum - Output contains one of the following values: - 8M, 16M, unlimited, platform-default * - - src-dynamic-overflow-ipv6 - enum - Output contains one of the following values: - enabled, disabled * - - dst-dynamic-overflow-ipv4 - enum - Output contains one of the following values: - enabled, disabled * - - src-dynamic-overflow-ipv4 - enum - Output contains one of the following values: - enabled, disabled * - - dst-dynamic-overflow-ipv6 - enum - Output contains one of the following values: - enabled, disabled * - - hw-blocking - enum - Output contains one of the following values: - enabled, disabled * - - one-arm-mode - enum - Output contains one of the following values: - enabled, disabled * - - warm-up - string - warm-up * - - src-dst-entry-limit - enum - Output contains one of the following values: - 8M, 16M, unlimited, platform-default * - - bgp - enum - Output contains one of the following values: - enabled, disabled * - - mode - string - mode * - - tap-interfaces - enum - Output contains one of the following values: - enabled, disabled * - - pattern-recognition-cpus - number - pattern-recognition-cpus * - - ddos-protection - enum - Output contains one of the following values: - enabled, disabled * - - dst-auto-learning-ipv4 - enum - Output contains one of the following values: - enabled, disabled * - - src-auto-learning-ipv4 - enum - Output contains one of the following values: - enabled, disabled * - - dst-auto-learning-ipv6 - enum - Output contains one of the following values: - enabled, disabled * - - src-auto-learning-ipv6 - enum - Output contains one of the following values: - enabled, disabled