.. _cgnv6_ddos_protection: cgnv6 ddos-protection ===================== Configure CGNV6 DDoS Protection ddos-protection Specification ----------------------------- ===================================== ============================================================== **Parameter** **Value** ===================================== ============================================================== **Type** *Configuration Resource* **Element Name** ddos-protection **Element URI** /axapi/v3/cgnv6/ddos-protection **Element Attributes** ddos-protection_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/cgnv6/ddos-protection/stats **Schema** :download:`ddos-protection schema ` ===================================== ============================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/cgnv6/ddos-protection .. raw:: html :ref:`231_ddos-protection_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/cgnv6/ddos-protection .. raw:: html :ref:`231_ddos-protection_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/cgnv6/ddos-protection .. raw:: html :ref:`231_ddos-protection_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/cgnv6/ddos-protection .. raw:: html :ref:`231_ddos-protection_attributes` .. raw:: html
.. _231_ddos-protection_attributes: ddos-protection attributes -------------------------- **disable-nat-ip-by-bgp** **Description:** disable-nat-ip-by-bgp is a **JSON Block**. Please see below for :ref:`231_disable-nat-ip-by-bgp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/cgnv6/ddos-protection/disable-nat-ip-by-bgp ` **enable-action** **Description** 'local': Enable local logs only; 'remote': Enable logging to remote server & IPFIX; 'both': Enable both local & remote logs; **Type:** string **Supported Values:** local, remote, both **Default:** local **ip-entries** **Description:** ip-entries is a **JSON Block**. Please see below for :ref:`231_ip-entries` **Type:** Object **Reference Object:** :doc:`/axapi/v3/cgnv6/ddos-protection/ip-entries ` **l4-entries** **Description:** l4-entries is a **JSON Block**. Please see below for :ref:`231_l4-entries` **Type:** Object **Reference Object:** :doc:`/axapi/v3/cgnv6/ddos-protection/l4-entries ` **logging-action** **Description** 'enable': enable CGN DDoS protection logging; 'disable': Disable both local & remote CGN DDoS protection logging; **Type:** string **Supported Values:** enable, disable **Default:** enable **max-hw-entries** **Description** Configure maximum HW entries **Type:** number **Range:** 0-262144 **Default:** 262144 **packets-per-second** **Description:** packets-per-second is a **JSON Block**. Please see below for :ref:`231_packets-per-second` **Type:** Object **sampling-enable** **Type:** List **syn-cookie** **Description:** syn-cookie is a **JSON Block**. Please see below for :ref:`231_syn-cookie` **Type:** Object **toggle** **Description** 'enable': Enable CGNV6 NAT pool DDoS protection (default); 'disable': Disable CGNV6 NAT pool DDoS protection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone** **Description** Disable NAT IP based on DDoS zone name set in BGP **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _231_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'l3_entry_added': L3 Entry Added; 'l3_entry_deleted': L3 Entry Deleted; 'l3_entry_added_to_bgp': L3 Entry added to BGP; 'l3_entry_removed_from_bgp': Entry removed from BGP; 'l3_entry_added_to_hw': L3 Entry added to HW; 'l3_entry_removed_from_hw': L3 Entry removed from HW; 'l3_entry_too_many': L3 Too many entries; 'l3_entry_match_drop': L3 Entry match drop; 'l3_entry_match_drop_hw': L3 HW entry match drop; 'l3_entry_drop_max_hw_exceeded': L3 Entry Drop due to HW Limit Exceeded; 'l4_entry_added': L4 Entry added; 'l4_entry_deleted': L4 Entry deleted; 'l4_entry_added_to_hw': L4 Entry added to HW; 'l4_entry_removed_from_hw': L4 Entry removed from HW; 'l4_hw_out_of_entries': HW out of L4 entries; 'l4_entry_match_drop': L4 Entry match drop; 'l4_entry_match_drop_hw': L4 HW Entry match drop; 'l4_entry_drop_max_hw_exceeded': L4 Entry Drop due to HW Limit Exceeded; 'l4_entry_list_alloc': L4 Entry list alloc; 'l4_entry_list_free': L4 Entry list free; 'l4_entry_list_alloc_failure': L4 Entry list alloc failures; 'ip_node_alloc': Node alloc; 'ip_node_free': Node free; 'ip_node_alloc_failure': Node alloc failures; 'ip_port_block_alloc': Port block alloc; 'ip_port_block_free': Port block free; 'ip_port_block_alloc_failure': Port block alloc failure; 'ip_other_block_alloc': Other block alloc; 'ip_other_block_free': Other block free; 'ip_other_block_alloc_failure': Other block alloc failure; 'entry_added_shadow': Entry added shadow; 'entry_invalidated': Entry invalidated; 'l3_entry_add_to_bgp_failure': L3 Entry BGP add failures; 'l3_entry_remove_from_bgp_failure': L3 entry BGP remove failures; 'l3_entry_add_to_hw_failure': L3 entry HW add failure; 'syn_cookie_syn_ack_sent': SYN cookie SYN ACK sent; 'syn_cookie_verification_passed': SYN cookie verification passed; 'syn_cookie_verification_failed': SYN cookie verification failed; 'syn_cookie_conn_setup_failed': SYN cookie connection setup failed; **Type:** string **Supported Values:** all, l3_entry_added, l3_entry_deleted, l3_entry_added_to_bgp, l3_entry_removed_from_bgp, l3_entry_added_to_hw, l3_entry_removed_from_hw, l3_entry_too_many, l3_entry_match_drop, l3_entry_match_drop_hw, l3_entry_drop_max_hw_exceeded, l4_entry_added, l4_entry_deleted, l4_entry_added_to_hw, l4_entry_removed_from_hw, l4_hw_out_of_entries, l4_entry_match_drop, l4_entry_match_drop_hw, l4_entry_drop_max_hw_exceeded, l4_entry_list_alloc, l4_entry_list_free, l4_entry_list_alloc_failure, ip_node_alloc, ip_node_free, ip_node_alloc_failure, ip_port_block_alloc, ip_port_block_free, ip_port_block_alloc_failure, ip_other_block_alloc, ip_other_block_free, ip_other_block_alloc_failure, entry_added_shadow, entry_invalidated, l3_entry_add_to_bgp_failure, l3_entry_remove_from_bgp_failure, l3_entry_add_to_hw_failure, syn_cookie_syn_ack_sent, syn_cookie_verification_passed, syn_cookie_verification_failed, syn_cookie_conn_setup_failed .. _231_ip-entries: ip-entries ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _231_disable-nat-ip-by-bgp: disable-nat-ip-by-bgp ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _231_l4-entries: l4-entries ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _231_packets-per-second: packets-per-second ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description:** action is a **JSON Block**. Please see below for :ref:`231_packets-per-second_action` **Type:** Object **include-existing-session** **Description** Count traffic associated with existing session into the packets-per-second (Default: Disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip** **Description** Configure packets-per-second threshold per IP(default 3000000) **Type:** number **Range:** 0-30000000 **Default:** 3000000 **other** **Description** Configure packets-per-second threshold for other L4 protocols(default 10000) **Type:** number **Range:** 0-30000000 **Default:** 10000 **other-action** **Description:** other-action is a **JSON Block**. Please see below for :ref:`231_packets-per-second_other-action` **Type:** Object **tcp** **Description** Configure packets-per-second threshold per TCP port (default: 3000) **Type:** number **Range:** 0-30000000 **Default:** 3000 **tcp-action** **Description:** tcp-action is a **JSON Block**. Please see below for :ref:`231_packets-per-second_tcp-action` **Type:** Object **udp** **Description** Configure packets-per-second threshold per UDP port (default: 3000) **Type:** number **Range:** 0-30000000 **Default:** 3000 **udp-action** **Description:** udp-action is a **JSON Block**. Please see below for :ref:`231_packets-per-second_udp-action` **Type:** Object .. _231_packets-per-second_other-action: packets-per-second_other-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other-action-type** **Description** 'log': Log the event only; 'drop': Log, and drop all packets (default); **Type:** string **Supported Values:** log, drop **Default:** drop **other-expiration** **Description** To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds)) **Type:** number **Range:** 10-65535 **Default:** 30 .. _231_packets-per-second_udp-action: packets-per-second_udp-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **udp-action-type** **Description** 'log': Log the event only; 'drop': Log, and drop all packets (default); **Type:** string **Supported Values:** log, drop **Default:** drop **udp-expiration** **Description** To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds)) **Type:** number **Range:** 10-65535 **Default:** 30 .. _231_packets-per-second_tcp-action: packets-per-second_tcp-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **tcp-action-type** **Description** 'log': Log the event only; 'drop': Log, and drop all packets (default); **Type:** string **Supported Values:** log, drop **Default:** drop **tcp-expiration** **Description** To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds)) **Type:** number **Range:** 10-65535 **Default:** 30 .. _231_packets-per-second_action: packets-per-second_action ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-type** **Description** 'log': Log the event only; 'drop': Log, and drop all packets (default); 'redistribute-route': Log, Drop, and Notify upstream router to reroute the packets; **Type:** string **Supported Values:** log, drop, redistribute-route **Default:** drop **expiration** **Description** To specify time to revert the action after pps is decreased to below threshold (Expiration time, in minutes (default is 3600 seconds)) **Type:** number **Range:** 10-8640000 **Default:** 3600 **expiration-route** **Description** To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 3600 seconds)) **Type:** number **Range:** 10-8640000 **Default:** 3600 **forward** **Description** Continue forward traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **remove-wait-timer** **Description** Time after which IP will be removed from blackhole **Type:** number **Range:** 0-300 **Default:** 300 **route-map** **Description** Route map name **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **timer-multiply-max** **Description** To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6)) **Type:** number **Range:** 1-100 **Default:** 6 .. _231_syn-cookie: syn-cookie ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-cookie-enable** **Description** Enable CGNv6 Syn-Cookie Protection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-cookie-on-threshold** **Description** on-threshold for Syn-cookie (Decimal number) **Type:** number **Range:** 1-1000000 **syn-cookie-on-timeout** **Description** on-timeout for Syn-cookie (Timeout in seconds, default is 120 seconds (2 minutes)) **Type:** number **Range:** 1-300000 **Default:** 120