ddos detection¶
DDoS Detection Commands
detection Specification¶
Parameter Value Type Configuration Resource Element Name detection Element URI /axapi/v3/ddos/detection Element Attributes detection_attributes Partition Visibility shared Schema detection schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/detection | ||
Get Object | GET | /axapi/v3/ddos/detection | ||
Modify Object | POST | /axapi/v3/ddos/detection | ||
Replace Object | PUT | /axapi/v3/ddos/detection | ||
Delete Object | DELETE | /axapi/v3/ddos/detection |
detection attributes¶
agent-list
Type: List
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}
ddos-script
Description: ddos-script is a JSON Block. Please see below for ddos-script
Type: Object
Reference Object: /axapi/v3/ddos/detection/ddos-script
disable
Description Disable DDoS detection (default: enabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
resource-usage
Description: resource-usage is a JSON Block. Please see below for resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/detection/resource-usage
settings
Description: settings is a JSON Block. Please see below for settings
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings
statistics
Description: statistics is a JSON Block. Please see below for statistics
Type: Object
Reference Object: /axapi/v3/ddos/detection/statistics
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
settings¶
Specification Value Type object ctrl-cpu-usage
Description Control cpu usage threshold for DDoS detection
Type: number
Range: 1-100
de-escalation-quiet-time
Description Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)
Type: number
Range: 1-60
dedicated-cpus
Description Configure the number of dedicated cores for detection
Type: number
Range: 1-32
detection-window-size
Description Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))
Type: number
Range: 1-60
Default: 1
detector-mode
Description ‘standalone’: Standalone detector; ‘on-box’: Mitigator and Detector on the same box; ‘auto-svc-discovery’: Auto Service discovery using Visibility module (Deprecatd);
Type: string
Supported Values: standalone, on-box, auto-svc-discovery
export-interval
Description Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))
Type: number
Range: 20-3000
Default: 20
full-core-enable
Description Enable full core
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
histogram-de-escalate-percentage
Description histogram de-escalate sensitivity for DDoS detection
Type: number
Range: 1-100
histogram-escalate-percentage
Description histogram escalate sensitivity for DDoS detection
Type: number
Range: 1-100
initial-learning-interval
Description Initial learning interval (in hours) before processing
Type: number
Range: 1-168
notification-debug-log
Description ‘enable’: Enable detection notification debug log (default: disabled);
Type: string
Supported Values: enable
pkt-sampling
Description: pkt-sampling is a JSON Block. Please see below for settings_pkt-sampling
Type: Object
standalone-settings
Description: standalone-settings is a JSON Block. Please see below for settings_standalone-settings
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings
top-k-reset-interval
Description Configure top-k reset interval
Type: number
Range: 1-60
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
settings_standalone-settings¶
Specification Value Type object action
Description ‘enable’: Enable standalone detector; ‘disable’: Disable standalone detector (default);
Type: string
Supported Values: enable, disable
Default: disable
de-escalation-quiet-time
Description Configure de-escalation needed time in minutes from level 1 to 0.(default 6 minutes)
Type: number
Range: 1-60
netflow
Description: netflow is a JSON Block. Please see below for settings_standalone-settings_netflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/netflow
sflow
Description: sflow is a JSON Block. Please see below for settings_standalone-settings_sflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/sflow
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
settings_standalone-settings_netflow¶
Specification Value Type object listening-port
Description Netflow port to receive packets (Netflow port number(default 9996))
Type: number
Range: 1-65535
Default: 9996
template-active-timeout
Description Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))
Type: number
Range: 2-300
Default: 30
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
settings_standalone-settings_sflow¶
Specification Value Type object listening-port
Description sFlow port to receive packets (sFlow port number(default 6343))
Type: number
Range: 1-65535
Default: 6343
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
settings_pkt-sampling¶
Specification Value Type object assign-index
Description Lower index is more aggressive sampling
Type: number
Range: 1-64
assign-rate
Description Assign rate to given index
Type: number
Range: 1-50000000
override-rate
Description Sample 1 in X packets (default: X=1)
Type: number
Range: 1-50000000
ddos-script¶
Specification Value Type object action
Description ‘delete’: delete;
Type: string
Supported Values: delete
file
Description startup-config local file name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
agent-list¶
Specification Value Type list Block object keys agent-name
Description Specify name for the agent
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
agent-type
Description ‘Cisco’: Cisco; ‘Juniper’: Juniper;
Type: string
Supported Values: Cisco, Juniper
agent-v4-addr
Description Configure agent’s IPv4 address
Type: string
Format: ipv4-address
agent-v6-addr
Description Configure agent’s IPv6 address
Type: string
Format: ipv6-address
netflow
Description: netflow is a JSON Block. Please see below for agent-list_netflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/netflow
sampling-enable
Type: Listsflow
Description: sflow is a JSON Block. Please see below for agent-list_sflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/sflow
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
agent-list_sflow¶
Specification Value Type object sflow-pkt-samples-collection
Description ‘enable’: Enable sflow packet samples collection(default); ‘disable’: Disable sflow packet samples collection;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
agent-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘sflow-packets-received’: sFlow Packets Received; ‘sflow-samples-received’: sFlow Samples Received; ‘sflow-samples-bad-len’: sFlow Samples Bad Length; ‘sflow-samples-non-std’: sFlow Samples Non-standard; ‘sflow-samples-skipped’: sFlow Samples Skipped; ‘sflow-sample-record-bad-len’: sFlow Sample Records Bad Length; ‘sflow-samples-sent-for-detection’: sFlow Samples Processed For Detection; ‘sflow-sample-record-invalid-layer2’: sFlow Sample Records Unknown Layer-2; ‘sflow-sample-ipv6-hdr-parse-fail’: sFlow Sample IPv6 Record Header Parse Failures; ‘sflow-disabled’: sFlow Packet Samples Processing Disabled; ‘netflow-disabled’: Netflow Flow Samples Processing Disabled; ‘netflow-v5-packets-received’: Netflow v5 Packets Received; ‘netflow-v5-samples-received’: Netflow v5 Samples Received; ‘netflow-v5-samples-sent-for-detection’: Netflow v5 Samples Processed For Detection; ‘netflow-v5-sample-records-bad-len’: Netflow v5 Sample Records Bad Length; ‘netflow-v5-max-records-exceed’: Netflow v5 Sample Max Records Error; ‘netflow-v9-packets-received’: Netflow v9 Packets Received; ‘netflow-v9-samples-received’: Netflow v9 Samples Received; ‘netflow-v9-samples-sent-for-detection’: Netflow v9 Samples Processed For Detection; ‘netflow-v9-sample-records-bad-len’: Netflow v9 Sample Records Bad Length; ‘netflow-v9-sample-flowset-bad-padding’: Netflow v9 Sample Flowset Bad Padding; ‘netflow-v9-max-records-exceed’: Netflow v9 Sample Max Records Error; ‘netflow-v9-template-not-found’: Netflow v9 Template Not Found; ‘netflow-v10-packets-received’: Netflow v10 Packets Received; ‘netflow-v10-samples-received’: Netflow v10 Samples Received; ‘netflow-v10-samples-sent-for-detection’: Netflow v10 Samples Procssed For Detection; ‘netflow-v10-sample-records-bad-len’: Netflow v10 Sample Records Bad Length; ‘netflow-v10-max-records-exceed’: Netflow v10 Sample Max records Error; ‘netflow-tcp-sample-received’: Netflow TCP Samples Received; ‘netflow-udp-sample-received’: Netflow UDP Samples received; ‘netflow-icmp-sample-received’: Netflow ICMP Samples Received; ‘netflow-other-sample-received’: Netflow OTHER Samples Received; ‘netflow-record-copy-oom-error’: Netflow Data Record Copy Fail, Local MEM size error; ‘netflow-record-rse-invalid’: Netflow Data Record Reduced Size Invalid; ‘netflow-sample-flow-dur-error’: Netflow Sample Flow Duration Error; ‘flow-dst-entry-miss’: DDoS Destination Entry Lookup Failures; ‘flow-ip-proto-or-port-miss’: DDoS Destination Service Lookup Failures; ‘flow-detection-msgq-full’: Detection Message Enqueue Failures;
Type: string
Supported Values: all, sflow-packets-received, sflow-samples-received, sflow-samples-bad-len, sflow-samples-non-std, sflow-samples-skipped, sflow-sample-record-bad-len, sflow-samples-sent-for-detection, sflow-sample-record-invalid-layer2, sflow-sample-ipv6-hdr-parse-fail, sflow-disabled, netflow-disabled, netflow-v5-packets-received, netflow-v5-samples-received, netflow-v5-samples-sent-for-detection, netflow-v5-sample-records-bad-len, netflow-v5-max-records-exceed, netflow-v9-packets-received, netflow-v9-samples-received, netflow-v9-samples-sent-for-detection, netflow-v9-sample-records-bad-len, netflow-v9-sample-flowset-bad-padding, netflow-v9-max-records-exceed, netflow-v9-template-not-found, netflow-v10-packets-received, netflow-v10-samples-received, netflow-v10-samples-sent-for-detection, netflow-v10-sample-records-bad-len, netflow-v10-max-records-exceed, netflow-tcp-sample-received, netflow-udp-sample-received, netflow-icmp-sample-received, netflow-other-sample-received, netflow-record-copy-oom-error, netflow-record-rse-invalid, netflow-sample-flow-dur-error, flow-dst-entry-miss, flow-ip-proto-or-port-miss, flow-detection-msgq-full
agent-list_netflow¶
Specification Value Type object active-timeout
Description Configure agent’s flow active timeout (seconds)
Type: number
Range: 10-600
inactive-timeout
Description Configure agent’s flow inactive timeout (seconds)
Type: number
Range: 10-600
netflow-samples-collection
Description ‘enable’: Enable Netflow flow samples collection(default); ‘disable’: Disable Netflow flow samples collection;
Type: string
Supported Values: enable, disable
Default: enable
netflow-sampling-rate
Description Configure agent’s netflow sampling rate
Type: number
Range: 1-65535
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters