{ "id":"/axapi/v3/ddos/protection", "type":"object", "node-type":"scalar", "title":"protection", "partition-visibility":"shared", "auto-created-object":1, "description":"DDOS protection", "properties":{ "toggle":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"disable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ], "optional":true }, "rate-interval":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"100ms", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "src-ip-hash-bit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":31, "default":2, "partition-visibility":"shared", "description":"Configure which bit hashed on", "optional":true }, "src-ipv6-hash-bit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":127, "default":2, "partition-visibility":"shared", "description":"Configure which bit hashed on", "optional":true }, "force-routing-on-transp":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Force use of routing in transparent mode", "optional":true }, "disable-on-reboot":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable DDoS protection upon reboot/reload", "optional":true }, "rexmit-syn-log":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable ddos per flow rexmit syn exceeded log", "optional":true }, "use-route":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Use route table, default use receive hop for device initiated traffic", "optional":true }, "enable-now":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Override disable-on-reboot to enable runtime DDOS protection", "optional":true }, "disable-advanced-core-analysis":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable advanced context info in coredump file", "optional":true }, "mpls":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable MPLS packet inspection", "optional":true }, "disable-delay-dynamic-src-learning":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable delay dynamic src entry learning", "optional":true }, "fast-aging":{ "type":"object", "properties":{ "half-open-conn-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":99, "default":25, "partition-visibility":"shared", "description":"Minimum half-open session to total session ratio before session fast aging will take effect (default 25)" }, "half-open-conn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":99, "default":1, "partition-visibility":"shared", "description":"Minimum half-open session (percentage) before session fast aging will take effect (default 1)" } } }, "src-dst-entry-limit":{ "type":"string", "format":"enum", "default":"16M", "partition-visibility":"shared", "description":"'8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; ", "enum":[ "8M", "16M", "unlimited", "platform-default" ], "optional":true }, "src-zone-port-entry-limit":{ "type":"string", "format":"enum", "default":"16M", "partition-visibility":"shared", "description":"'8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; ", "enum":[ "8M", "16M", "unlimited", "platform-default" ], "optional":true }, "force-traffic-to-same-blade-disable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Allow traffic to be distributed among blades on Chassis", "optional":true }, "non-zero-win-size-syncookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send syn-cookie with fix TCP window size if SYN packet has zero window size (default disabled)", "optional":true }, "hw-blocking-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable hardware blacklist blocking for src or dst default entries (default disabled)", "optional":true }, "hw-blocking-threshold-limit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":16000000, "default":10000, "partition-visibility":"shared", "description":"Threshold to initiate hardware blocking (default 10000)", "optional":true }, "progression-tracking":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ], "optional":true }, "disallow-rst-ack-in-syn-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disallow RST-ACK passing syn-auth", "optional":true }, "fast-path-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable fast path in SLB processing", "optional":true }, "close-sess-for-unauth-src-without-rst":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"When closing unauthenticated sessions, don't send TCP RST for established TCP sessions. (Default disabled / sending TCP RST for", "optional":true }, "blacklist-reason-tracking":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable blacklist reason tracking", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ipv6-src-hash-mask-bits":{ "type":"object", "$ref":"/axapi/v3/ddos/protection/ipv6-src-hash-mask-bits", "properties":{ "mask-bit-offset-1":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-2":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-3":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-4":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-5":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "multi-pu-zone-distribution":{ "type":"object", "$ref":"/axapi/v3/ddos/protection/multi-pu-zone-distribution", "properties":{ "distribution-method":{ "type":"string", "format":"enum", "default":"traffic-rate", "partition-visibility":"shared", "description":"'cpu-usage': Entry/Zone distribution based on CPU usage percentage; 'traffic-rate': Entry/Zone distribution based on traffic kbit/pkt rate (Default); ", "enum":[ "cpu-usage", "traffic-rate" ] }, "cpu-threshold-per-entry":{ "type":"number", "format":"number", "minimum":30, "maximum":100, "default":60, "partition-visibility":"shared", "description":"Entry/zone percentage threshold of CPU usage for source hash mode. Requires distribution-method cpu-usage. Default:60" }, "cpu-threshold-per-pu":{ "type":"number", "format":"number", "minimum":60, "maximum":100, "default":80, "partition-visibility":"shared", "description":"Per PU percentage threshold of average CPU usage to start check entry usage. Requires distribution-method cpu-usage. Default:80" }, "rate-pkt-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":55000000, "default":55000000, "partition-visibility":"shared", "description":"DDOS DST Entry/Zone packet rate threshold for source hash mode" }, "rate-kbit-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":150000000, "default":150000000, "partition-visibility":"shared", "description":"DDOS DST Entry/Zone kbit rate threshold for source hash mode" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }