{ "id":"/axapi/v3/cgnv6/ddos-protection", "type":"object", "node-type":"scalar", "title":"ddos-protection", "operation-not-allowed": ["PUT"], "partition-visibility":"shared", "auto-created-object":1, "description":"Configure CGNV6 DDoS Protection", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable CGNV6 NAT pool DDoS protection (default); 'disable': Disable CGNV6 NAT pool DDoS protection; ", "enum":[ "enable", "disable" ], "optional":true }, "logging-action":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable CGN DDoS protection logging; 'disable': Disable both local & remote CGN DDoS protection logging; ", "enum":[ "enable", "disable" ], "optional":true }, "enable-action":{ "type":"string", "format":"enum", "default":"local", "partition-visibility":"shared", "description":"'local': Enable local logs only; 'remote': Enable logging to remote server & IPFIX; 'both': Enable both local & remote logs; ", "enum":[ "local", "remote", "both" ], "optional":true }, "packets-per-second":{ "type":"object", "properties":{ "ip":{ "type":"number", "format":"number", "minimum":0, "maximum":30000000, "default":3000000, "partition-visibility":"shared", "description":"Configure packets-per-second threshold per IP(default 3000000)" }, "action":{ "type":"object", "properties":{ "action-type":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'log': Log the event only; 'drop': Log, and drop all packets (default); 'redistribute-route': Log, Drop, and Notify upstream router to reroute the packets; ", "enum":[ "log", "drop", "redistribute-route" ] }, "route-map":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Route map name" }, "expiration":{ "type":"number", "format":"number", "minimum":10, "maximum":8640000, "default":3600, "partition-visibility":"shared", "description":"To specify time to revert the action after pps is decreased to below threshold (Expiration time, in minutes (default is 3600 seconds))" }, "expiration-route":{ "type":"number", "format":"number", "minimum":10, "maximum":8640000, "default":3600, "partition-visibility":"shared", "description":"To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 3600 seconds))" }, "timer-multiply-max":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":6, "partition-visibility":"shared", "description":"To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6))" }, "remove-wait-timer":{ "type":"number", "format":"number", "minimum":0, "maximum":300, "default":300, "partition-visibility":"shared", "description":"Time after which IP will be removed from blackhole" } } }, "tcp":{ "type":"number", "format":"number", "minimum":0, "maximum":30000000, "default":3000, "partition-visibility":"shared", "description":"Configure packets-per-second threshold per TCP port (default: 3000)" }, "tcp-action":{ "type":"object", "properties":{ "tcp-action-type":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'log': Log the event only; 'drop': Log, and drop all packets (default); ", "enum":[ "log", "drop" ] }, "tcp-expiration":{ "type":"number", "format":"number", "minimum":10, "maximum":65535, "default":30, "partition-visibility":"shared", "description":"To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds))" } } }, "udp":{ "type":"number", "format":"number", "minimum":0, "maximum":30000000, "default":3000, "partition-visibility":"shared", "description":"Configure packets-per-second threshold per UDP port (default: 3000)" }, "udp-action":{ "type":"object", "properties":{ "udp-action-type":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'log': Log the event only; 'drop': Log, and drop all packets (default); ", "enum":[ "log", "drop" ] }, "udp-expiration":{ "type":"number", "format":"number", "minimum":10, "maximum":65535, "default":30, "partition-visibility":"shared", "description":"To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds))" } } }, "other":{ "type":"number", "format":"number", "minimum":0, "maximum":30000000, "default":10000, "partition-visibility":"shared", "description":"Configure packets-per-second threshold for other L4 protocols(default 10000)" }, "other-action":{ "type":"object", "properties":{ "other-action-type":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'log': Log the event only; 'drop': Log, and drop all packets (default); ", "enum":[ "log", "drop" ] }, "other-expiration":{ "type":"number", "format":"number", "minimum":10, "maximum":65535, "default":30, "partition-visibility":"shared", "description":"To specify time to revert the action after pps is decreased to below threshold (Expiration time, in seconds (default is 30 seconds))" } } }, "include-existing-session":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Count traffic associated with existing session into the packets-per-second (Default: Disabled)" } } }, "syn-cookie":{ "type":"object", "properties":{ "syn-cookie-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable CGNv6 Syn-Cookie Protection" }, "syn-cookie-on-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"on-threshold for Syn-cookie (Decimal number)" }, "syn-cookie-on-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":300000, "default":120, "partition-visibility":"shared", "description":"on-timeout for Syn-cookie (Timeout in seconds, default is 120 seconds (2 minutes))" } } }, "max-hw-entries":{ "type":"number", "format":"number", "plat-pos-list":["sys-spe"], "minimum":0, "maximum":262144, "default":262144, "partition-visibility":"shared", "description":"Configure maximum HW entries", "optional":true }, "zone":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Disable NAT IP based on DDoS zone name set in BGP", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'l3_entry_added': L3 Entry Added; 'l3_entry_deleted': L3 Entry Deleted; 'l3_entry_added_to_bgp': L3 Entry added to BGP; 'l3_entry_removed_from_bgp': Entry removed from BGP; 'l3_entry_added_to_hw': L3 Entry added to HW; 'l3_entry_removed_from_hw': L3 Entry removed from HW; 'l3_entry_too_many': L3 Too many entries; 'l3_entry_match_drop': L3 Entry match drop; 'l3_entry_match_drop_hw': L3 HW entry match drop; 'l3_entry_drop_max_hw_exceeded': L3 Entry Drop due to HW Limit Exceeded; 'l4_entry_added': L4 Entry added; 'l4_entry_deleted': L4 Entry deleted; 'l4_entry_added_to_hw': L4 Entry added to HW; 'l4_entry_removed_from_hw': L4 Entry removed from HW; 'l4_hw_out_of_entries': HW out of L4 entries; 'l4_entry_match_drop': L4 Entry match drop; 'l4_entry_match_drop_hw': L4 HW Entry match drop; 'l4_entry_drop_max_hw_exceeded': L4 Entry Drop due to HW Limit Exceeded; 'l4_entry_list_alloc': L4 Entry list alloc; 'l4_entry_list_free': L4 Entry list free; 'l4_entry_list_alloc_failure': L4 Entry list alloc failures; 'ip_node_alloc': Node alloc; 'ip_node_free': Node free; 'ip_node_alloc_failure': Node alloc failures; 'ip_port_block_alloc': Port block alloc; 'ip_port_block_free': Port block free; 'ip_port_block_alloc_failure': Port block alloc failure; 'ip_other_block_alloc': Other block alloc; 'ip_other_block_free': Other block free; 'ip_other_block_alloc_failure': Other block alloc failure; 'entry_added_shadow': Entry added shadow; 'entry_invalidated': Entry invalidated; 'l3_entry_add_to_bgp_failure': L3 Entry BGP add failures; 'l3_entry_remove_from_bgp_failure': L3 entry BGP remove failures; 'l3_entry_add_to_hw_failure': L3 entry HW add failure; 'syn_cookie_syn_ack_sent': SYN cookie SYN ACK sent; 'syn_cookie_verification_passed': SYN cookie verification passed; 'syn_cookie_verification_failed': SYN cookie verification failed; 'syn_cookie_conn_setup_failed': SYN cookie connection setup failed; ", "enum":[ "all", "l3_entry_added", "l3_entry_deleted", "l3_entry_added_to_bgp", "l3_entry_removed_from_bgp", "l3_entry_added_to_hw", "l3_entry_removed_from_hw", "l3_entry_too_many", "l3_entry_match_drop", "l3_entry_match_drop_hw", "l3_entry_drop_max_hw_exceeded", "l4_entry_added", "l4_entry_deleted", "l4_entry_added_to_hw", "l4_entry_removed_from_hw", "l4_hw_out_of_entries", "l4_entry_match_drop", "l4_entry_match_drop_hw", "l4_entry_drop_max_hw_exceeded", "l4_entry_list_alloc", "l4_entry_list_free", "l4_entry_list_alloc_failure", "ip_node_alloc", "ip_node_free", "ip_node_alloc_failure", "ip_port_block_alloc", "ip_port_block_free", "ip_port_block_alloc_failure", "ip_other_block_alloc", "ip_other_block_free", "ip_other_block_alloc_failure", "entry_added_shadow", "entry_invalidated", "l3_entry_add_to_bgp_failure", "l3_entry_remove_from_bgp_failure", "l3_entry_add_to_hw_failure", "syn_cookie_syn_ack_sent", "syn_cookie_verification_passed", "syn_cookie_verification_failed", "syn_cookie_conn_setup_failed" ] } } } ] }, "l4-entries":{ "type":"object", "$ref":"/axapi/v3/cgnv6/ddos-protection/l4-entries", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ip-entries":{ "type":"object", "$ref":"/axapi/v3/cgnv6/ddos-protection/ip-entries", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "disable-nat-ip-by-bgp":{ "type":"object", "$ref":"/axapi/v3/cgnv6/ddos-protection/disable-nat-ip-by-bgp", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }