{ "id":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "type":"object", "node-type":"list", "title":"port-range", "partition-visibility":"shared", "description":"DDOS Port-Range & Protocol configuration", "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k entries", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow packet-level counter polling" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow HTTP counter polling" } } } } }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "port-range-start", "port-range-end", "protocol" ], "required":[ "port-range-start", "port-range-end", "protocol" ] }