.. _ddos_detection: ddos detection ============== DDoS Detection Commands detection Specification ----------------------- ===================================== ======================================================= **Parameter** **Value** ===================================== ======================================================= **Type** *Configuration Resource* **Element Name** detection **Element URI** /axapi/v3/ddos/detection **Element Attributes** detection_attributes **Partition Visibility** shared **Schema** :download:`detection schema ` ===================================== ======================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/detection .. raw:: html :ref:`679_detection_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/detection .. raw:: html :ref:`679_detection_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/detection .. raw:: html :ref:`679_detection_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/detection .. raw:: html :ref:`679_detection_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/detection .. raw:: html :ref:`679_detection_attributes` .. raw:: html
.. _679_detection_attributes: detection attributes -------------------- **agent-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name} ` **ddos-script** **Description:** ddos-script is a **JSON Block**. Please see below for :ref:`679_ddos-script` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/ddos-script ` **disable** **Description** Disable DDoS detection (default: enabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **resource-usage** **Description:** resource-usage is a **JSON Block**. Please see below for :ref:`679_resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/resource-usage ` **settings** **Description:** settings is a **JSON Block**. Please see below for :ref:`679_settings` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings ` **statistics** **Description:** statistics is a **JSON Block**. Please see below for :ref:`679_statistics` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/statistics ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_resource-usage: resource-usage ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_statistics: statistics ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings: settings ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ctrl-cpu-usage** **Description** Control cpu usage threshold for DDoS detection **Type:** number **Range:** 1-100 **de-escalation-quiet-time** **Description** Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes) **Type:** number **Range:** 1-60 **dedicated-cpus** **Description** Configure the number of dedicated cores for detection **Type:** number **Range:** 1-32 **detection-window-size** **Description** Configure detection window size in seconds (DDoS detection window size in seconds(default: 1)) **Type:** number **Range:** 1-60 **Default:** 1 **detector-mode** **Description** 'standalone': Standalone detector; 'on-box': Mitigator and Detector on the same box; 'auto-svc-discovery': Auto Service discovery using Visibility module (Deprecatd); **Type:** string **Supported Values:** standalone, on-box, auto-svc-discovery **entry-saving** **Description:** entry-saving is a **JSON Block**. Please see below for :ref:`679_settings_entry-saving` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/entry-saving ` **export-interval** **Description** Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20)) **Type:** number **Range:** 20-3000 **Default:** 20 **full-core-enable** **Description** Enable full core **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **histogram-de-escalate-percentage** **Description** histogram de-escalate sensitivity for DDoS detection **Type:** number **Range:** 1-100 **histogram-escalate-percentage** **Description** histogram escalate sensitivity for DDoS detection **Type:** number **Range:** 1-100 **initial-learning-interval** **Description** Initial learning interval (in hours) before processing **Type:** number **Range:** 1-168 **network-object-flooding-multiple** **Description** multiplier for flooding detection threshold in network objects (default 2x threshold) **Type:** number **Range:** 2-10 **Default:** 2 **network-object-window-size** **Description** '5': 5 seconds; '10': 10 seconds; '15': 15 seconds; '30': 30 seconds; (DDoS detection window size in seconds(default: 30)) **Type:** string **Supported Values:** 5, 10, 15, 30 **Default:** 30 **notification-debug-log** **Description** 'enable': Enable detection notification debug log (default: disabled); **Type:** string **Supported Values:** enable **pkt-sampling** **Description:** pkt-sampling is a **JSON Block**. Please see below for :ref:`679_settings_pkt-sampling` **Type:** Object **standalone-settings** **Description:** standalone-settings is a **JSON Block**. Please see below for :ref:`679_settings_standalone-settings` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings ` **top-k-reset-interval** **Description** Configure top-k reset interval **Type:** number **Range:** 1-60 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings_entry-saving: settings_entry-saving ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **interval** **Description** Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable. **Type:** number **Range:** 0-1440 **Default:** 0 **manual-restore** **Description** Manually restore network-object-based detection entries and learned indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-save** **Description** Manually save network-object-based detection entries and learned indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings_standalone-settings: settings_standalone-settings ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** 'enable': Enable standalone detector; 'disable': Disable standalone detector (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **de-escalation-quiet-time** **Description** Configure de-escalation needed time in minutes from level 1 to 0.(default 6 minutes) **Type:** number **Range:** 1-60 **netflow** **Description:** netflow is a **JSON Block**. Please see below for :ref:`679_settings_standalone-settings_netflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings/netflow ` **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`679_settings_standalone-settings_sflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings/sflow ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings_standalone-settings_netflow: settings_standalone-settings_netflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **listening-port** **Description** Netflow port to receive packets (Netflow port number(default 9996)) **Type:** number **Range:** 1-65535 **Default:** 9996 **template-active-timeout** **Description** Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins)) **Type:** number **Range:** 2-300 **Default:** 30 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings_standalone-settings_sflow: settings_standalone-settings_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **listening-port** **Description** sFlow port to receive packets (sFlow port number(default 6343)) **Type:** number **Range:** 1-65535 **Default:** 6343 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_settings_pkt-sampling: settings_pkt-sampling ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **assign-index** **Description** Lower index is more aggressive sampling **Type:** number **Range:** 1-64 **assign-rate** **Description** Assign rate to given index **Type:** number **Range:** 1-50000000 **override-rate** **Description** Sample 1 in X packets (default: X=1) **Type:** number **Range:** 1-50000000 .. _679_ddos-script: ddos-script ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** 'delete': delete; **Type:** string **Supported Values:** delete **file** **Description** startup-config local file name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_agent-list: agent-list ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-name** **Description** Specify name for the agent **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **agent-type** **Description** 'Cisco': Cisco; 'Juniper': Juniper; **Type:** string **Supported Values:** Cisco, Juniper **agent-v4-addr** **Description** Configure agent's IPv4 address **Type:** string **Format:** ipv4-address **agent-v6-addr** **Description** Configure agent's IPv6 address **Type:** string **Format:** ipv6-address **netflow** **Description:** netflow is a **JSON Block**. Please see below for :ref:`679_agent-list_netflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name}/netflow ` **sampling-enable** **Type:** List **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`679_agent-list_sflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name}/sflow ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_agent-list_sflow: agent-list_sflow ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-pkt-samples-collection** **Description** 'enable': Enable sflow packet samples collection(default); 'disable': Disable sflow packet samples collection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _679_agent-list_sampling-enable: agent-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'sflow-packets-received': sFlow Packets Received; 'sflow-samples-received': sFlow Samples Received; 'sflow-samples-bad-len': sFlow Samples Bad Length; 'sflow-samples-non-std': sFlow Samples Non-standard; 'sflow-samples-skipped': sFlow Samples Skipped; 'sflow-sample-record-bad-len': sFlow Sample Records Bad Length; 'sflow-samples-sent-for-detection': sFlow Samples Processed For Detection; 'sflow-sample-record-invalid-layer2': sFlow Sample Records Unknown Layer-2; 'sflow-sample-ipv6-hdr-parse-fail': sFlow Sample IPv6 Record Header Parse Failures; 'sflow-disabled': sFlow Packet Samples Processing Disabled; 'netflow-disabled': Netflow Flow Samples Processing Disabled; 'netflow-v5-packets-received': Netflow v5 Packets Received; 'netflow-v5-samples-received': Netflow v5 Samples Received; 'netflow-v5-samples-sent-for-detection': Netflow v5 Samples Processed For Detection; 'netflow-v5-sample-records-bad-len': Netflow v5 Sample Records Bad Length; 'netflow-v5-max-records-exceed': Netflow v5 Sample Max Records Error; 'netflow-v9-packets-received': Netflow v9 Packets Received; 'netflow-v9-samples-received': Netflow v9 Samples Received; 'netflow-v9-samples-sent-for-detection': Netflow v9 Samples Processed For Detection; 'netflow-v9-sample-records-bad-len': Netflow v9 Sample Records Bad Length; 'netflow-v9-sample-flowset-bad-padding': Netflow v9 Sample Flowset Bad Padding; 'netflow-v9-max-records-exceed': Netflow v9 Sample Max Records Error; 'netflow-v9-template-not-found': Netflow v9 Template Not Found; 'netflow-v10-packets-received': Netflow v10 Packets Received; 'netflow-v10-samples-received': Netflow v10 Samples Received; 'netflow-v10-samples-sent-for-detection': Netflow v10 Samples Procssed For Detection; 'netflow-v10-sample-records-bad-len': Netflow v10 Sample Records Bad Length; 'netflow-v10-max-records-exceed': Netflow v10 Sample Max records Error; 'netflow-tcp-sample-received': Netflow TCP Samples Received; 'netflow-udp-sample-received': Netflow UDP Samples received; 'netflow-icmp-sample-received': Netflow ICMP Samples Received; 'netflow-other-sample-received': Netflow OTHER Samples Received; 'netflow-record-copy-oom-error': Netflow Data Record Copy Fail, Local MEM size error; 'netflow-record-rse-invalid': Netflow Data Record Reduced Size Invalid; 'netflow-sample-flow-dur-error': Netflow Sample Flow Duration Error; 'flow-dst-entry-miss': DDoS Destination Entry Lookup Failures; 'flow-ip-proto-or-port-miss': DDoS Destination Service Lookup Failures; 'flow-detection-msgq-full': Detection Message Enqueue Failures; **Type:** string **Supported Values:** all, sflow-packets-received, sflow-samples-received, sflow-samples-bad-len, sflow-samples-non-std, sflow-samples-skipped, sflow-sample-record-bad-len, sflow-samples-sent-for-detection, sflow-sample-record-invalid-layer2, sflow-sample-ipv6-hdr-parse-fail, sflow-disabled, netflow-disabled, netflow-v5-packets-received, netflow-v5-samples-received, netflow-v5-samples-sent-for-detection, netflow-v5-sample-records-bad-len, netflow-v5-max-records-exceed, netflow-v9-packets-received, netflow-v9-samples-received, netflow-v9-samples-sent-for-detection, netflow-v9-sample-records-bad-len, netflow-v9-sample-flowset-bad-padding, netflow-v9-max-records-exceed, netflow-v9-template-not-found, netflow-v10-packets-received, netflow-v10-samples-received, netflow-v10-samples-sent-for-detection, netflow-v10-sample-records-bad-len, netflow-v10-max-records-exceed, netflow-tcp-sample-received, netflow-udp-sample-received, netflow-icmp-sample-received, netflow-other-sample-received, netflow-record-copy-oom-error, netflow-record-rse-invalid, netflow-sample-flow-dur-error, flow-dst-entry-miss, flow-ip-proto-or-port-miss, flow-detection-msgq-full, flow-network-entry-miss .. _679_agent-list_netflow: agent-list_netflow ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **active-timeout** **Description** Configure agent's flow active timeout (seconds) **Type:** number **Range:** 10-600 **inactive-timeout** **Description** Configure agent's flow inactive timeout (seconds) **Type:** number **Range:** 10-600 **netflow-samples-collection** **Description** 'enable': Enable Netflow flow samples collection(default); 'disable': Disable Netflow flow samples collection; **Type:** string **Supported Values:** enable, disable **Default:** enable **netflow-sampling-rate** **Description** Configure agent's netflow sampling rate **Type:** number **Range:** 1-65535 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters