.. _flowspec: flowspec ======== Configure Flowspec flowspec Specification ---------------------- ===================================== ======================================================== **Parameter** **Value** ===================================== ======================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`1599_flowspec_list` **Collection URI** /axapi/v3/flowspec **Element Name** flowspec **Element URI** /axapi/v3/flowspec/{name} **Element Attributes** flowspec_attributes **Partition Visibility** shared **Operational Data URI** /axapi/v3/flowspec/{name}/oper **Schema** :download:`flowspec schema ` ===================================== ======================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/flowspec .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/flowspec .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/flowspec/{name} .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/flowspec .. raw:: html :ref:`1599_flowspec_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/flowspec/{name} .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/flowspec/{name} .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/flowspec .. raw:: html :ref:`1599_flowspec_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/flowspec/{name} .. raw:: html :ref:`1599_flowspec_attributes` .. raw:: html
.. _1599_flowspec_list: flowspec-list ------------- flowspec-list is **JSON List** of :ref:`1599_flowspec_attributes` flowspec-list : [ { :ref:`1599_flowspec_attributes` }, { :ref:`1599_flowspec_attributes` }, ... ] .. _1599_flowspec_attributes: flowspec attributes ------------------- **dest-addr-type** **Description** 'ip': IPv4 Address; 'ipv6': IPv6 Address; **Type:** string **Supported Values:** ip, ipv6 **dest-ip-host** **Description** IPv4 host address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** dest-ip-host and dest-ip-subnet are mutually exclusive **dest-ip-subnet** **Description** IPv4 Subnet address **Type:** string **Format:** ipv4-cidr **Mutual Exclusion:** dest-ip-subnet and dest-ip-host are mutually exclusive **dest-ipv6-host** **Description** IPv6 host address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** dest-ipv6-host and dest-ipv6-subnet are mutually exclusive **dest-ipv6-subnet** **Description** IPv6 Subnet address **Type:** string **Format:** ipv6-address-plen **Mutual Exclusion:** dest-ipv6-subnet and dest-ipv6-host are mutually exclusive **destination-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/destination-port/{port-attribute}+{port-num} ` **dscp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/dscp/{dscp-attribute}+{dscp-val} ` **filtering-action** **Description:** filtering-action is a **JSON Block**. Please see below for :ref:`1599_filtering-action` **Type:** Object **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/filtering-action ` **fragmentation-option-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/fragmentation-option/{frag-attribute} ` **icmp-code-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/icmp-code/{icmp-code-attribute}+{code} ` **icmp-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/icmp-type/{icmp-type-attribute}+{type} ` **name** **Description** Flowspec name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **operational-mode** **Description:** operational-mode is a **JSON Block**. Please see below for :ref:`1599_operational-mode` **Type:** Object **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/operational-mode ` **packet-length-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/packet-length/{packet-length-attribute}+{length} ` **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/port/{port-attribute}+{port-num} ` **protocol-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/protocol/{proto-attribute}+{proto-num} ` **source-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/flowspec/{name}/source-port/{port-attribute}+{port-num} ` **src-addr-type** **Description** 'ip': IPv4 Address; 'ipv6': IPv6 Address; **Type:** string **Supported Values:** ip, ipv6 **src-ip-host** **Description** IPv4 host address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** src-ip-host and src-ip-subnet are mutually exclusive **src-ip-subnet** **Description** IPv4 Subnet address **Type:** string **Format:** ipv4-cidr **Mutual Exclusion:** src-ip-subnet and src-ip-host are mutually exclusive **src-ipv6-host** **Description** IPv6 host address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** src-ipv6-host and src-ipv6-subnet are mutually exclusive **src-ipv6-subnet** **Description** IPv6 Subnet address **Type:** string **Format:** ipv6-address-plen **Mutual Exclusion:** src-ipv6-subnet and src-ipv6-host are mutually exclusive **tcp-flags** **Description** 'match-all': not = 0 match = 1; 'none-of': not = 1 match = 0; 'not-match': not = 1 match = 1; 'match-any': not = 0 match = 0; **Type:** string **Supported Values:** match-all, none-of, not-match, match-any **tcp-flags-bitmask** **Description** Bitmask in Hex **Type:** string **Format:** time **Maximum Length:** 65535 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_port-list: port-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **port-attribute** **Description** 'eq': Match only packets on a given port; 'gt': Match only packets with a greater port number; 'lt': Match only packets with a lower port number; 'range': match only packets in the range of port numbers; **Type:** string **Supported Values:** eq, gt, lt, range **port-num** **Description** Specify the port number **Type:** number **Range:** 1-65535 **port-num-end** **Description** Specify the port number **Type:** number **Range:** 2-65535 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_dscp-list: dscp-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dscp-attribute** **Description** 'eq': Match only packets on a given DSCP; 'gt': Match only packets with a greater DSCP; 'lt': Match only packets with a lower DSCP; 'range': match only packets in the range of DSCPs; **Type:** string **Supported Values:** eq, gt, lt, range **dscp-val** **Description** Specify the DSCP value **Type:** number **Range:** 1-63 **dscp-val-end** **Description** Specify the DSCP value **Type:** number **Range:** 2-63 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_destination-port-list: destination-port-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **port-attribute** **Description** 'eq': Match only packets on a given destination port; 'gt': Match only packets with a greater port number; 'lt': Match only packets with a lower port number; 'range': match only packets in the range of port numbers; **Type:** string **Supported Values:** eq, gt, lt, range **port-num** **Description** Specify the port number **Type:** number **Range:** 1-65535 **port-num-end** **Description** Specify the port number **Type:** number **Range:** 2-65535 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_source-port-list: source-port-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **port-attribute** **Description** 'eq': Match only packets on a given source port; 'gt': Match only packets with a greater port number; 'lt': Match only packets with a lower port number; 'range': match only packets in the range of port numbers; **Type:** string **Supported Values:** eq, gt, lt, range **port-num** **Description** Specify the port number **Type:** number **Range:** 1-65535 **port-num-end** **Description** Specify the port number **Type:** number **Range:** 2-65535 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_icmp-type-list: icmp-type-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **icmp-type-attribute** **Description** 'eq': Match only packets on a given ICMP Type; 'gt': Match only packets with a greater ICMP Type; 'lt': Match only packets with a lower ICMP Type; 'range': match only packets in the range of ICMP Types; **Type:** string **Supported Values:** eq, gt, lt, range **type** **Description** Specify the ICMP Type **Type:** number **Range:** 0-255 **type-end** **Description** Specify the ICMP Type **Type:** number **Range:** 1-255 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_fragmentation-option-list: fragmentation-option-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **frag-attribute** **Description** 'is-fragment': Is fragmented packet; 'first-fragment': Is the first fragment packet; 'last-fragment': Is the last fragment; 'dont-fragment': Is DF bit set; **Type:** string **Supported Values:** is-fragment, first-fragment, last-fragment, dont-fragment **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_packet-length-list: packet-length-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **length** **Description** Specify the Packet Length **Type:** number **Range:** 1-65535 **length-end** **Description** Specify the Packet Length **Type:** number **Range:** 2-65535 **packet-length-attribute** **Description** 'eq': Match only packets on a given Packet Length; 'gt': Match only packets with a greater Packet Length; 'lt': Match only packets with a lower Packet Length; 'range': match only packets in the range of Packet Lengths; **Type:** string **Supported Values:** eq, gt, lt, range **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_protocol-list: protocol-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **proto-attribute** **Description** 'eq': Match only packets on a given protocol; 'gt': Match only packets with a greater protocol number; 'lt': Match only packets with a lower protocol number; 'range': match only packets in the range of protocol numbers; **Type:** string **Supported Values:** eq, gt, lt, range **proto-num** **Description** Specify the protocol number(6 for TCP and 17 for UDP) **Type:** number **Range:** 0-255 **proto-num-end** **Description** Specify the protocol number **Type:** number **Range:** 1-255 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_icmp-code-list: icmp-code-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code** **Description** Specify the ICMP Code **Type:** number **Range:** 0-255 **code-end** **Description** Specify the ICMP Code **Type:** number **Range:** 1-255 **icmp-code-attribute** **Description** 'eq': Match only packets on a given ICMP Code; 'gt': Match only packets with a greater ICMP Code; 'lt': Match only packets with a lower ICMP Code; 'range': match only packets in the range of ICMP Codes; **Type:** string **Supported Values:** eq, gt, lt, range **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_operational-mode: operational-mode ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mode** **Description** 'enabled': Enable the flowspec and send the prefix to BGP; 'disabled': Disable the flowspec and remove the prefix from BGP; **Type:** string **Supported Values:** enabled, disabled **Default:** disabled **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1599_filtering-action: filtering-action ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **copy-ip-host** **Description** Copy bit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **copy-ip-host-nlri** **Description** Copy bit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **copy-ipv6-host** **Description** Copy bit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **copy-ipv6-host-nlri** **Description** Copy bit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dscp-val** **Description** Set DSCP value **Type:** number **Range:** 1-63 **ecomm-custom-hex** **Description** Custom Extended Community in Hex **Type:** string **Maximum Length:** 48 characters **Maximum Length:** 2 characters **ip-host** **Description** IPv4 host address **Type:** string **Format:** ipv4-address **ip-host-nlri** **Description** IPv4 host address **Type:** string **Format:** ipv4-address **ip-host-rt** **Description** Type 0x8108 - Route Target IPv4 **Type:** string **Format:** ipv4-address **ipv6-host** **Description** IPv6 host address **Type:** string **Format:** ipv6-address **ipv6-host-nlri** **Description** IPv6 host address **Type:** string **Format:** ipv6-address **next-hop-nlri-type** **Description** 'ip': Type 0x0800 - IPv4 Address; 'ipv6': Type 0x0800 - IPv6 Address; **Type:** string **Supported Values:** ip, ipv6 **next-hop-type** **Description** 'ip': Type 0x0800 - IPv4 Address; 'ipv6': Type 0x0800 - IPv6 Address; **Type:** string **Supported Values:** ip, ipv6 **redirect** **Description** 'next-hop-nlri': Type 0x0800 - IP encoded in MP_REACH_NLRI Next-hop network; 'next-hop': Type 0x0800 - Extended community Next-hop (Per v2 dated Feb 2015); 'vrf-route-target': Type 0x8008 - Redirect to VRF Route Target; **Type:** string **Supported Values:** next-hop-nlri, next-hop, vrf-route-target **sample-log** **Description** Enable traffic sampling and logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **terminal-action** **Description** Evaluation stops after this rule if not set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **traffic-class** **Description** Set IPv6 Traffic Class value **Type:** number **Range:** 1-128 **traffic-marking** **Description** 'dscp': IPv4 DSCP; 'ipv6-traffic-class': IPv6 Traffic Class; **Type:** string **Supported Values:** dscp, ipv6-traffic-class **traffic-rate** **Description** Type 0x8006 - Apply rate (in Bytes per second) for this class of traffic **Type:** number **Range:** 0-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **value-ip-host** **Description** 2-byte decimal value(local-administrator) **Type:** number **Range:** 1-65535 **vrf-target-ip** **Description** 'ip': Type 0x8108 - Redirect to route-target IP; **Type:** string **Supported Values:** ip **Mutual Exclusion:** vrf-target-ip and vrf-target-string are mutually exclusive **vrf-target-string** **Description** Type 0x8008(ASN-2:Index), 0x8208(ASN-4:Index) - Route Target AS **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** vrf-target-string and vrf-target-ip are mutually exclusive