ddos detection¶

Specification	Value
Type	object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

ctrl-cpu-usage

Description Control cpu usage threshold for DDoS detection

Type: number

Range: 1-100

de-escalation-quiet-time

Description Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)

Type: number

Range: 1-60

dedicated-cpus

Description Configure the number of dedicated cores for detection

Type: number

Range: 1-32

detection-window-size

Description Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))

Type: number

Range: 1-60

Default: 1

detector-mode

Description ‘standalone’: Standalone detector; ‘on-box’: Mitigator and Detector on the same box; ‘auto-svc-discovery’: Auto Service discovery using Visibility module (Deprecatd);

Type: string

Supported Values: standalone, on-box, auto-svc-discovery

entry-saving

Description: entry-saving is a JSON Block. Please see below for settings_entry-saving

Type: Object

Reference Object: /axapi/v3/ddos/detection/settings/entry-saving

export-interval

Description Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))

Type: number

Range: 20-3000

Default: 20

full-core-enable

Description Enable full core

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

histogram-de-escalate-percentage

Description histogram de-escalate sensitivity for DDoS detection

Type: number

Range: 1-100

histogram-escalate-percentage

Description histogram escalate sensitivity for DDoS detection

Type: number

Range: 1-100

initial-learning-interval

Description Initial learning interval (in hours) before processing

Type: number

Range: 1-168

network-object-flooding-multiple

Description multiplier for flooding detection threshold in network objects (default 2x threshold)

Type: number

Range: 2-10

Default: 2

network-object-window-size

Description ‘5’: 5 seconds; ‘10’: 10 seconds; ‘15’: 15 seconds; ‘30’: 30 seconds; (DDoS detection window size in seconds(default: 30))

Type: string

Supported Values: 5, 10, 15, 30

Default: 30

notification-debug-log

Description ‘enable’: Enable detection notification debug log (default: disabled);

Type: string

Supported Values: enable

pkt-sampling

Description: pkt-sampling is a JSON Block. Please see below for settings_pkt-sampling

Type: Object

standalone-settings

Description: standalone-settings is a JSON Block. Please see below for settings_standalone-settings

Type: Object

Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings

top-k-reset-interval

Description Configure top-k reset interval

Type: number

Range: 1-60

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

interval

Description Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable.

Type: number

Range: 0-1440

Default: 0

manual-restore

Description Manually restore network-object-based detection entries and learned indicators

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-save

Description Manually save network-object-based detection entries and learned indicators

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

action

Description ‘enable’: Enable standalone detector; ‘disable’: Disable standalone detector (default);

Type: string

Supported Values: enable, disable

Default: disable

de-escalation-quiet-time

Description Configure de-escalation needed time in minutes from level 1 to 0.(default 6 minutes)

Type: number

Range: 1-60

netflow

Description: netflow is a JSON Block. Please see below for settings_standalone-settings_netflow

Type: Object

Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/netflow

sflow

Description: sflow is a JSON Block. Please see below for settings_standalone-settings_sflow

Type: Object

Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/sflow

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

listening-port

Description Netflow port to receive packets (Netflow port number(default 9996))

Type: number

Range: 1-65535

Default: 9996

template-active-timeout

Description Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))

Type: number

Range: 2-300

Default: 30

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

listening-port

Description sFlow port to receive packets (sFlow port number(default 6343))

Type: number

Range: 1-65535

Default: 6343

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

assign-index

Description Lower index is more aggressive sampling

Type: number

Range: 1-64

assign-rate

Description Assign rate to given index

Type: number

Range: 1-50000000

override-rate

Description Sample 1 in X packets (default: X=1)

Type: number

Range: 1-50000000

Specification	Value
Type	object

action

Description ‘delete’: delete;

Type: string

Supported Values: delete

file

Description startup-config local file name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	list
Block object keys

agent-name

Description Specify name for the agent

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

agent-type

Description ‘Cisco’: Cisco; ‘Juniper’: Juniper;

Type: string

Supported Values: Cisco, Juniper

agent-v4-addr

Description Configure agent’s IPv4 address

Type: string

Format: ipv4-address

agent-v6-addr

Description Configure agent’s IPv6 address

Type: string

Format: ipv6-address

netflow

Description: netflow is a JSON Block. Please see below for agent-list_netflow

Type: Object

Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/netflow

sampling-enable

Type: List

sflow

Description: sflow is a JSON Block. Please see below for agent-list_sflow

Type: Object

Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/sflow

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	object

sflow-pkt-samples-collection

Description ‘enable’: Enable sflow packet samples collection(default); ‘disable’: Disable sflow packet samples collection;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

Specification	Value
Type	list
Block object keys

counters1

Description ‘all’: all; ‘sflow-packets-received’: sFlow Packets Received; ‘sflow-samples-received’: sFlow Samples Received; ‘sflow-samples-bad-len’: sFlow Samples Bad Length; ‘sflow-samples-non-std’: sFlow Samples Non-standard; ‘sflow-samples-skipped’: sFlow Samples Skipped; ‘sflow-sample-record-bad-len’: sFlow Sample Records Bad Length; ‘sflow-samples-sent-for-detection’: sFlow Samples Processed For Detection; ‘sflow-sample-record-invalid-layer2’: sFlow Sample Records Unknown Layer-2; ‘sflow-sample-ipv6-hdr-parse-fail’: sFlow Sample IPv6 Record Header Parse Failures; ‘sflow-disabled’: sFlow Packet Samples Processing Disabled; ‘netflow-disabled’: Netflow Flow Samples Processing Disabled; ‘netflow-v5-packets-received’: Netflow v5 Packets Received; ‘netflow-v5-samples-received’: Netflow v5 Samples Received; ‘netflow-v5-samples-sent-for-detection’: Netflow v5 Samples Processed For Detection; ‘netflow-v5-sample-records-bad-len’: Netflow v5 Sample Records Bad Length; ‘netflow-v5-max-records-exceed’: Netflow v5 Sample Max Records Error; ‘netflow-v9-packets-received’: Netflow v9 Packets Received; ‘netflow-v9-samples-received’: Netflow v9 Samples Received; ‘netflow-v9-samples-sent-for-detection’: Netflow v9 Samples Processed For Detection; ‘netflow-v9-sample-records-bad-len’: Netflow v9 Sample Records Bad Length; ‘netflow-v9-sample-flowset-bad-padding’: Netflow v9 Sample Flowset Bad Padding; ‘netflow-v9-max-records-exceed’: Netflow v9 Sample Max Records Error; ‘netflow-v9-template-not-found’: Netflow v9 Template Not Found; ‘netflow-v10-packets-received’: Netflow v10 Packets Received; ‘netflow-v10-samples-received’: Netflow v10 Samples Received; ‘netflow-v10-samples-sent-for-detection’: Netflow v10 Samples Procssed For Detection; ‘netflow-v10-sample-records-bad-len’: Netflow v10 Sample Records Bad Length; ‘netflow-v10-max-records-exceed’: Netflow v10 Sample Max records Error; ‘netflow-tcp-sample-received’: Netflow TCP Samples Received; ‘netflow-udp-sample-received’: Netflow UDP Samples received; ‘netflow-icmp-sample-received’: Netflow ICMP Samples Received; ‘netflow-other-sample-received’: Netflow OTHER Samples Received; ‘netflow-record-copy-oom-error’: Netflow Data Record Copy Fail, Local MEM size error; ‘netflow-record-rse-invalid’: Netflow Data Record Reduced Size Invalid; ‘netflow-sample-flow-dur-error’: Netflow Sample Flow Duration Error; ‘flow-dst-entry-miss’: DDoS Destination Entry Lookup Failures; ‘flow-ip-proto-or-port-miss’: DDoS Destination Service Lookup Failures; ‘flow-detection-msgq-full’: Detection Message Enqueue Failures;

Type: string

Supported Values: all, sflow-packets-received, sflow-samples-received, sflow-samples-bad-len, sflow-samples-non-std, sflow-samples-skipped, sflow-sample-record-bad-len, sflow-samples-sent-for-detection, sflow-sample-record-invalid-layer2, sflow-sample-ipv6-hdr-parse-fail, sflow-disabled, netflow-disabled, netflow-v5-packets-received, netflow-v5-samples-received, netflow-v5-samples-sent-for-detection, netflow-v5-sample-records-bad-len, netflow-v5-max-records-exceed, netflow-v9-packets-received, netflow-v9-samples-received, netflow-v9-samples-sent-for-detection, netflow-v9-sample-records-bad-len, netflow-v9-sample-flowset-bad-padding, netflow-v9-max-records-exceed, netflow-v9-template-not-found, netflow-v10-packets-received, netflow-v10-samples-received, netflow-v10-samples-sent-for-detection, netflow-v10-sample-records-bad-len, netflow-v10-max-records-exceed, netflow-tcp-sample-received, netflow-udp-sample-received, netflow-icmp-sample-received, netflow-other-sample-received, netflow-record-copy-oom-error, netflow-record-rse-invalid, netflow-sample-flow-dur-error, flow-dst-entry-miss, flow-ip-proto-or-port-miss, flow-detection-msgq-full, flow-network-entry-miss

Specification	Value
Type	object

active-timeout

Description Configure agent’s flow active timeout (seconds)

Type: number

Range: 10-600

inactive-timeout

Description Configure agent’s flow inactive timeout (seconds)

Type: number

Range: 10-600

netflow-samples-collection

Description ‘enable’: Enable Netflow flow samples collection(default); ‘disable’: Disable Netflow flow samples collection;

Type: string

Supported Values: enable, disable

Default: enable

netflow-sampling-rate

Description Configure agent’s netflow sampling rate

Type: number

Range: 1-65535

Default: 1

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters