ddos dst entry l4-type¶

DDOS L4 type

l4-type Specification¶

Parameter Value

Type Collection

Object Key(s) protocol

Collection Name l4-type-list

Collection URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type

Element Name l4-type

Element URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}

Element Attributes l4-type_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/stats

Operational Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/oper

Schema l4-type schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type	l4-type attributes
Create List	POST	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type	l4-type attributes
Get Object	GET	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}	l4-type attributes
Get List	GET	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type	l4-type-list
Modify Object	POST	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}	l4-type attributes
Replace Object	PUT	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}	l4-type attributes
Replace List	PUT	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type	l4-type-list
Delete Object	DELETE	/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}	l4-type attributes

l4-type-list¶

l4-type-list is JSON List of l4-type attributes

l4-type-list : [

{ l4-type attributes },

{ l4-type attributes },

…

]

l4-type attributes¶

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

disable-syn-auth

Description Disable TCP SYN Authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

glid-exceed-action

Description: glid-exceed-action is a JSON Block. Please see below for glid-exceed-action

Type: Object

ip-filtering-policy

Description Configure IP Filter

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/ip-filtering-policy

ip-filtering-policy-oper

Description: ip-filtering-policy-oper is a JSON Block. Please see below for ip-filtering-policy-oper

Type: Object

Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/ip-filtering-policy-oper

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

max-rexmit-syn-per-flow-exceed-action

Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;

Type: string

Supported Values: drop, black-list

port-ind

Description: port-ind is a JSON Block. Please see below for port-ind

Type: Object

Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind

progression-tracking

Description: progression-tracking is a JSON Block. Please see below for progression-tracking

Type: Object

Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/progression-tracking

protocol

Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;

Type: string

Supported Values: tcp, udp, icmp, other

set-counter-base-val

Description Set T2 counter value of current context to specified value

Type: number

Range: 1-4294967295

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for template

Type: Object

topk-num-records

Description Maximum number of records to show in topk

Type: number

Range: 1-100

Default: 20

topk-sources

Description: topk-sources is a JSON Block. Please see below for topk-sources

Type: Object

Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for tunnel-rate-limit

Type: Object

undefined-port-hit-statistics

Description: undefined-port-hit-statistics is a JSON Block. Please see below for undefined-port-hit-statistics

Type: Object

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

undefined-port-hit-statistics¶

Specification Value

Type object

reset-interval

Description Configure port scanning counter reset interval (minutes), Default 60 mins

Type: number

Range: 1-64000

Default: 60

undefined-port-hit-statistics

Description Enable port scanning statistics

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template¶

Specification Value

Type object

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

glid-exceed-action¶

Specification Value

Type object

stateless-encap-action-cfg

Description: stateless-encap-action-cfg is a JSON Block. Please see below for glid-exceed-action_stateless-encap-action-cfg

Type: Object

glid-exceed-action_stateless-encap-action-cfg¶

Specification Value

Type object

encap-template

Description Apply legacy encap template for encap action

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/template/encap

stateless-encap-action

Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);

Type: string

Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed

tunnel-decap¶

Specification Value

Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

tunnel-decap_key-cfg¶

Specification Value

Type list

Block object keys

key

Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)

Type: string

Maximum Length: 10 characters

Maximum Length: 1 characters

port-ind¶

Specification Value

Type object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-ind_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max;

Type: string

Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max

topk-sources¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-filtering-policy-oper¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tunnel-rate-limit¶

Specification Value

Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

progression-tracking¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters