ddos dst zone detection¶

DDOS Detection

detection Specification¶

Parameter Value

Type Configuration Resource

Element Name detection

Element URI /axapi/v3/ddos/dst/zone/{zone-name}/detection

Element Attributes detection_attributes

Partition Visibility shared

Schema detection schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/ddos/dst/zone/{zone-name}/detection	detection attributes
Get Object	GET	/axapi/v3/ddos/dst/zone/{zone-name}/detection	detection attributes
Modify Object	POST	/axapi/v3/ddos/dst/zone/{zone-name}/detection	detection attributes
Replace Object	PUT	/axapi/v3/ddos/dst/zone/{zone-name}/detection	detection attributes
Delete Object	DELETE	/axapi/v3/ddos/dst/zone/{zone-name}/detection	detection attributes

detection attributes¶

notification

Description: notification is a JSON Block. Please see below for notification

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/notification

outbound-detection

Description: outbound-detection is a JSON Block. Please see below for outbound-detection

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection

packet-anomaly-detection

Description: packet-anomaly-detection is a JSON Block. Please see below for packet-anomaly-detection

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection

service-discovery

Description: service-discovery is a JSON Block. Please see below for service-discovery

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery

settings

Description ‘settings’: settings;

Type: string

Supported Values: settings

toggle

Description ‘enable’: Enable detection; ‘disable’: Disable detection;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

victim-ip-detection

Description: victim-ip-detection is a JSON Block. Please see below for victim-ip-detection

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection

packet-anomaly-detection¶

Specification Value

Type object

configuration

Description ‘configuration’: configuration;

Type: string

Supported Values: configuration

indicator-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type}

toggle

Description ‘enable’: Enable packet anomaly; ‘disable’: Disable packet anomaly;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

packet-anomaly-detection_indicator-list¶

Specification Value

Type list

Block object keys

threshold-num

Description Threshold for each indicator

Type: number

Range: 1-65535

Default: 100

type

Description ‘port-zero-pkt-rate’: Port Zero Packet Rate (default 100 packet per second);

Type: string

Supported Values: port-zero-pkt-rate

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

victim-ip-detection¶

Specification Value

Type object

configuration

Description ‘configuration’: configuration;

Type: string

Supported Values: configuration

histogram-toggle

Description ‘histogram-enable’: Enable histogram statistics of victim IP detection; ‘histogram-disable’: Disable histogram statistics of victim IP detection;

Type: string

Supported Values: histogram-enable, histogram-disable

Default: histogram-disable

indicator-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection/indicator/{type}

toggle

Description ‘enable’: Enable victim IP detection; ‘disable’: Disable victim IP detection;

Type: string

Supported Values: enable, disable

Default: disable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

victim-ip-detection_indicator-list¶

Specification Value

Type list

Block object keys

ip-threshold-num

Description Threshold for IP

Type: number

Range: 1-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘reverse-pkt-rate’: rate of reverse coming packets; ‘fwd-byte-rate’: rate of incoming bytes; ‘rev-byte-rate’: rate of reverse coming bytes;

Type: string

Supported Values: pkt-rate, reverse-pkt-rate, fwd-byte-rate, rev-byte-rate

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

notification¶

Specification Value

Type object

configuration

Description ‘configuration’: configuration;

Type: string

Supported Values: configuration

notification

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

notification_notification¶

Specification Value

Type list

Block object keys

notification-template-name

Description Specify the notification template name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/notification-template

service-discovery¶

Specification Value

Type object

configuration

Description ‘configuration’: configuration;

Type: string

Supported Values: configuration

pkt-rate-threshold

Description packet rate threshold for discovery (default 10 packets per second)

Type: number

Range: 1-255

Default: 10

toggle

Description ‘enable’: Enable service discovery; ‘disable’: Disable service discovery;

Type: string

Supported Values: enable, disable

Default: disable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

outbound-detection¶

Specification Value

Type object

configuration

Description ‘configuration’: configuration;

Type: string

Supported Values: configuration

discovery-method

Description ‘asn’: Autonomous Systems number; ‘country’: Country;

Type: string

Supported Values: asn, country

discovery-record

Description Maximum number of top locations

Type: number

Range: 1-100

Default: 10

enable-top-k

Type: List

indicator-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type}

toggle

Description ‘enable’: Enable outbound detection; ‘disable’: Disable outbound detection;

Type: string

Supported Values: enable, disable

Default: disable

topk-source-subnet

Description: topk-source-subnet is a JSON Block. Please see below for outbound-detection_topk-source-subnet

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

outbound-detection_topk-source-subnet¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

outbound-detection_enable-top-k¶

Specification Value

Type list

Block object keys

topk-netmask

Description Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask)

Type: number

Range: 1-128

Default: 128

topk-num-records

Description Maximum number of records to show in topk

Type: number

Range: 1-100

Default: 20

topk-type

Description ‘source-subnet’: Topk source subnet;

Type: string

Supported Values: source-subnet

outbound-detection_indicator-list¶

Specification Value

Type list

Block object keys

data-packet-size

Description Expected minimal data size

Type: number

Range: 1-1500

tcp-window-size

Description Expected minimal window size

Type: number

Range: 1-500

threshold-large-num

Description Threshold for each geo-location

Type: number

Range: 1-10995116277760

threshold-num

Description Threshold for each geo-location

Type: number

Range: 1-2147483647

threshold-str

Description Threshold for each geo-location (Non-zero floating point)

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters