ddos template udp¶

UDP template configuration

udp Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name udp-list

Collection URI /axapi/v3/ddos/template/udp

Element Name udp

Element URI /axapi/v3/ddos/template/udp/{name}

Element Attributes udp_attributes

Partition Visibility shared

Schema udp schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/ddos/template/udp	udp attributes
POST /axapi/v3/ddos/template/udp/ Payload: { "udp": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/ddos/template/udp	udp attributes
Get Object	GET	/axapi/v3/ddos/template/udp/{name}	udp attributes
GET /axapi/v3/ddos/template/udp/a Reponse: { "udp": { "name": "a", "per-conn-rate-interval": "1sec", "tunnel-encap": { "ip-encap": 0 }, "spoof-detect-cfg": { "spoof-detect": 0 }, "drop-known-resp-src-port-cfg": { "drop-known-resp-src-port": 0 }, "drop-ntp-monlist": 0, "token-authentication": 0, "token-authentication-salt-prefix": 0, "previous-salt-timeout": 1, "token-authentication-public-address": 0, "uuid": "455fa032-50a2-11ee-a2fd-001fa015fd06", "user-tag": "a", "a10-url": "/axapi/v3/ddos/template/udp/a" } }
Get List	GET	/axapi/v3/ddos/template/udp	udp-list
Modify Object	POST	/axapi/v3/ddos/template/udp/{name}	udp attributes
Replace Object	PUT	/axapi/v3/ddos/template/udp/{name}	udp attributes
PUT /axapi/v3/ddos/template/udp/a Payload: { "udp": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/ddos/template/udp	udp-list
Delete Object	DELETE	/axapi/v3/ddos/template/udp/{name}	udp attributes
DELETE /axapi/v3/ddos/template/udp/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

udp-list¶

udp-list is JSON List of udp attributes

udp-list : [

{ udp attributes },

{ udp attributes },

…

]

udp attributes¶

age

Description Configure session age(in minutes) for UDP sessions

Type: number

Range: 1-63

drop-known-resp-src-port-cfg

Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for drop-known-resp-src-port-cfg

Type: Object

drop-ntp-monlist

Description Drop NTP monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

Type: List

Reference Object: /axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

previous-salt-timeout

Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min

Type: number

Range: 1-10080

Default: 1

public-ipv4-addr

Description IP address

Type: string

Format: ipv4-address

public-ipv6-addr

Description IPV6 address

Type: string

Format: ipv6-address

spoof-detect-cfg

Description: spoof-detect-cfg is a JSON Block. Please see below for spoof-detect-cfg

Type: Object

token-authentication

Description Enable Token Authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

token-authentication-formula

Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;

Type: string

Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort

token-authentication-hw-assist-disable

Description token-authentication disable hardware assistance

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

token-authentication-public-address

Description The server public IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

token-authentication-salt-prefix

Description token-authentication salt-prefix

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

token-authentication-salt-prefix-curr

Description

Type: number

Range: 1-4294967295

token-authentication-salt-prefix-prev

Description

Type: number

Range: 1-4294967295

tunnel-encap

Description: tunnel-encap is a JSON Block. Please see below for tunnel-encap

Type: Object

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tunnel-encap¶

Specification Value

Type object

always

Description: always is a JSON Block. Please see below for tunnel-encap_always

Type: Object

gre-always

Description: gre-always is a JSON Block. Please see below for tunnel-encap_gre-always

Type: Object

gre-encap

Description Enable Tunnel encapsulation using GRE

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: gre-encap and ip-encap are mutually exclusive

ip-encap

Description Enable Tunnel encapsulation using IP in IP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ip-encap and gre-encap are mutually exclusive

tunnel-encap_gre-always¶

Specification Value

Type object

gre-ipv4

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

gre-ipv6

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

key-ipv4

Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)

Type: string

Maximum Length: 10 characters

Maximum Length: 1 characters

key-ipv6

Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)

Type: string

Maximum Length: 10 characters

Maximum Length: 1 characters

preserve-src-ipv4-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-encap_always¶

Specification Value

Type object

ipv4-addr

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

ipv6-addr

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

preserve-src-ipv4

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spoof-detect-cfg¶

Specification Value

Type object

min-retry-gap

Description Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval

Type: number

Range: 1-80

min-retry-gap-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

spoof-detect

Description Force client to retry on udp

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spoof-detect-retry-timeout

Description timeout in seconds

Type: number

Range: 1-31

Default: 5

Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive

spoof-detect-retry-timeout-val-only

Description timeout in seconds

Type: number

Range: 1-31

Default: 5

Mutual Exclusion: spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive

drop-known-resp-src-port-cfg¶

Specification Value

Type object

drop-known-resp-src-port

Description Drop well-known if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exclude-src-resp-port

Description excluding src port equal destination port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list¶

Specification Value

Type list

Block object keys

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-5

udp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters