flowspec¶

Configure Flowspec

flowspec Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name flowspec-list

Collection URI /axapi/v3/flowspec

Element Name flowspec

Element URI /axapi/v3/flowspec/{name}

Element Attributes flowspec_attributes

Partition Visibility shared

Operational Data URI /axapi/v3/flowspec/{name}/oper

Schema flowspec schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/flowspec	flowspec attributes
POST /axapi/v3/flowspec/ Payload: { "flowspec": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/flowspec	flowspec attributes
Get Object	GET	/axapi/v3/flowspec/{name}	flowspec attributes
GET /axapi/v3/flowspec/a Reponse: { "flowspec": { "name": "a", "uuid": "e35802a0-4faf-11ee-b5d6-197c25cf1b35", "user-tag": "a", "a10-url": "/axapi/v3/flowspec/a" } }
Get List	GET	/axapi/v3/flowspec	flowspec-list
Modify Object	POST	/axapi/v3/flowspec/{name}	flowspec attributes
Replace Object	PUT	/axapi/v3/flowspec/{name}	flowspec attributes
PUT /axapi/v3/flowspec/a Payload: { "flowspec": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/flowspec	flowspec-list
Delete Object	DELETE	/axapi/v3/flowspec/{name}	flowspec attributes
DELETE /axapi/v3/flowspec/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

flowspec-list¶

flowspec-list is JSON List of flowspec attributes

flowspec-list : [

{ flowspec attributes },

{ flowspec attributes },

…

]

flowspec attributes¶

dest-addr-type

Description ‘ip’: IPv4 Address; ‘ipv6’: IPv6 Address;

Type: string

Supported Values: ip, ipv6

dest-ip-host

Description IPv4 host address

Type: string

Format: ipv4-address

Mutual Exclusion: dest-ip-host and dest-ip-subnet are mutually exclusive

dest-ip-subnet

Description IPv4 Subnet address

Type: string

Format: ipv4-cidr

Mutual Exclusion: dest-ip-subnet and dest-ip-host are mutually exclusive

dest-ipv6-host

Description IPv6 host address

Type: string

Format: ipv6-address

Mutual Exclusion: dest-ipv6-host and dest-ipv6-subnet are mutually exclusive

dest-ipv6-subnet

Description IPv6 Subnet address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: dest-ipv6-subnet and dest-ipv6-host are mutually exclusive

destination-port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/destination-port/{port-attribute}+{port-num}

dscp-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/dscp/{dscp-attribute}+{dscp-val}

filtering-action

Description: filtering-action is a JSON Block. Please see below for filtering-action

Type: Object

Reference Object: /axapi/v3/flowspec/{name}/filtering-action

fragmentation-option-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/fragmentation-option/{frag-attribute}

icmp-code-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/icmp-code/{icmp-code-attribute}+{code}

icmp-type-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/icmp-type/{icmp-type-attribute}+{type}

name

Description Flowspec name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

operational-mode

Description: operational-mode is a JSON Block. Please see below for operational-mode

Type: Object

Reference Object: /axapi/v3/flowspec/{name}/operational-mode

packet-length-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/packet-length/{packet-length-attribute}+{length}

port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/port/{port-attribute}+{port-num}

protocol-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/protocol/{proto-attribute}+{proto-num}

source-port-list

Type: List

Reference Object: /axapi/v3/flowspec/{name}/source-port/{port-attribute}+{port-num}

src-addr-type

Description ‘ip’: IPv4 Address; ‘ipv6’: IPv6 Address;

Type: string

Supported Values: ip, ipv6

src-ip-host

Description IPv4 host address

Type: string

Format: ipv4-address

Mutual Exclusion: src-ip-host and src-ip-subnet are mutually exclusive

src-ip-subnet

Description IPv4 Subnet address

Type: string

Format: ipv4-cidr

Mutual Exclusion: src-ip-subnet and src-ip-host are mutually exclusive

src-ipv6-host

Description IPv6 host address

Type: string

Format: ipv6-address

Mutual Exclusion: src-ipv6-host and src-ipv6-subnet are mutually exclusive

src-ipv6-subnet

Description IPv6 Subnet address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: src-ipv6-subnet and src-ipv6-host are mutually exclusive

tcp-flags

Description ‘match-all’: not = 0 match = 1; ‘none-of’: not = 1 match = 0; ‘not-match’: not = 1 match = 1; ‘match-any’: not = 0 match = 0;

Type: string

Supported Values: match-all, none-of, not-match, match-any

tcp-flags-bitmask

Description Bitmask in Hex

Type: string

Format: time

Maximum Length: 65535 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dscp-list¶

Specification Value

Type list

Block object keys

dscp-attribute

Description ‘eq’: Match only packets on a given DSCP; ‘gt’: Match only packets with a greater DSCP; ‘lt’: Match only packets with a lower DSCP; ‘range’: match only packets in the range of DSCPs;

Type: string

Supported Values: eq, gt, lt, range

dscp-val

Description Specify the DSCP value

Type: number

Range: 1-63

dscp-val-end

Description Specify the DSCP value

Type: number

Range: 2-63

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

destination-port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given destination port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

source-port-list¶

Specification Value

Type list

Block object keys

port-attribute

Description ‘eq’: Match only packets on a given source port; ‘gt’: Match only packets with a greater port number; ‘lt’: Match only packets with a lower port number; ‘range’: match only packets in the range of port numbers;

Type: string

Supported Values: eq, gt, lt, range

port-num

Description Specify the port number

Type: number

Range: 1-65535

port-num-end

Description Specify the port number

Type: number

Range: 2-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

icmp-type-list¶

Specification Value

Type list

Block object keys

icmp-type-attribute

Description ‘eq’: Match only packets on a given ICMP Type; ‘gt’: Match only packets with a greater ICMP Type; ‘lt’: Match only packets with a lower ICMP Type; ‘range’: match only packets in the range of ICMP Types;

Type: string

Supported Values: eq, gt, lt, range

type

Description Specify the ICMP Type

Type: number

Range: 0-255

type-end

Description Specify the ICMP Type

Type: number

Range: 1-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

fragmentation-option-list¶

Specification Value

Type list

Block object keys

frag-attribute

Description ‘is-fragment’: Is fragmented packet; ‘first-fragment’: Is the first fragment packet; ‘last-fragment’: Is the last fragment; ‘dont-fragment’: Is DF bit set;

Type: string

Supported Values: is-fragment, first-fragment, last-fragment, dont-fragment

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

packet-length-list¶

Specification Value

Type list

Block object keys

length

Description Specify the Packet Length

Type: number

Range: 1-65535

length-end

Description Specify the Packet Length

Type: number

Range: 2-65535

packet-length-attribute

Description ‘eq’: Match only packets on a given Packet Length; ‘gt’: Match only packets with a greater Packet Length; ‘lt’: Match only packets with a lower Packet Length; ‘range’: match only packets in the range of Packet Lengths;

Type: string

Supported Values: eq, gt, lt, range

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

protocol-list¶

Specification Value

Type list

Block object keys

proto-attribute

Description ‘eq’: Match only packets on a given protocol; ‘gt’: Match only packets with a greater protocol number; ‘lt’: Match only packets with a lower protocol number; ‘range’: match only packets in the range of protocol numbers;

Type: string

Supported Values: eq, gt, lt, range

proto-num

Description Specify the protocol number(6 for TCP and 17 for UDP)

Type: number

Range: 0-255

proto-num-end

Description Specify the protocol number

Type: number

Range: 1-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

icmp-code-list¶

Specification Value

Type list

Block object keys

code

Description Specify the ICMP Code

Type: number

Range: 0-255

code-end

Description Specify the ICMP Code

Type: number

Range: 1-255

icmp-code-attribute

Description ‘eq’: Match only packets on a given ICMP Code; ‘gt’: Match only packets with a greater ICMP Code; ‘lt’: Match only packets with a lower ICMP Code; ‘range’: match only packets in the range of ICMP Codes;

Type: string

Supported Values: eq, gt, lt, range

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

operational-mode¶

Specification Value

Type object

mode

Description ‘enabled’: Enable the flowspec and send the prefix to BGP; ‘disabled’: Disable the flowspec and remove the prefix from BGP;

Type: string

Supported Values: enabled, disabled

Default: disabled

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

filtering-action¶

Specification Value

Type object

copy-ip-host

Description Copy bit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

copy-ip-host-nlri

Description Copy bit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

copy-ipv6-host

Description Copy bit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

copy-ipv6-host-nlri

Description Copy bit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dscp-val

Description Set DSCP value

Type: number

Range: 1-63

ecomm-custom-hex

Description Custom Extended Community in Hex

Type: string

Maximum Length: 48 characters

Maximum Length: 2 characters

ip-host

Description IPv4 host address

Type: string

Format: ipv4-address

ip-host-nlri

Description IPv4 host address

Type: string

Format: ipv4-address

ip-host-rt

Description Type 0x8108 - Route Target IPv4

Type: string

Format: ipv4-address

ipv6-host

Description IPv6 host address

Type: string

Format: ipv6-address

ipv6-host-nlri

Description IPv6 host address

Type: string

Format: ipv6-address

next-hop-nlri-type

Description ‘ip’: Type 0x0800 - IPv4 Address; ‘ipv6’: Type 0x0800 - IPv6 Address;

Type: string

Supported Values: ip, ipv6

next-hop-type

Description ‘ip’: Type 0x0800 - IPv4 Address; ‘ipv6’: Type 0x0800 - IPv6 Address;

Type: string

Supported Values: ip, ipv6

redirect

Description ‘next-hop-nlri’: Type 0x0800 - IP encoded in MP_REACH_NLRI Next-hop network; ‘next-hop’: Type 0x0800 - Extended community Next-hop (Per v2 dated Feb 2015); ‘vrf-route-target’: Type 0x8008 - Redirect to VRF Route Target;

Type: string

Supported Values: next-hop-nlri, next-hop, vrf-route-target

sample-log

Description Enable traffic sampling and logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

terminal-action

Description Evaluation stops after this rule if not set

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

traffic-class

Description Set IPv6 Traffic Class value

Type: number

Range: 1-128

traffic-marking

Description ‘dscp’: IPv4 DSCP; ‘ipv6-traffic-class’: IPv6 Traffic Class;

Type: string

Supported Values: dscp, ipv6-traffic-class

traffic-rate

Description Type 0x8006 - Apply rate (in Bytes per second) for this class of traffic

Type: number

Range: 0-4294967295

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

value-ip-host

Description 2-byte decimal value(local-administrator)

Type: number

Range: 1-65535

vrf-target-ip

Description ‘ip’: Type 0x8108 - Redirect to route-target IP;

Type: string

Supported Values: ip

Mutual Exclusion: vrf-target-ip and vrf-target-string are mutually exclusive

vrf-target-string

Description Type 0x8008(ASN-2:Index), 0x8208(ASN-4:Index) - Route Target AS

Type: string

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: vrf-target-string and vrf-target-ip are mutually exclusive