slb common¶
SLB related commands
common Specification¶
Parameter Value Type Configuration Resource Element Name common Element URI /axapi/v3/slb/common Element Attributes common_attributes Partition Visibility shared Operational Data URI /axapi/v3/slb/common/oper Schema common schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/common | ||
Get Object | GET | /axapi/v3/slb/common | ||
Modify Object | POST | /axapi/v3/slb/common | ||
Replace Object | PUT | /axapi/v3/slb/common | ||
Delete Object | DELETE | /axapi/v3/slb/common |
common attributes¶
N5-new
Description HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: N5-new,software, software-tls13, QAT, N5-old, and software-tls13-offload are mutually exclusive
N5-old
Description HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: N5-old,software, software-tls13, QAT, N5-new, and software-tls13-offload are mutually exclusive
QAT
Description HW assisted QAT SSL module
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: QAT,software, software-tls13, N5-new, N5-old, and software-tls13-offload are mutually exclusive
aflex-table-entry-aging-interval
Description aFleX table entry aging interval in second
Type: number
Range: 1-3600
Default: 1
aflex-table-entry-sync
Description: aflex-table-entry-sync is a JSON Block. Please see below for aflex-table-entry-sync
Type: Object
Reference Object: /axapi/v3/slb/common/aflex-table-entry-sync
after-disable
Description Graceful shutdown after disable server/port and/or virtual server/port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-in-gateway-mode
Description Use source NAT gateway for L3 traffic for gateway mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
attack-resp-code
Description Custom response code
Type: number
Range: 400-599
Default: 410
auto-nat-no-ip-refresh
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
auto-translate-port
Description Auto Translate Port range
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
buff-thresh
Description Set buffer threshold
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
buff-thresh-hw-buff
Description Set hardware buffer threshold
Type: number
Range: 1-2147483647
buff-thresh-relieve-thresh
Description Relieve threshold
Type: number
Range: 0-2147483647
buff-thresh-sys-buff-high
Description Set high water mark of system buffer
Type: number
Range: 0-2147483647
buff-thresh-sys-buff-low
Description Set low water mark of system buffer
Type: number
Range: 0-2147483647
cache-expire-time
Description Cache expiration time, default is 1 minute
Type: number
Range: 1-480
Default: 1
cancel-stream-loop-limit
Description Set global cancel stream loop limit (cancel stream loop limit, default is 5)
Type: number
Range: 0-50
Default: 5
cert-pinning
Description: cert-pinning is a JSON Block. Please see below for cert-pinning
Type: Object
Reference Object: /axapi/v3/slb/common/cert-pinning
clientside-ip
Description Clientside IP address
Type: string
Format: ipv4-address
clientside-ipv6
Description Clientside IPv6 address
Type: string
Format: ipv6-address
compress-block-size
Description Set compression block size (Compression block size in bytes)
Type: number
Range: 6000-131008
conn-rate-limit
Description: conn-rate-limit is a JSON Block. Please see below for conn-rate-limit
Type: Object
Reference Object: /axapi/v3/slb/common/conn-rate-limit
custom-message
Description Block message
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Mutual Exclusion: custom-message and custom-page are mutually exclusive
custom-page
Description Specify the custom webpage name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: custom-page and custom-message are mutually exclusive
custom-signal-clist
Description Provide custom signal names
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ddos-pkt-count-thresh
Description Set packet count threshold for DDOS, default is 100
Type: number
Range: 1-256
Default: 100
ddos-pkt-size-thresh
Description Set data packet size threshold for DDOS, default is 64 bytes
Type: number
Range: 1-256
Default: 64
ddos-protection
Description: ddos-protection is a JSON Block. Please see below for ddos-protection
Type: Object
disable-adaptive-resource-check
Description Disable adaptive resource check based on buffer usage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-persist-scoring
Description Disable Persist Scoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-port-masking
Description Disable masking of ports for CPU hashing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-server-auto-reselect
Description Disable auto reselection of server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-age
Description Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds)
Type: number
Range: 1-1000000
Default: 300
dns-cache-age-min-threshold
Description Set DNS cache entry age minimum threshold, default is 0 seconds (1-1000000 seconds, default is 0 seconds)
Type: number
Range: 0-1000000
Default: 0
dns-cache-aging-weight
Description Set DNS cache entry weight, default is 1
Type: number
Range: 1-7
Default: 1
dns-cache-enable
Description Enable DNS cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-entry-size
Description Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes)
Type: number
Range: 1-4096
Default: 256
dns-cache-sync
Description Enable DNS cache HA sync
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-sync-entry-size
Description Only sync DNS cache with smaller size (1-4096 bytes, default is 256 bytes)
Type: number
Range: 1-4096
Default: 256
dns-cache-sync-ttl-threshold
Description Only sync DNS cache with longer TTL (0-10000000 seconds, default is 0 second)
Type: number
Range: 0-10000000
Default: 0
dns-cache-ttl-adjustment-enable
Description Enable DNS cache response ttl adjustment
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-negative-cache-enable
Description Enable DNS negative cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-persistent-cache-enable
Description Enable persistent DNS cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-persistent-cache-hit-threshold
Description Only save DNS cache with larger hit count (0-10000000, default is 0)
Type: number
Range: 0-10000000
Default: 0
dns-persistent-cache-ttl-threshold
Description Only save DNS cache with longer TTL (0-10000000 seconds, default is 0 second)
Type: number
Range: 0-10000000
Default: 0
dns-response-rate-limiting
Description: dns-response-rate-limiting is a JSON Block. Please see below for dns-response-rate-limiting
Type: Object
Reference Object: /axapi/v3/slb/common/dns-response-rate-limiting
dns-vip-stateless
Description Enable DNS VIP stateless mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-icmp-to-vip-when-vip-down
Description Drop ICMP to VIP when VIP down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dsr-health-check-enable
Description Enable dsr-health-check (direct server return health check)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ecmp-hash
Description ‘system-default’: Use system default ecmp hashing algorithm; ‘connection-based’: Use connection information for hashing;
Type: string
Supported Values: system-default, connection-based
Default: system-default
enable-ddos
Description Enable DDoS protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-fast-path-rerouting
Description Enable Fast-Path Rerouting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-l7-req-acct
Description Enable L7 request accounting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entity
Description ‘server’: Graceful shutdown server/port only; ‘virtual-server’: Graceful shutdown virtual server/port only;
Type: string
Supported Values: server, virtual-server
exclude-destination
Description ‘local’: Maximum local rate; ‘remote’: Maximum remote rate; (Maximum rates)
Type: string
Supported Values: local, remote
extended-stats
Description Enable global slb extended statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-path-disable
Description Disable fast path in SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gateway-health-check
Description Enable gateway health check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
graceful-shutdown
Description 1-65535, in unit of seconds
Type: number
Range: 1-65535
graceful-shutdown-enable
Description Enable graceful shutdown
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
health-check-to-all-vip
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
honor-server-response-ttl
Description Honor the server reponse TTL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-fast-enable
Description Enable Http Fast in SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-compression
Description Use hardware compression
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-syn-rr
Description Configure hardware SYN round robin (range 1-500000)
Type: number
Range: 1-500000
interval
Description Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5))
Type: number
Range: 1-180
Default: 5
ipv4-offset
Description IPv4 Octet Offset for Hash
Type: number
Range: 0-3
Default: 0
ipv6-subnet
Description IPv6 Octet Valid Subnet Length for Hash
Type: number
Range: 0-15
Default: 0
l2l3-trunk-lb-disable
Description Disable L2/L3 trunk LB
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-for-reset-unknown-conn
Description Log when rate exceed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
low-latency
Description Enable low latency mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-buff-queued-per-conn
Description Set per connection buffer threshold (Buffer value range 128-4096)
Type: number
Range: 128-4096
Default: 1000
max-http-header-count
Description Set maximum number of HTTP headers allowed
Type: number
Range: 90-255
Default: 90
max-local-rate
Description Set maximum local rate
Type: number
Range: 1-100
Default: 32
max-persistent-cache
Description Define maximum persistent cache (Maximum persistent cache entry)
Type: number
max-remote-rate
Description Set maximum remote rate
Type: number
Range: 1-1000000
Default: 15000
monitor-mode-enable
Description Enable NG-WAF monitor mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
msl-time
Description Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds)
Type: number
Range: 1-39
Default: 2
mss-table
Description Set MSS table (128-750, default is 536)
Type: number
Range: 128-750
Default: 536
multi-cpu
Description Specific NGWAF CPU
Type: number
Range: 0-28
Default: 0
ngwaf-proxy-ipv4
Description IPv4 address
Type: string
Format: ipv4-address
Mutual Exclusion: ngwaf-proxy-ipv4 and ngwaf-proxy-ipv6 are mutually exclusive
ngwaf-proxy-ipv6
Description IPv6 address
Type: string
Format: ipv6-address
Mutual Exclusion: ngwaf-proxy-ipv6 and ngwaf-proxy-ipv4 are mutually exclusive
ngwaf-proxy-port
Description Port
Type: number
Range: 1-65534
no-auto-up-on-aflex
Description Don’t automatically mark vport up when aFleX is bound
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
odd-even-nat-enable
Description Enable odd even nat pool allocation in dual blade systems
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
one-server-conn-hm-rate
Description One Server Conn Health Check Rate
Type: number
Range: 1-60
override-port
Description Enable override port in DSR health check mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pbslb-entry-age
Description Set global pbslb entry age (minute)
Type: number
Range: 1-127
Default: 6
pbslb-overflow-glid
Description Apply global limit id to overflow pbslb entry
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
per-thr-percent
Description Percentage of default session count to use for per thread session table size
Type: number
Range: 1-100
ping-sweep-detection
Description ‘enable’: Enable ping sweep detection; ‘disable’: Disable ping sweep detection(default);
Type: string
Supported Values: enable, disable
Default: disable
pkt-rate-for-reset-unknown-conn
Description
Type: number
Range: 1-1048575
player-id-check-enable
Description Enable the Player id check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port
Description Serverside port number for SNI transmission
Type: number
Range: 1-65535
port-scan-detection
Description ‘enable’: Enable port scan detection; ‘disable’: Disable port scan detection(default);
Type: string
Supported Values: enable, disable
Default: disable
pre-process-enable
Description Enable NG-WAF pre-processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
quic
Description: quic is a JSON Block. Please see below for quic
Type: Object
Reference Object: /axapi/v3/slb/common/quic
range
Description auto translate port range
Type: number
Range: 1-3
range-end
Description port range end
Type: number
Range: 0-65535
range-start
Description port range start
Type: number
Range: 0-65535
rate-limit-logging
Description Configure rate limit logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
recursive-ns-cache
Description ‘honor-packet-ttl’: Honor the lowest TTL among NS records in the server response; ‘honor-age-config’: Honor the ttl/age settings based on acos dns cache configuration;
Type: string
Supported Values: honor-packet-ttl, honor-age-config
Default: honor-packet-ttl
reset-stale-session
Description Send reset if session in delete queue receives a SYN packet
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
resolve-port-conflict
Description Enable client port service port conflicts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
response-type
Description ‘single-answer’: Only cache DNS response with single answer; ‘round-robin’: Round robin;
Type: string
Supported Values: single-answer, round-robin
scale-out
Description Enable SLB scale out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
scale-out-traffic-map
Description Set SLB scaleout traffic-map
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
serverside-ip
Description Serverside IP address
Type: string
Format: ipv4-address
serverside-ipv6
Description Serverside IPv6 address
Type: string
Format: ipv6-address
service-group-on-no-dest-nat-vports
Description ‘allow-same’: Allow the binding service-group on no-dest-nat virtual ports; ‘enforce-different’: Enforce that the same service-group can not be bound on different no-dest-nat virtual ports;
Type: string
Supported Values: allow-same, enforce-different
Default: enforce-different
show-slb-server-legacy-cmd
Description Enable show slb server legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
show-slb-service-group-legacy-cmd
Description Enable show slb service-group legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
show-slb-virtual-server-legacy-cmd
Description Enable show slb virtual-server legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-gwy-for-l3
Description Use source NAT gateway for L3 traffic for transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-on-vip
Description Enable source NAT traffic against VIP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-preserve
Description: snat-preserve is a JSON Block. Please see below for snat-preserve
Type: Object
software
Description Software
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: software,software-tls13, QAT, N5-new, N5-old, and software-tls13-offload are mutually exclusive
software-tls13
Description Software TLS1.3
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: software-tls13,software, QAT, N5-new, N5-old, and software-tls13-offload are mutually exclusive
software-tls13-offload
Description Software TLS1.3 with CPU Offload Support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: software-tls13-offload,software, software-tls13, QAT, N5-new, and N5-old are mutually exclusive
sort-res
Description Enable SLB sorting of resource names
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-module-usage-enable
Description Enable SSL module usage calculations for QAT
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-n5-delay-tx-enable
Description Enable delay transmission for N5-new
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-ratelimit-cfg
Description: ssl-ratelimit-cfg is a JSON Block. Please see below for ssl-ratelimit-cfg
Type: Object
ssli-cert-not-ready-inspect-limit
Description SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size)
Type: number
Range: 0-2147483647
Default: 2000
ssli-cert-not-ready-inspect-timeout
Description SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout)
Type: number
Range: 0-2147483647
Default: 10
ssli-silent-termination-enable
Description Terminate the SSLi sessions silently without sending RST/FIN packet
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssli-sni-hash-enable
Description Enable SSLi SNI hash table
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stateless-sg-multi-binding
Description Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats-data-disable
Description Disable global slb data statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
substitute-source-mac
Description Substitute Source MAC Address to that of the outgoing interface
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15))
Type: number
Range: 1-360
Default: 15
traffic-map-type
Description ‘vport’: traffic-map per vport; ‘global’: global traffic-map;
Type: string
Supported Values: vport, global
Default: vport
ttl-threshold
Description Only cache DNS response with longer TTL
Type: number
Range: 1-10000000
use-default-sess-count
Description Use default session count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-https-proxy
Description NG-WAF connects to Cloud through proxy server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-mgmt-port
Description Use management port to connect
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-mss-tab
Description Use MSS based on internal table for SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vport-global
Description Configure periodic showtech vport paging global limit
Type: number
Range: 0-512
vport-l3v
Description Configure periodic showtech vport paging l3v limit
Type: number
Range: 0-128
aflex-table-entry-sync¶
Specification Value Type object aflex-table-entry-sync-enable
Description Enable aflex table sync
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
aflex-table-entry-sync-max-key-len
Description aflex table entry max key length to sync
Type: number
Range: 0-1000
Default: 1000
aflex-table-entry-sync-max-value-len
Description aflex table entry max value length to sync
Type: number
Range: 0-1000
Default: 1000
aflex-table-entry-sync-min-lifetime
Description aflex table entry minimum lifetime to sync
Type: number
Range: 0-65535
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cert-pinning¶
Specification Value Type object candidate-list-feedback-opt-in
Description: candidate-list-feedback-opt-in is a JSON Block. Please see below for cert-pinning_candidate-list-feedback-opt-in
Type: Object
Reference Object: /axapi/v3/slb/common/cert-pinning/candidate-list-feedback-opt-in
ttl
Description The ttl of local cert pinning candidate list, multiple of 10 minutes, default is 144 (1440 minutes)
Type: number
Range: 1-1008
Default: 144
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cert-pinning_candidate-list-feedback-opt-in¶
Specification Value Type object daily
Description Every day
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: daily and weekly are mutually exclusive
day-time
Description Time of day to update (hh:mm) in 24 hour local time
Type: string
Format: time-hhmm
enable
Description Enable the feedback function
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
schedule
Description schedule the uploading time, default is daily 00:00
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-mgmt-port
Description Use management port to connect
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
week-day
Description ‘Monday’: Monday; ‘Tuesday’: Tuesday; ‘Wednesday’: Wednesday; ‘Thursday’: Thursday; ‘Friday’: Friday; ‘Saturday’: Saturday; ‘Sunday’: Sunday;
Type: string
Supported Values: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
week-time
Description Time of day to update (hh:mm) in 24 hour local time
Type: string
Format: time-hhmm
weekly
Description Every week
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: weekly and daily are mutually exclusive
dns-response-rate-limiting¶
Specification Value Type object max-table-entries
Description Maximum number of entries allowed
Type: number
Range: 1000-4194304
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ssl-ratelimit-cfg¶
Specification Value Type object disable-rate
Description Disable HW SSL Rate limit for N5-new
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: disable-rate, tls12-rate, and tls13-rate are mutually exclusive
tls12-rate
Description Enabling Rateliming for TLS1.2 HW requests per chip in 1K - default 120
Type: number
Range: 1-1000
Default: 120
Mutual Exclusion: tls12-rate and disable-rate are mutually exclusive
tls13-rate
Description Enabling Rateliming for TLS1.3 HW requests per chip in 1K - default 72
Type: number
Range: 1-200
Default: 72
Mutual Exclusion: tls13-rate and disable-rate are mutually exclusive
quic¶
Specification Value Type object cid-len
Description Length of CID
Type: number
Range: 4-20
Default: 4
cpu-offset
Description Offset for Encoded CPU
Type: number
Range: 0-15
Default: 12
enable-hash
Description Enable CID Hashing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-signature
Description Enable CID Signature Validation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
quic-lb-offset
Description Offset for QUIC-LB
Type: number
Range: 0-15
Default: 8
signature
Description Set CID Signature
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
signature-len
Description Offset for CID Signature
Type: number
Range: 1-4
Default: 3
signature-offset
Description Offset for CID Signature
Type: number
Range: 0-15
Default: 4
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
conn-rate-limit¶
Specification Value Type object src-ip-list
Type: List
Reference Object: /axapi/v3/slb/common/conn-rate-limit/src-ip/{disable-ipv6-support}+{protocol}
conn-rate-limit_src-ip-list¶
Specification Value Type list Block object keys disable-ipv6-support
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-action
Description Set action if threshold exceeded
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
limit
Description Set max connections per period
Type: number
Range: 1-1000000
limit-period
Description ‘100’: 100 ms; ‘1000’: 1000 ms;
Type: string
Supported Values: 100, 1000
lock-out
Description Set lockout period in seconds if threshold exceeded
Type: number
Range: 1-3600
log
Description Send log if threshold exceeded
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
protocol
Description ‘tcp’: Set TCP connection rate limit; ‘udp’: Set UDP packet rate limit;
Type: string
Supported Values: tcp, udp
shared
Description Set threshold shared amongst all virtual ports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ddos-protection¶
Specification Value Type object ipd-enable-toggle
Description ‘enable’: Enable SLB DDoS protection; ‘disable’: Disable SLB DDoS protection (default);
Type: string
Supported Values: enable, disable
Default: disable
logging
Description: logging is a JSON Block. Please see below for ddos-protection_logging
Type: Object
packets-per-second
Description: packets-per-second is a JSON Block. Please see below for ddos-protection_packets-per-second
Type: Object
ddos-protection_packets-per-second¶
Specification Value Type object ipd-tcp
Description Configure packets-per-second threshold per TCP port (default: 200)
Type: number
Range: 0-65535
Default: 200
ipd-udp
Description Configure packets-per-second threshold per UDP port (default: 200)
Type: number
Range: 0-65535
Default: 200
ddos-protection_logging¶
Specification Value Type object ipd-logging-toggle
Description ‘enable’: Enable SLB DDoS protection logging (default); ‘disable’: Disable SLB DDoS protection logging;
Type: string
Supported Values: enable, disable
Default: enable
snat-preserve¶
Specification Value Type object range
Type: List
snat-preserve_range¶
Specification Value Type list Block object keys port1
Description start port
Type: number
Range: 1025-65535
Default: 1025
port2
Description end port which is greater than start
Type: number
Range: 1025-65535
Default: 1025