ddos template udp

UDP template configuration

udp Specification

   
Type Collection
Object Key(s) name
Collection Name udp-list
Collection URI /axapi/v3/ddos/template/udp
Element Name udp
Element URI /axapi/v3/ddos/template/udp/{name}
Element Attributes udp_attributes
Schema udp schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/template/udp

udp attributes

Create List

POST

/axapi/v3/ddos/template/udp

udp attributes

Get Object

GET

/axapi/v3/ddos/template/udp/{name}

udp attributes

Get List

GET

/axapi/v3/ddos/template/udp

udp-list

Modify Object

POST

/axapi/v3/ddos/template/udp/{name}

udp attributes

Replace Object

PUT

/axapi/v3/ddos/template/udp/{name}

udp attributes

Replace List

PUT

/axapi/v3/ddos/template/udp

udp-list

Delete Object

DELETE

/axapi/v3/ddos/template/udp/{name}

udp attributes

udp-list

udp-list is JSON List of udp attributes

udp-list : [

]

udp attributes

age

Description Configure session age(in minutes) for UDP sessions

Type: number

Range: 1-63

drop-known-resp-src-port-cfg

Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for drop-known-resp-src-port-cfg

Type: Object

drop-ntp-monlist

Description Drop NTP monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

spoof-detect-cfg

Description: spoof-detect-cfg is a JSON Block. Please see below for spoof-detect-cfg

Type: Object

tunnel-encap

Description: tunnel-encap is a JSON Block. Please see below for tunnel-encap

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tunnel-encap

Specification  
Type object

always

Description: always is a JSON Block. Please see below for tunnel-encap_always

Type: Object

gre-always

Description: gre-always is a JSON Block. Please see below for tunnel-encap_gre-always

Type: Object

gre-encap

Description Enable Tunnel encap for GRE packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: gre-encap and ip-encap are mutually exclusive

ip-encap

Description Enable Tunnel encap for IP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ip-encap and gre-encap are mutually exclusive

tunnel-encap_gre-always

Specification  
Type object

gre-ipv4

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

gre-ipv6

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

key-ipv4

Description Encapsulate with key in hexidecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

key-ipv6

Description Encapsulate with key in hexidecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

preserve-src-ipv4-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-encap_always

Specification  
Type object

ipv4-addr

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

ipv6-addr

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

preserve-src-ipv4

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-known-resp-src-port-cfg

Specification  
Type object

drop-known-resp-src-port

Description Drop well-known if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exclude-src-resp-port

Description excluding src port equal destination port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-5

udp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

spoof-detect-cfg

Specification  
Type object

min-retry-gap

Description Optional minimum sec gap between 2 UDP packets for spoof-detect pass

Type: number

Range: 1-30

spoof-detect

Description Force client to retry on udp

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spoof-detect-retry-timeout

Description timeout in seconds

Type: number

Range: 1-31

Default: 5

Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive