ddos protection¶
DDOS protection
protection Specification¶
Type Configuration Resource Element Name protection Element URI /axapi/v3/ddos/protection Element Attributes protection_attributes Operational Data URI /axapi/v3/ddos/protection/oper Schema protection schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/protection | ||
Get Object | GET | /axapi/v3/ddos/protection | ||
Modify Object | POST | /axapi/v3/ddos/protection | ||
Replace Object | PUT | /axapi/v3/ddos/protection | ||
Delete Object | DELETE | /axapi/v3/ddos/protection |
protection attributes¶
disable-on-reboot
Description Disable DDoS protection upon reboot/reload
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-now
Description Override disable-on-reboot to enable runtime DDOS protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-aging
Description: fast-aging is a JSON Block. Please see below for fast-aging
Type: Object
force-routing-on-transp
Description Force use of routing in transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
mpls
Description Enable MPLS packet inspection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 100ms
src-dst-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
sync-accuracy
Description ‘High’: Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; ‘Medium’: Enforced limit is close to configured value, but has worse under-commit issue in certain situations; ‘Low’: Enforced limit is less close to configured value, but has least under-commit issue in certain situations;
Type: string
Supported Values: High, Medium, Low
Default: Medium
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
use-route
Description Use route table, default use receive hop for device initiated traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
fast-aging¶
Specification Type object half-open-conn-ratio
Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)
Type: number
Range: 1-99
Default: 25
half-open-conn-threshold
Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)
Type: number
Range: 1-99
Default: 1
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| ip-ano-sec-l4-tcp | enum | Output contains one of the following values: - enabled, disabled | |
| mpls-pkt-inspect | enum | Output contains one of the following values: - enabled, disabled | |
| bgp-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| sync | enum | Output contains one of the following values: - enabled, disabled | |
| detection | enum | Output contains one of the following values: - enabled, disabled | |
| src-delay-learning | enum | Output contains one of the following values: - enabled, disabled | |
| vrrp-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| dns-cache-mode | enum | Output contains one of the following values: - enabled, disabled | |
| sync-auto-wl | enum | Output contains one of the following values: - enabled, disabled | |
| rate-interval | enum | Output contains one of the following values: - 100ms, 1sec | |
| use-route | enum | Output contains one of the following values: - enabled, disabled | |
| vrrp | enum | Output contains one of the following values: - enabled, disabled | |
| hw-syn-cookie | enum | Output contains one of the following values: - enabled, disabled | |
| ip-ano-sec-l4-udp | enum | Output contains one of the following values: - enabled, disabled | |
| ip-ano-sec-l3 | enum | Output contains one of the following values: - enabled, disabled | |
| src-dynamic-overflow-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-dynamic-overflow-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| src-dynamic-overflow-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-dynamic-overflow-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| one-arm-mode | enum | Output contains one of the following values: - enabled, disabled | |
| warm-up | string | warm-up | |
| src-dst-entry-limit | enum | Output contains one of the following values: - 8M, 16M, unlimited, platform-default | |
| bgp | enum | Output contains one of the following values: - enabled, disabled | |
| mode | string | mode | |
| tap-interfaces | enum | Output contains one of the following values: - enabled, disabled | |
| ddos-protection | enum | Output contains one of the following values: - enabled, disabled | |
| dst-auto-learning-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| src-auto-learning-ipv4 | enum | Output contains one of the following values: - enabled, disabled | |
| dst-auto-learning-ipv6 | enum | Output contains one of the following values: - enabled, disabled | |
| src-auto-learning-ipv6 | enum | Output contains one of the following values: - enabled, disabled |