ddos dst zone ip-proto proto-number

DDOS IP protocol configuration

proto-number Specification

   
Type Collection
Object Key(s) protocol-num
Collection Name proto-number-list
Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number
Element Name proto-number
Element URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}
Element Attributes proto-number_attributes
Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/stats
Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/oper
Schema proto-number schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number

proto-number attributes

Create List

POST

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number

proto-number attributes

Get Object

GET

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}

proto-number attributes

Get List

GET

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number

proto-number-list

Modify Object

POST

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}

proto-number attributes

Replace Object

PUT

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}

proto-number attributes

Replace List

PUT

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number

proto-number-list

Delete Object

DELETE

/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}

proto-number attributes

proto-number-list

proto-number-list is JSON List of proto-number attributes

proto-number-list : [

proto-number attributes

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for this ip-proto

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind

protocol-num

Description Protocol Number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template

Type: Object

dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template

Type: Object

manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

stats other-zone-ipproto

  Counter Size Description
       
  filter_none_match 8 Filter Not Matched
  secondary_port_kbit_rate_exceed_pkt 8 Per Addr-Port KiBit Rate Exceeded Count
  filter3_match 8 Filter3 Match
  outbound_port_drop 8 Outbound Packets Dropped
  secondary_port_pkt_rate_exceed 8 Per Addr-Port Packet Rate Exceeded
  src_filter_action_whitelist 8 Src Filter Action Whitelist
  port_bytes_drop 8 Inbound Bytes Dropped
  exceed_drop_prate_src 8 Src Pkt Rate Exceeded
  outbound_port_bytes_sent 8 Outbound Bytes Forwarded
  filter_total_not_match 8 Filter Total Not Matched
  filter4_match 8 Filter4 Match
  src_filter_action_default_pass 8 Src Filter Action Default Pass
  port_bytes_sent 8 Inbound Bytes Forwarded
  exceed_drop_brate_src 8 Src KiBit Rate Exceeded
  port_kbit_rate_exceed_pkt 8 KiBit Rate Exceeded Count
  port_kbit_rate_exceed 8 KiBit Rate Exceeded
  secondary_port_kbit_rate_exceed 8 Per Addr-Port KiBit Rate Exceeded
  filter_action_default_pass 8 Filter Action Default Pass
  filter_action_whitelist 8 Filter Action Whitelist
  port_src_bl 8 Src Blacklisted
  outbound_port_bytes_drop 8 Outbound Bytes Dropped
  outbound_port_pkt_sent 8 Outbound Packets Forwarded
  bl 8 Dst Blacklisted
  current_es_level 8 Current Escalation Level
  filter_action_drop 8 Filter Action Drop
  filter1_match 8 Filter1 Match
  filter_auth_fail 8 Filter Auth Failed
  exceed_drop_brate_src_pkt 8 Src KiBit Rate Exceeded Count
  filter_action_blacklist 8 Filter Action Blacklist
  port_pkt_rate_exceed 8 Packet Rate Exceeded
  port_pkt_sent 8 Inbound Packets Forwarded
  outbound_port_rcvd 8 Outbound Packets Received
  filter5_match 8 Filter5 Match
  outbound_port_bytes 8 Outbound Bytes Received
  port_rcvd 8 Inbound Packets Received
  port_src_escalation 8 Src Escalation
  src_drop 8 Src Packets Dropped
  port_bytes 8 Inbound Bytes Received
  frag_rcvd 8 Frag Received
  src_filter_action_blacklist 8 Src Filter Action Blacklist
  filter2_match 8 Filter2 Match
  frag_drop 8 Frag Dropped
  port_drop 8 Inbound Packets Dropped
  src_filter_action_drop 8 Src Filter Action Drop

operational data

  Counter Size Description
       
  overflow-policy flag overflow-policy
  class-list string class-list
  entry-displayed-count number entry-displayed-count
  subnet-ip-addr ipv4-cidr subnet-ip-addr
  ddos_entry_list   ddos_entry_list
  service-displayed-count number service-displayed-count
  sources flag sources
  ipv6 ipv6-address ipv6
  sources-all-entries flag sources-all-entries
  subnet-ipv6-addr ipv6-address-plen subnet-ipv6-addr