cgnv6 ddos-protection

Configure CGNV6 DDoS Protection. ACOS provides security protection to help mitigate against some forms of Distributed Denial of Service (DDoS) attacks on servers. These features aim to limit protocol attacks and volumetric attacks that consumer server resources.

ddos-protection Specification

Type Configuration Resource
Element Name ddos-protection
Element URI /axapi/v3/cgnv6/ddos-protection
Element Attributes ddos-protection_attributes
Statistics Data URI /axapi/v3/cgnv6/ddos-protection/stats
Schema ddos-protection schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/cgnv6/ddos-protection

ddos-protection Attributes

Get Object

GET

/axapi/v3/cgnv6/ddos-protection

ddos-protection Attributes

Modify Object

POST

/axapi/v3/cgnv6/ddos-protection

ddos-protection Attributes

Replace Object

PUT

/axapi/v3/cgnv6/ddos-protection

ddos-protection Attributes

Delete Object

DELETE

/axapi/v3/cgnv6/ddos-protection

ddos-protection Attributes

Get Stats

GET

/axapi/v3/cgnv6/ddos-protection/stats

stats data

ddos-protection Attributes

logging

Description: logging is a JSON Block . Please see below for logging

Type: Object

packets-per-second

Description: packets-per-second is a JSON Block . Please see below for packets-per-second

Type: Object

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

toggle

Description: Enable or disable DDoS Mitigation for CGN.

  • enable : Enable CGNV6 NAT pool DDoS protection.
  • disable : Disable CGNV6 NAT pool DDoS protection.

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description: uuid of the object

Type: string

packets-per-second

Specification
Type object

ip

Description: Configure the maximum number of packets allowed per IP.

Type: number

Range: 0-30000000

Default: 3000

other

Description: Configure the maximum number of packets allowed for other L4 protocols.

Type: number

Range: 0-30000000

Default: 10000

tcp

Description: Configure the maximum number of packets allowed per TCP port.

Type: number

Range: 0-30000000

Default: 3000

udp

Description: Configure the maximum number of packets allowed UDP port.

Type: number

Range: 0-30000000

Default: 3000

logging

Specification
Type object

logging-toggle

Description: Enable or disable logging statistics for DDoS Mitigation.

  • enable : Enable CGNV6 NAT pool DDoS protection logging.
  • disable : Disable CGNV6 NAT pool DDoS protection logging.

Type: string

Supported Values: enable, disable

Default: enable

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘entry_added’: Entry Added; ‘entry_deleted’: Entry Deleted; ‘entry_added_to_hw’: Entry added to HW; ‘entry_removed_from_hw’: Entry Removed From HW; ‘hw_out_of_entries’: HW out of Entries; ‘entry_match_drop’: Entry Match Drop; ‘entry_match_drop_hw’: HW Entry Match Drop; ‘entry_list_alloc’: Entry List Alloc; ‘entry_list_free’: Entry List Alloc Free; ‘entry_list_alloc_failure’: Entry List Alloc Failure; ‘ip_node_alloc’: Node Alloc; ‘ip_node_free’: Node Free; ‘ip_node_alloc_failure’: Node Alloc Failure; ‘ip_port_block_alloc’: Port Block Alloc; ‘ip_port_block_free’: Port Block Free; ‘ip_port_block_alloc_failure’: Port Block Alloc Failure; ‘ip_other_block_alloc’: Other Block Alloc; ‘ip_other_block_free’: Other Block Free; ‘ip_other_block_alloc_failure’: Other Block Alloc Failure; ‘entry_added_shadow’: Entry Added Shadow; ‘entry_invalidated’: Entry Invalidated;

Type: string

Supported Values: all, entry_added, entry_deleted, entry_added_to_hw, entry_removed_from_hw, hw_out_of_entries, entry_match_drop, entry_match_drop_hw, entry_list_alloc, entry_list_free, entry_list_alloc_failure, ip_node_alloc, ip_node_free, ip_node_alloc_failure, ip_port_block_alloc, ip_port_block_free, ip_port_block_alloc_failure, ip_other_block_alloc, ip_other_block_free, ip_other_block_alloc_failure, entry_added_shadow, entry_invalidated

stats data

Counter Size Description
ip_other_block_alloc 8 Other Block Alloc
entry_match_drop 8 Entry Match Drop
ip_port_block_free 8 Port Block Free
ip_node_alloc_failure 8 Node Alloc Failure
entry_list_alloc_failure 8 Entry List Alloc Failure
ip_node_alloc 8 Node Alloc
entry_added_shadow 8 Entry Added Shadow
ip_port_block_alloc_failure 8 Port Block Alloc Failure
ip_other_block_alloc_failure 8 Other Block Alloc Failure
entry_removed_from_hw 8 Entry Removed From HW
entry_deleted 8 Entry Deleted
entry_list_alloc 8 Entry List Alloc
entry_list_free 8 Entry List Alloc Free
entry_added_to_hw 8 Entry added to HW
ip_node_free 8 Node Free
entry_added 8 Entry Added
ip_other_block_free 8 Other Block Free
entry_invalidated 8 Entry Invalidated
ip_port_block_alloc 8 Port Block Alloc
entry_match_drop_hw 8 HW Entry Match Drop
hw_out_of_entries 8 HW out of Entries