axAPIv3 TPS DDoS Dst Entry tutorial?

Community Forum Forums Thunder and AX Series General axAPIv3 TPS DDoS Dst Entry tutorial?

This topic contains 1 reply, has 2 voices, and was last updated by avatar tmitsuhata 1 month, 1 week ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #16242
    avatar
    SteveThing
    Member

    Hi all,

    I’m working with axAPIv3 and PowerShell. I just recently wrote some functions to invoke API calls and I’m having a hard time wrapping my head around creating a ‘ddos dst entry’ and/or ‘ddos dst zone’ configuration. In the axAPIv3 Documentation for ‘ddos dst entry’, it provides a schema which has a ton of information, but when I perform a GET call on an existing entry, it’s completely different. For example, let’s take the CLI route:

    show run ddos dst entry TEST_1.2.3.4
    !Section configuration: 245 bytes       
    !
    ddos dst entry TEST_1.2.3.4 1.2.3.4 
      description TEST.domain.com 
      log-enable 
      l4-type tcp 
        glid 100 
        syn-auth disable 
      l4-type udp 
        glid 100 
        drop-frag-pkt 
      port 443 ssl-l4 
        glid 10 
      port 1001 udp 
        glid 10 
    !

    When I do a GET on ‘/axapi/v3/ddos/dst/entry/TEST_1.2.3.4’ it looks nothing like ddos-dst-entry.txt from the docs schema file:

    {
      "entry": {
        "dst-entry-name":"TEST_1.2.3.4",
        "ip-addr":"1.2.3.4",
        "description":"TEST.domain.com",
        "exceed-log-cfg": {
          "log-enable":1,
          "log-with-sflow":0,
          "log-high-frequency":0
        },
        "log-periodic":0,
        "drop-frag-pkt":0,
        "sflow": {
          "polling": {
            "sflow-packets":0,
            "sflow-layer-4":0,
            "sflow-tcp": {
              "sflow-tcp-basic":0,
              "sflow-tcp-stateful":0
            },
            "sflow-http":0,
            "sflow-undef-port-hit-stats":0,
            "sflow-undef-port-hit-stats-brief":0
          }
        },
        "drop-on-no-src-dst-default":0,
        "drop-disable":0,
        "operational-mode":"protection",
        "reporting-disabled":0,
        "advertised-enable":0,
        "uuid":"61df793c-e3ae-11e8-aefa-ffe0862d8a42",
        "l4-type-list": [
          {
            "protocol":"tcp",
            "glid":"100",
            "deny":0,
            "syn-auth":"disable",
            "syn-cookie":0,
            "tcp-reset-client":0,
            "tcp-reset-server":0,
            "drop-on-no-port-match":"enable",
            "drop-frag-pkt":0,
            "undefined-port-hit-statistics": {
              "undefined-port-hit-statistics":0
            },
            "uuid":"681ff218-e3ae-11e8-aefa-ffe0862d8a42",
            "port-ind": {
              "uuid":"682011da-e3ae-11e8-aefa-ffe0862d8a42",
              "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/tcp/port-ind"
            },
            "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/tcp"
          },
          {
            "protocol":"udp",
            "glid":"100",
            "deny":0,
            "drop-on-no-port-match":"enable",
            "stateful":0,
            "drop-frag-pkt":1,
            "undefined-port-hit-statistics": {
              "undefined-port-hit-statistics":0
            },
            "uuid":"97fdf1c4-e3ae-11e8-aefa-ffe0862d8a42",
            "port-ind": {
              "uuid":"97fe10d2-e3ae-11e8-aefa-ffe0862d8a42",
              "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/udp/port-ind"
            },
            "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/udp"
          }
        ],
        "port-list": [
          {
            "port-num":443,
            "protocol":"ssl-l4",
            "detection-enable":0,
            "enable-top-k":0,
            "deny":0,
            "glid":"10",
            "sflow": {
              "polling": {
                "sflow-packets":0,
                "sflow-tcp": {
                  "sflow-tcp-basic":0,
                  "sflow-tcp-stateful":0
                },
                "sflow-http":0
              }
            },
            "uuid":"a64159a6-e3ae-11e8-aefa-ffe0862d8a42",
            "port-ind": {
              "uuid":"a6436f98-e3ae-11e8-aefa-ffe0862d8a42",
              "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/443+ssl-l4/port-ind"
            },
            "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/443+ssl-l4"
          },
          {
            "port-num":1001,
            "protocol":"udp",
            "detection-enable":0,
            "enable-top-k":0,
            "deny":0,
            "glid":"10",
            "sflow": {
              "polling": {
                "sflow-packets":0
              }
            },
            "uuid":"ca648fce-e3ae-11e8-aefa-ffe0862d8a42",
            "port-ind": {
              "uuid":"ca64b152-e3ae-11e8-aefa-ffe0862d8a42",
              "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/1001+udp/port-ind"
            },
            "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/1001+udp"
          }
        ],
        "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4"
      }
    }

    So, I’m hoping someone could walk me through how to form the appropriate JSON object for creating, updating, and validating an entry. Any assistance is greatly appreciated.

    Is there a better reference document for axAPI and TPS devices?
    What would be the bare minimum I would need to include in the JSON object given my CLI example above?

    • This topic was modified 1 month, 1 week ago by avatar SteveThing. Reason: Updated Title
    #16262
    avatar
    tmitsuhata
    Member

    Hello,
    You may want to try “show json-config” command on the CLI to confirm the JSON format.

    A10-TPS.113#sh json-config?
    json-config Displays config in json format
    json-config-detail Displays config in json format with details
    json-config-with-default Displays config in json format with default values

    The “show json-config ddos dst entry TEST_1.2.3.4” will give you the confg in JSON format like you see in scheme file .
    Hope this helps.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.