Options

axAPIv3 TPS DDoS Dst Entry tutorial?

SteveThingSteveThing Member
in TPS - DDoS Protection
Hi all,

I'm working with axAPIv3 and PowerShell. I just recently wrote some functions to invoke API calls and I'm having a hard time wrapping my head around creating a 'ddos dst entry' and/or 'ddos dst zone' configuration. In the axAPIv3 Documentation for 'ddos dst entry', it provides a schema which has a ton of information, but when I perform a GET call on an existing entry, it's completely different. For example, let's take the CLI route: 
show run ddos dst entry TEST_1.2.3.4
!Section configuration: 245 bytes       
!
ddos dst entry TEST_1.2.3.4 1.2.3.4 
  description TEST.domain.com 
  log-enable 
  l4-type tcp 
    glid 100 
    syn-auth disable 
  l4-type udp 
    glid 100 
    drop-frag-pkt 
  port 443 ssl-l4 
    glid 10 
  port 1001 udp 
    glid 10 
!


When I do a GET on '/axapi/v3/ddos/dst/entry/TEST_1.2.3.4' it looks nothing like ddos-dst-entry.txt from the docs schema file: 
{
  "entry": {
    "dst-entry-name":"TEST_1.2.3.4",
    "ip-addr":"1.2.3.4",
    "description":"TEST.domain.com",
    "exceed-log-cfg": {
      "log-enable":1,
      "log-with-sflow":0,
      "log-high-frequency":0
    },
    "log-periodic":0,
    "drop-frag-pkt":0,
    "sflow": {
      "polling": {
        "sflow-packets":0,
        "sflow-layer-4":0,
        "sflow-tcp": {
          "sflow-tcp-basic":0,
          "sflow-tcp-stateful":0
        },
        "sflow-http":0,
        "sflow-undef-port-hit-stats":0,
        "sflow-undef-port-hit-stats-brief":0
      }
    },
    "drop-on-no-src-dst-default":0,
    "drop-disable":0,
    "operational-mode":"protection",
    "reporting-disabled":0,
    "advertised-enable":0,
    "uuid":"61df793c-e3ae-11e8-aefa-ffe0862d8a42",
    "l4-type-list": [
      {
        "protocol":"tcp",
        "glid":"100",
        "deny":0,
        "syn-auth":"disable",
        "syn-cookie":0,
        "tcp-reset-client":0,
        "tcp-reset-server":0,
        "drop-on-no-port-match":"enable",
        "drop-frag-pkt":0,
        "undefined-port-hit-statistics": {
          "undefined-port-hit-statistics":0
        },
        "uuid":"681ff218-e3ae-11e8-aefa-ffe0862d8a42",
        "port-ind": {
          "uuid":"682011da-e3ae-11e8-aefa-ffe0862d8a42",
          "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/tcp/port-ind"
        },
        "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/tcp"
      },
      {
        "protocol":"udp",
        "glid":"100",
        "deny":0,
        "drop-on-no-port-match":"enable",
        "stateful":0,
        "drop-frag-pkt":1,
        "undefined-port-hit-statistics": {
          "undefined-port-hit-statistics":0
        },
        "uuid":"97fdf1c4-e3ae-11e8-aefa-ffe0862d8a42",
        "port-ind": {
          "uuid":"97fe10d2-e3ae-11e8-aefa-ffe0862d8a42",
          "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/udp/port-ind"
        },
        "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/l4-type/udp"
      }
    ],
    "port-list": [
      {
        "port-num":443,
        "protocol":"ssl-l4",
        "detection-enable":0,
        "enable-top-k":0,
        "deny":0,
        "glid":"10",
        "sflow": {
          "polling": {
            "sflow-packets":0,
            "sflow-tcp": {
              "sflow-tcp-basic":0,
              "sflow-tcp-stateful":0
            },
            "sflow-http":0
          }
        },
        "uuid":"a64159a6-e3ae-11e8-aefa-ffe0862d8a42",
        "port-ind": {
          "uuid":"a6436f98-e3ae-11e8-aefa-ffe0862d8a42",
          "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/443+ssl-l4/port-ind"
        },
        "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/443+ssl-l4"
      },
      {
        "port-num":1001,
        "protocol":"udp",
        "detection-enable":0,
        "enable-top-k":0,
        "deny":0,
        "glid":"10",
        "sflow": {
          "polling": {
            "sflow-packets":0
          }
        },
        "uuid":"ca648fce-e3ae-11e8-aefa-ffe0862d8a42",
        "port-ind": {
          "uuid":"ca64b152-e3ae-11e8-aefa-ffe0862d8a42",
          "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/1001+udp/port-ind"
        },
        "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4/port/1001+udp"
      }
    ],
    "a10-url":"/axapi/v3/ddos/dst/entry/TEST_1.2.3.4"
  }
}


So, I'm hoping someone could walk me through how to form the appropriate JSON object for creating, updating, and validating an entry. Any assistance is greatly appreciated.

Is there a better reference document for axAPI and TPS devices?
What would be the bare minimum I would need to include in the JSON object given my CLI example above?

Answers

  • Options
    tmitsuhatatmitsuhata Member, Administrator admin
    edited November 2018
    Hello,
    You may want to try "show json-config" command on the CLI to confirm the JSON format.

    A10-TPS.113#sh json-config?
    json-config Displays config in json format
    json-config-detail Displays config in json format with details
    json-config-with-default Displays config in json format with default values

    The "show json-config ddos dst entry TEST_1.2.3.4" will give you the confg in JSON format like you see in scheme file .
    Hope this helps.
Sign In or Register to comment.