F5BigDdosPolicy Reference¶
The F5BigDdosPolicy Custom Resource (CR) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the listType, use udpPortlist.listType.
| Parameter | Description |
|---|---|
hslPublisher |
Specifies the endpoint logging server to send logging messages. References the F5BigLogHslpub CR by metadata.name parameter. |
udpPortlist¶
| Parameter | Description |
|---|---|
listType |
Specifies whether to include or exclude the service ports used for UDP flood vector detection: exclude-listed-ports (default), or include-listed-ports. |
entries.port |
Specifies the service port(s) used for UDP flood vector detection. |
entries.matchDirection |
Specifies if packet matches are based on source port, destination port or either: src, dst or either (default). |
allowList¶
| Parameter | Description |
|---|---|
sourceAddressList |
Specifies a F5BigCneAddresslist CR by metadata.name containing the source IP addresses to be excluded from DoS detection/mitigation. |
entries.name |
Specifies a name for the allowlist. |
entries.ipProtocol |
Specifies the IP protocol allowed by the allowlist: any (default), icmp, igmp, tcp, udp. |
entries.entryType |
Specifies what the allowList match is based on: destination-match, source-match, v4-all, v6-all, or all-ip. |
entries.matchingAddress |
Specifies a destination IP address when entryType is destination-match, or source IP address when entryType is source-match. |
entries.destinationPort |
Specifies a destination service port the allowList matches. The default values is 0 for all ports. |
entries.sourceVlan |
Specifies the name of the source VLAN the allowList matches. The default value is any for all VLANs. |
vectors.floodVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
Specifies the type of DoS Flood Vector to detect and mitigate: udp-flood, ether-brdcst-pkt, ether-multicst-pkt, arp-flood, ip-frag-flood, ipv6-frag-flood, tcp-rst-flood, icmpv4-flood, icmpv6-flood, and tcp-psh-flood. |
state |
Specifies the system's response when a vector match occurs: detection-only (default) or mitigation. To disable, delete the custom resource. |
detectionThresholdEps |
Specifies the attack detection threshold in Events Per Second (EPS). When EPS exceeds the threshold, the attack is logged and reported. The default value is 4294967295. |
detectionThresholdPercentage |
Specifies the attack detection threshold by Events Per Second (EPS) percentage increase. The system compares the current EPS rate to the average rate from the last hour, and when the percentage is exceeded, the attack is logged and reported. The default value is 4294967295. |
rateLimit |
Specifies the rate limit in Events Per Second (EPS). When EPS exceeds the threshold, excess events are dropped until the EPS rate no longer exceeds the threshold. The default value is 4294967295. |
perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS per source IP address. The default value is 4294967295. |
perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
vectors.ipV6errorVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
Specifies the type of IPv6 DoS Error Vector to match: dup-ext-hdr, bad-hop-cnt, bad-ipv6-ver, addr-len-gt-l2-len, or payload-len-ls-l2-len. |
detectionThresholdEps |
Specifies the IPv6 attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
detectionThresholdPercentage |
Specifies the IPv6 attack detection percentage increase for the configured attack type. The default value is 4294967295. |
vectors.ipV6floodVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
Specifies the type of IPv6 DoS Flood Vector to match: l4-ext-hdrs-go-end, and bad-ext-hdr-order. |
state |
Specifies the reponse for an IPv6 vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
detectionThresholdEps |
Specifies the IPv6 attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
detectionThresholdPercentage |
Specifies the IPv6 attack detection percentage increase for the configured attack type. The default value is 4294967295. |
rateLimit |
Specifies the rate limit in EPS for the configured IPv6 attack type. The default value is 4294967295. |
perSourceIpDetectionEps |
Specifies the IPv6 attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured IPv6 attack type source IP. The default value is 4294967295. |
perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured IPv6 attack type per destination IP. The default value is 4294967295. |
perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured IPv6 attack type per destination IP. The default value is 4294967295. |
vectors.ipV6floodVectors.specificConfigVectors¶
| Parameter | Description |
|---|---|
lowHopCnt.state |
Specifies the reponse for a vector match: detection-only (default) or mitigation. |
lowHopCnt.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
lowHopCnt.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
lowHopCnt.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
lowHopCnt.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
lowHopCnt.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
lowHopCnt.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
lowHopCnt.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
lowHopCnt.ipv6LowHopCount |
Specifies the minimum acceptable value for IPv6 Hop Count: 1 (default) through 4. |
extHdrTooLarge.state |
Specifies the reponse for an IPv6 vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
extHdrTooLarge.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
extHdrTooLarge.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
extHdrTooLarge.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
extHdrTooLarge.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
extHdrTooLarge.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
extHdrTooLarge.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
extHdrTooLarge.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
extHdrTooLarge.maxipv6ExtHdrSize |
Specifies the size at which an IPv6 Extension Header is considered oversized: 0 through 1024. The default value is 128. |
withExtHdrFrames.state |
Specifies the reponse for an IPv6 vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
withExtHdrFrames.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
withExtHdrFrames.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
withExtHdrFrames.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
withExtHdrFrames.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
withExtHdrFrames.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
withExtHdrFrames.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
withExtHdrFrames.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
withExtHdrFrames.ipv6ExtHdrFrameType |
The IPv6 Header Frame type to match: auth, dstopt, esp, frag, hbh, mobility, route, and All (default). |
tooManyExtHdrs.state |
Specifies the reponse for an IPv6 vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
tooManyExtHdrs.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
tooManyExtHdrs.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
tooManyExtHdrs.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
tooManyExtHdrs.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
tooManyExtHdrs.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
tooManyExtHdrs.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
tooManyExtHdrs.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
tooManyExtHdrs.maxIpv6ExtHdrs |
Specifies the number of IPv6 Extension Headers that are considered too many: 0 - 15. The default value is 4. |
vectors.l4errorVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
The type of layer 4 DoS Error Vector: bad-udp-chksum or bad-udp-hrd. |
detectionThresholdEps |
Attack detection threshold in pps for the Attack type in question. The default value is 4294967295. |
detectionThresholdPercentage |
Attack detection percentage increase for the Attack type in question. The default value is 4294967295. |
vectors.dnsErrorVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
The type of DNS DoS Error Vector: dns-malformed, dns-qdcount-limit, or unsolicited-dns-response. |
detectionThresholdEps |
Attack detection threshold in pps for the Attack type in question. The default value is 4294967295. |
detectionThresholdPercentage |
Attack detection percentage increase for the Attack type in question. The default value is 4294967295. |
vectors.dnsFloodVectors.commonConfigVectors¶
| Parameter | Description |
|---|---|
vectorType |
The type of DNS Flood Vector: dns-a-query, dns-aaaa-query, dns-any-query, dns-ptr-query, dns-axfr-query, dns-cname-query, dns-ixfr-query, dns-mx-query, dns-ns-query, dns-other-query, dns-soa-query, dns-srv-query, or dns-txt-query. |
state |
Specifies the reponse for a vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
vectors.dnsFloodVectors.specificConfigVectors¶
| Parameter | Description |
|---|---|
oversizedDns.state |
Specifies the reponse for a vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
oversizedDns.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
oversizedDns.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
oversizedDns.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
oversizedDns.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
oversizedDns.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
oversizedDns.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
oversizedDns.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
oversizedDns.maxDnsSize |
Specifies the size at which a DNS packet is considered oversized: 256 through 8192. The default value is 4096. |
dnsNxdomainQuery.state |
Specifies the reponse for a vector match: detection-only (default) or mitigation. To disable, delete the custom resource. |
dnsNxdomainQuery.detectionThresholdEps |
Specifies the attack detection threshold in EPS for the configured attack type. The default value is 4294967295. |
dnsNxdomainQuery.detectionThresholdPercentage |
Specifies the attack detection percentage increase for the configured attack type. The default value is 4294967295. |
dnsNxdomainQuery.rateLimit |
Specifies the rate limit in EPS for the configured attack. The default value is 4294967295. |
dnsNxdomainQuery.perSourceIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per source IP. The default value is 4294967295. |
dnsNxdomainQuery.perSourceIpLimitEps |
Specifies the rate limit in EPS for the configured attack type per source IP. The default value is 4294967295. |
dnsNxdomainQuery.perDstIpDetectionEps |
Specifies the attack detection threshold in EPS for the configured attack type per destination IP. The default value is 4294967295. |
dnsNxdomainQuery.perDstIpLimitEps |
Specifies the rate Limit in EPS for the configured attack type per destination IP. The default value is 4294967295. |
dnsNxdomainQuery.dnsNXDomainLearnPeriod |
NEED DESCRIPTION 1 - 2147483647. The default value is 7200. |
dnsNxdomainQuery.dnsNXDomainPeriod |
NEED DESCRIPTION 1 - 2147483647. The default value is 86400. |
dnsNxdomainQuery.dnsNXDomainTrackerSize |
NEED DESCRIPTION 64 - 8000. The default value is 320. |
dnsNxdomainQuery.validDomains |
NEED DESCRIPTION |