560071
35000
48104
Operation | Operation Path | Details |
---|---|---|
Mitigation | /mitigate |
|
Session configuration | /config |
|
Heartbeat | /hb |
|
Value | Description |
---|---|
c | Return only configuration descendant data nodes |
n | Return only non-configuration descendant data nodes |
a | Return all descendant data nodes |
Parameter Value | Description |
---|---|
1 | Attack mitigation setup is in progress (e.g., changing the network path to redirect the inbound traffic to a DOTS mitigator). |
2 | Attack is being successfully mitigated (e.g., traffic is redirected to a DDoS mitigator and attack traffic is dropped). |
3 | Attack has stopped and the DOTS client can withdraw the mitigation request. This status code will be transmitted for immediate mitigation requests till the mitigation is withdrawn or the lifetime expires. For mitigation requests with preconfigured scopes (i.e., 'trigger-mitigation' set to 'false'), this status code will be transmitted four times and then transition to "8". |
4 | Attack has exceeded the mitigation provider capability. |
5 | DOTS client has withdrawn the mitigation request and the mitigation is active but terminating. |
6 | Attack mitigation is now terminated. |
7 | Attack mitigation is withdrawn (by the DOTS server). If a mitigation request with 'trigger-mitigation' set to 'false' is withdrawn because it overlaps with an immediate mitigation request, this status code will be transmitted four times and then transition to "8" for the mitigation request with preconfigured scopes. |
8 | Attack mitigation will be triggered for the mitigation request only when the DOTS signal channel session is lost. |
Parameter Value | Description |
---|---|
1 | The DOTS client determines that it is still under attack. |
2 | The DOTS client determines that the attack is successfully mitigated (e.g., attack traffic is not seen). |
Parameter Name | YANG Type | CBOR Key | CBOR Major Type & Information | JSON Type |
---|---|---|---|---|
container | 1 | 5 map | Object | |
scope | list | 2 | 4 array | Array |
cdid | string | 3 | 3 text string | String |
cuid | string | 4 | 3 text string | String |
mid | uint32 | 5 | 0 unsigned | Number |
target-prefix | leaf-list | 6 | 4 array | Array |
inet:ip-prefix | 3 text string | String | ||
target-port-range | list | 7 | 4 array | Array |
lower-port | inet:port-number | 8 | 0 unsigned | Number |
upper-port | inet:port-number | 9 | 0 unsigned | Number |
target-protocol | leaf-list | 10 | 4 array | Array |
uint8 | 0 unsigned | Number | ||
target-fqdn | leaf-list | 11 | 4 array | Array |
inet:domain-name | 3 text string | String | ||
target-uri | leaf-list | 12 | 4 array | Array |
inet:uri | 3 text string | String | ||
alias-name | leaf-list | 13 | 4 array | Array |
string | 3 text string | String | ||
lifetime | int32 | 14 | 0 unsigned | Number |
1 negative | Number | |||
mitigation-start | uint64 | 15 | 0 unsigned | String |
status | enumeration | 16 | 0 unsigned | String |
conflict-information | container | 17 | 5 map | Object |
conflict-status | enumeration | 18 | 0 unsigned | String |
conflict-cause | enumeration | 19 | 0 unsigned | String |
retry-timer | uint32 | 20 | 0 unsigned | String |
conflict-scope | container | 21 | 5 map | Object |
acl-list | list | 22 | 4 array | Array |
acl-name | leafref | 23 | 3 text string | String |
acl-type | leafref | 24 | 3 text string | String |
bytes-dropped | 25 | 0 unsigned | String | |
bps-dropped | yang:gauge64 | 26 | 0 unsigned | String |
pkts-dropped | 27 | 0 unsigned | String | |
pps-dropped | yang:gauge64 | 28 | 0 unsigned | String |
attack-status | enumeration | 29 | 0 unsigned | String |
container | 30 | 5 map | Object | |
sid | uint32 | 31 | 0 unsigned | Number |
mitigating-config | container | 32 | 5 map | Object |
heartbeat-interval | container | 33 | 5 map | Object |
max-value | uint16 | 34 | 0 unsigned | Number |
min-value | uint16 | 35 | 0 unsigned | Number |
current-value | uint16 | 36 | 0 unsigned | Number |
missing-hb-allowed | container | 37 | 5 map | Object |
max-retransmit | container | 38 | 5 map | Object |
ack-timeout | container | 39 | 5 map | Object |
ack-random-factor | container | 40 | 5 map | Object |
max-value-decimal | decimal64 | 41 | 6 tag 4 [-2, integer] | String |
min-value-decimal | decimal64 | 42 | 6 tag 4 [-2, integer] | String |
current-value-decimal | decimal64 | 43 | 6 tag 4 [-2, integer] | String |
idle-config | container | 44 | 5 map | Object |
trigger-mitigation | boolean | 45 | 7 bits 20 | False |
7 bits 21 | True | |||
container | 46 | 5 map | Object | |
alt-server | string | 47 | 3 text string | String |
alt-server-record | leaf-list | 48 | 4 array | Array |
inet:ip-address | 3 text string | String | ||
container | 49 | 5 map | Object | |
probing-rate | container | 50 | 5 map | Object |
peer-hb-status | boolean | 51 | 7 bits 20 | False |
7 bits 21 | True |
URI Suffix | Change Controller | Reference | Status | Related information |
---|---|---|---|---|
dots | IETF | [RFC8782] | permanent | None |
Parameter Name | CBOR Key Value | CBOR Major Type | Change Controller | Specification Document(s) |
---|---|---|---|---|
Reserved | 0 | [RFC8782] | ||
1 | 5 | IESG | [RFC8782] | |
scope | 2 | 4 | IESG | [RFC8782] |
cdid | 3 | 3 | IESG | [RFC8782] |
cuid | 4 | 3 | IESG | [RFC8782] |
mid | 5 | 0 | IESG | [RFC8782] |
target-prefix | 6 | 4 | IESG | [RFC8782] |
target-port-range | 7 | 4 | IESG | [RFC8782] |
lower-port | 8 | 0 | IESG | [RFC8782] |
upper-port | 9 | 0 | IESG | [RFC8782] |
target-protocol | 10 | 4 | IESG | [RFC8782] |
target-fqdn | 11 | 4 | IESG | [RFC8782] |
target-uri | 12 | 4 | IESG | [RFC8782] |
alias-name | 13 | 4 | IESG | [RFC8782] |
lifetime | 14 | 0/1 | IESG | [RFC8782] |
mitigation-start | 15 | 0 | IESG | [RFC8782] |
status | 16 | 0 | IESG | [RFC8782] |
conflict-information | 17 | 5 | IESG | [RFC8782] |
conflict-status | 18 | 0 | IESG | [RFC8782] |
conflict-cause | 19 | 0 | IESG | [RFC8782] |
retry-timer | 20 | 0 | IESG | [RFC8782] |
conflict-scope | 21 | 5 | IESG | [RFC8782] |
acl-list | 22 | 4 | IESG | [RFC8782] |
acl-name | 23 | 3 | IESG | [RFC8782] |
acl-type | 24 | 3 | IESG | [RFC8782] |
bytes-dropped | 25 | 0 | IESG | [RFC8782] |
bps-dropped | 26 | 0 | IESG | [RFC8782] |
pkts-dropped | 27 | 0 | IESG | [RFC8782] |
pps-dropped | 28 | 0 | IESG | [RFC8782] |
attack-status | 29 | 0 | IESG | [RFC8782] |
30 | 5 | IESG | [RFC8782] | |
sid | 31 | 0 | IESG | [RFC8782] |
mitigating-config | 32 | 5 | IESG | [RFC8782] |
heartbeat-interval | 33 | 5 | IESG | [RFC8782] |
min-value | 34 | 0 | IESG | [RFC8782] |
max-value | 35 | 0 | IESG | [RFC8782] |
current-value | 36 | 0 | IESG | [RFC8782] |
missing-hb-allowed | 37 | 5 | IESG | [RFC8782] |
max-retransmit | 38 | 5 | IESG | [RFC8782] |
ack-timeout | 39 | 5 | IESG | [RFC8782] |
ack-random-factor | 40 | 5 | IESG | [RFC8782] |
min-value-decimal | 41 | 6tag4 | IESG | [RFC8782] |
max-value-decimal | 42 | 6tag4 | IESG | [RFC8782] |
current-value-decimal | 43 | 6tag4 | IESG | [RFC8782] |
idle-config | 44 | 5 | IESG | [RFC8782] |
trigger-mitigation | 45 | 7 | IESG | [RFC8782] |
46 | 5 | IESG | [RFC8782] | |
alt-server | 47 | 3 | IESG | [RFC8782] |
alt-server-record | 48 | 4 | IESG | [RFC8782] |
49 | 5 | IESG | [RFC8782] | |
probing-rate | 50 | 5 | IESG | [RFC8782] |
peer-hb-status | 51 | 7 | IESG | [RFC8782] |
Unassigned | 52-49151 | |||
Reserved for Private Use | 49152-65535 | [RFC8782] |
Code | Label | Description | Reference |
---|---|---|---|
Code | Label | Description | Reference |
---|---|---|---|
0 | Reserved | [RFC8782] | |
1 | request-inactive-&zwsp;other-active | DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently inactive until the conflicts are resolved. Another mitigation request is active. | [RFC8782] |
2 | request-active | DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently active. | [RFC8782] |
3 | all-requests-&zwsp;inactive | DOTS server has detected conflicting mitigation requests from different DOTS clients. All conflicting mitigation requests are inactive. | [RFC8782] |
4-2147483647 | Unassigned |
Code | Label | Description | Reference |
---|---|---|---|
0 | Reserved | [RFC8782] | |
1 | overlapping-targets | Overlapping targets. | [RFC8782] |
2 | conflict-with-&zwsp;acceptlist | Conflicts with an existing accept-list. This code is returned when the DDoS mitigation detects source addresses/prefixes in the accept-listed ACLs are attacking the target. | [RFC8782] |
3 | cuid-collision | CUID Collision. This code is returned when a DOTS client uses a 'cuid' that is already used by another DOTS client. | [RFC8782] |
4-2147483647 | Unassigned |
Code | Label | Description | Reference |
---|---|---|---|
0 | Reserved | [RFC8782] | |
1 | under-attack | The DOTS client determines that it is still under attack. | [RFC8782] |
2 | attack-successfully-&zwsp;mitigated | The DOTS client determines that the attack is successfully mitigated. | [RFC8782] |
3-2147483647 | Unassigned |
33309
42837