4.11.1 irpdetectd.bgp.reaction #
Threat Mitigation BGP blackholing reaction that gets used by default when no custom rule is defined.
- Possible values:
0 (Drop), 1 (Redirect) - Default value:
0
4.11.2 irpdetectd.bgp.redirect.bgp_peers #
The list of BGP communities for BGP redirect default reaction.
The list of BGP router(s) that receive BGP redirect announcements.
The parameter is also used by the Bgpd component.- Possible values:
list of BGP routers
4.11.3 irpdetectd.bgp.redirect.communities #
The parameter is also used by the Bgpd component.- Possible values:
list of BGP communities
4.11.4 irpdetectd.blackhole.threshold.kpps #
Blackhole threshold kpps.
Default kilo packets per second limit that triggers a blackholing event.
A value of 0 disables the feature functionality.
The default rate can be overridden by a custom rule.
- Possible values:
0-1000000 - Default value:
0
4.11.5 irpdetectd.blackhole.threshold.mbps #
Blackhole threshold mbps.
Default megabits per second limit that triggers a blackholing event.
A value of 0 disables the feature functionality.
The default rate can be overridden by a custom rule.
- Possible values:
0-1000000 - Default value:
0
4.11.6 irpdetectd.flowspec.ipv4.redirect #
The default IPv4 address used by Threat Mitigation FlowSpec redirect reaction.
The parameter is also used by the Bgpd component.- Possible values:
IPv4 address
4.11.7 irpdetectd.flowspec.ipv6.redirect #
The default IPv6 address used by Threat Mitigation FlowSpec redirect reaction.
The parameter is also used by the Bgpd component.- Possible values:
IPv6 address
4.11.8 irpdetectd.flowspec.reaction #
Threat Mitigation FlowSpec reaction that gets used by default when no custom rule is defined.
- Possible values:
0 (Drop), 1 (Redirect) - Default value:
0
4.11.9 irpdetectd.flowspec.threshold.kpps #
Flowspec threshold kpps.
Default kilo packets per second limit that triggers a Flowspec event.
A value of 0 disables the feature functionality.
The default rate can be overridden by a custom rule.
- Possible values:
0-1000000 - Default value:
0
4.11.10 irpdetectd.flowspec.threshold.mbps #
Flowspec threshold mbps.
Default megabits per second limit that triggers a Flowspec event.
A value of 0 disables the feature functionality.
The default rate can be overridden by a custom rule.
- Possible values:
0-1000000 - Default value:
0
4.11.11 irpdetectd.ipv4.prefix_size #
The default size of an IPv4 prefix which gets blocked by the BGP/FlowSpec threat mitigation action.
- Possible values:
16-32 - Default value:
32
4.11.12 irpdetectd.ipv6.prefix_size #
The default size of an IPv6 prefix which gets blocked by the BGP/FlowSpec threat mitigation action.
- Possible values:
32-128 - Default value:
128
4.11.13 irpdetectd.mode #
DDoS Mode.
Threat Mitigation modes:
Automatic – threat mitigation actions are performed automatically when an attack gets detected;
Moderated – users need to confirm the threat mitigation action manually;
Disabled – turns off Threat Mitigation altogether.
- Possible values:
0 - Disabled; 1 - Manual; 2 - Moderated; 3 - Automated - Default value:
1
4.11.14 irpdetectd.protected_addresses #
Protected addresses.
- Possible values:
0 - Protect analyzed prefixes; 1 - Protect all prefixes - Default value:
0
4.11.15 irpdetectd.time.keep #
Time keep.
The amount of time (minutes) to keep an approved/automatic flowspec/blackholing event active.
- Possible values:
5-4320 - Default value:
1800
4.11.16 irpdetectd.time.monitor #
Time monitor.
Amount of time (minutes) between the DDoS attack detection and the automatic activation of the defense mechanism.
- Possible values:
2-60 - Default value:
3
4.11.17 irpdetectd.whitelist #
Whitelist.
Prefixes that should not be considered for blocking by the DDoS detection mechanism.
- Possible values:
IPv4 or IPv6 prefixes
