mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-05-26 16:16:09 +02:00
a10.py modification for PEP476, updated REDME.md
This commit is contained in:
parent
c9f4960c6b
commit
fdd37b3140
|
@ -4,6 +4,7 @@
|
|||
|
||||
1. A10 Thunder TPS with AXAPIv3. More information on AXAPIv3: https://www.a10networks.com/resources/glossary/axapi-custom-management.
|
||||
2. Network topology is Asymmetric Reactive with BGP as the routing Protocol. A10 Thunder TPS peers with the upstream router.
|
||||
3. TPS contains base config under /fastnetmon/src/a10_plugin/configs/tps_base_config_vX.txt for base glid, zone-template, and ddos protection rate-interval, etc.
|
||||
|
||||
##Overview:
|
||||
|
||||
|
@ -16,10 +17,18 @@
|
|||
|
||||
##Configuration Steps:
|
||||
|
||||
1. Configure the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.2.py.
|
||||
0. If this is a brand new TPS with no prior 'ddos dst zone' config, do a quick dummy zone config and remove it:
|
||||
```
|
||||
TH3030S-1(config)#ddos dst zone dummy
|
||||
TH3030S-1(config-ddos zone)#exit
|
||||
TH3030S-1(config)#no ddos dst zone dummy
|
||||
TH3030S-1(config)#end
|
||||
TH3030S-1#
|
||||
```
|
||||
1. Configure the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.3.py.
|
||||
2. Please note that we have various versions of ban actions depending on your topology, such as integration of aGalaxy.
|
||||
3. Alternatively place all files in a directory that is reachable by FastNetMon and indicate it as the executed script in /etc/fastnetmon.conf.
|
||||
4. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.2.py"
|
||||
4. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.3.py"
|
||||
|
||||
##Please modify the following in the fastnetmon_a10_v[xx].py script
|
||||
|
||||
|
@ -35,7 +44,7 @@ Example Usage:
|
|||
- Ban action:
|
||||
|
||||
```
|
||||
a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "ban"
|
||||
a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.3.py "10.10.10.10" "outgoing" "111111" "ban"
|
||||
|
||||
TH4435-1#show ddos dst zone all-entries
|
||||
Legend (Rate/Limit): 'U'nlimited, 'E'xceeded, '-' Not applicable
|
||||
|
@ -55,13 +64,17 @@ TH4435#sh ip bgp neighbors <upstream router IP> advertised-routes
|
|||
|
||||
- Unban action:
|
||||
|
||||
a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "unban"
|
||||
a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.3.py "10.10.10.10" "outgoing" "111111" "unban"
|
||||
|
||||
```
|
||||
TH4435-1#sh ip bgp neighbors <upstream router IP> advertised-routes
|
||||
TH4435-1#
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
1. In a10.py, SSL ssl._create_unverified_context() was used. Please see PEP476 for details.
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
#
|
||||
# v0.1
|
||||
# v0.2
|
||||
# ericc@a10networks.com
|
||||
#
|
||||
|
||||
import json, urllib2
|
||||
import json, urllib2, ssl
|
||||
|
||||
def axapi_auth(host, username, password):
|
||||
base_uri = 'https://'+host
|
||||
|
@ -15,26 +15,28 @@ def axapi_auth(host, username, password):
|
|||
|
||||
|
||||
def axapi_action(uri, payload='', signature='', method='POST'):
|
||||
# PEP476 2.7.9+ / 3.4.3+ cert check
|
||||
new_context = ssl._create_unverified_context()
|
||||
try:
|
||||
if method == 'POST':
|
||||
req = urllib2.Request(uri)
|
||||
req.add_header('content-type', 'application/json')
|
||||
if signature:
|
||||
req.add_header('Authorization', 'A10 {0}'.format(signature))
|
||||
response = urllib2.urlopen(req, json.dumps(payload))
|
||||
response = urllib2.urlopen(req, json.dumps(payload), context=new_context)
|
||||
elif method == 'GET':
|
||||
req = urllib2.Request(uri)
|
||||
req.add_header('content-type', 'application/json')
|
||||
if signature:
|
||||
req.add_header('Authorization', 'A10 {0}'.format(signature))
|
||||
response = urllib2.urlopen(req)
|
||||
response = urllib2.urlopen(req, context=new_context)
|
||||
elif method == 'DELETE':
|
||||
req = urllib2.Request(uri)
|
||||
req.add_header('content-type', 'application/json')
|
||||
req.get_method = lambda: 'DELETE'
|
||||
if signature:
|
||||
req.add_header('Authorization', 'A10 {0}'.format(signature))
|
||||
response = urllib2.urlopen(req)
|
||||
response = urllib2.urlopen(req, context=new_context)
|
||||
return response.read()
|
||||
except Exception as e:
|
||||
raise
|
||||
|
|
|
@ -34,7 +34,7 @@ logger.info(" - " . join(sys.argv))
|
|||
|
||||
|
||||
# A10 Mitigator Information
|
||||
mitigator_ip = "192.168.199.152"
|
||||
mitigator_ip = "192.168.199.150"
|
||||
zone_name = client_ip_as_string + "_zone"
|
||||
ip_addr = client_ip_as_string
|
||||
mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10")
|
||||
|
|
Loading…
Reference in New Issue