system anomaly log
system attack log
system ddos-attack log
!
hostname A10TPS-Fastnetmon
!
interface management
  ip address x.x.x.x x.x.x.x
  ip control-apps-use-mgmt-port
  ip default-gateway x.x.x.x
  enable
!
interface ethernet 1
  name Inbound
  enable
!
interface ethernet 2
  name Outbound
!
!
glid 1
  description "10gbps rate limiter"
  bit-rate-limit 10000000
!
glid 2
  description "1gbps rate limiter"
  bit-rate-limit 1000000
!
glid 3
  description "100mbps rate limiter"
  bit-rate-limit 100000
!
ddos protection enable
ddos protection rate-interval 1sec
!
ddos resource-tracking cpu enable
!
ddos zone-template logging cef-logger
  log-format-cef
  enable-action-logging
!
ddos zone-template tcp tcp-protect1
  syn-authentication send-rst
  syn-authentication pass-action authenticate-src
  syn-authentication fail-action drop
!
ddos zone-template udp udp-protect1
  spoof-detect timeout 5
  spoof-detect min-delay 2
  spoof-detect pass-action authenticate-src
  spoof-detect fail-action drop
  known-resp-src-port action drop
!
logging syslog information
!
logging host x.x.x.x use-mgmt-port
!
router bgp x
  bgp log-neighbor-changes
  bgp router-id x.x.x.x
  neighbor x.x.x.x remote-as x
  neighbor x.x.x.x description upstream
  neighbor x.x.x.x route-map ddos-advertise out
!
route-map ddos-advertise permit 1
!
sflow setting max-header 128
sflow setting packet-sampling-rate 1000
!
sflow collector ip x.x.x.x 6343 use-mgmt-port
!
sflow agent address x.x.x.x
!
sflow sampling ethernet 1
!
end
