SP API Guide

Version 7.6
Legal Notice
The information contained within this document is subject to change without notice. Arbor Networks, Inc.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose. Arbor Networks, Inc. shall not be liable for
errors contained herein or for any direct or indirect, incidental, special, or consequential damages in
connection with the furnishings, performance, or use of this material.
Copyright © 1999-2015 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks
logo, ArbOS and ATLAS are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks
of their respective owners.
Document Number: PSP-API-76-2015/10
19 October, 2015
Contents

Preface
How to Use Peakflow Documentation 8
Conventions Used in this Guide 9
Contacting the Arbor Technical Assistance Center 11

Part I: Introduction to Peakflow APIs

Chapter 1: Introduction to Peakflow APIs 15
About the SOAP APIs and Arbor Web Services API 16
How Classic SOAP API Calls Map to Current SOAP API Calls 17

Part II: Arbor Web Services API

Chapter 2: Using the Arbor Web Services API 21
Introduction to the Arbor Web Services API 22
Alerts 23
Traffic 25
Mitigations 27
Managed Object 29
Routers 31
Devices 33
Peakflow SP CP 5500 Appliance 36
Peakflow TMS Appliance 39
Peakflow TMS Ports 42
Portal 44
Reports 46

Part III: Current SOAP API

Chapter 3: Introduction to the Current SOAP API 53
Using the Current SOAP API in Peakflow SP 54

Chapter 4: Alert Functions in the Current SOAP API 57

getDosAlertSummaries 58
getDosAlertSummariesXML 63
getDosAlertDetailsXML 64
getDosAlertGraph 65
getDosAlertDetails 66

Chapter 5: Mitigation Functions in the Current SOAP API 79

applyMitigationTemplateById 80

Peakflow SP API Guide, Version 7.6 3

Peakflow SP API Guide, Version 7.6

applyMitigationTemplateByName 81
getMitigationSummaries 82
getMitigationSummariesXML 84
getMitigationStatisticsByIdXML 85
getMitigationStatisticsByNameXML 86
addTmsFilterList 87
editTmsFilterList 89
deleteTmsFilterList 90

Chapter 6: Configuration Management Functions in the Current SOAP API 91

About the Configuration Management Functions 92
cliRun 94
accountAdd 95
accountDelete 97
accountChangePassword 98
accountChangeGroup 99

Chapter 7: Report Functions in the Current SOAP API 101

queueReportToRun 102
getReportList 103
getReportListXML 105
getReportResultsList 106
getReportResultsListXML 108
getLastReportResultAsCSV 109
getLastReportResultAsXML 110
getLastReportResultAsPDF 111
getReportResultAsCSV 112
getReportResultAsXML 113
getReportResultAsPDF 114
runXmlQuery 115
getTrafficGraph 117

Part IV: Classic SOAP API

Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package 121
Using the SOAP API in Peakflow SP 122
Getting Started 124
Installing the Peakflow SP SOAP Python Client 125
Viewing Classic SOAP API Examples in PHP 126

Chapter 9: Using Java/Axis with the Classic SOAP API 127

Prerequisites for Using Java/Axis with the SP SOAP Interface 128
Configuring Certificates 130
Generating the Client Proxy Code 132
Using the Client Proxy Code 133
Using the Utility Package 135
Working with the Sample Code for Java/Axis 136
Building and Running the Sample Projects 138
Fault Handling 147
Capturing the XML Request and Response 148

Chapter 10: Alert Functions in the Classic SOAP API 149

getAlertSummaries 150
getAlertInterfaces 155
getAlertInterfaceDetails 158

4 Proprietary and Confidential Information of Arbor Networks Inc.

 getAlertInterfacesXML 163
getAlertRouterInterfacesXML 165
getAlertGraph 167
getAlertGraphData 168
getAlertStatisticsRaw and sqlQuery 170

Chapter 11: Configuration Management Functions in the Classic SOAP API 171
About the Configuration Management Functions 172
cliRun 174
accountAdd 175
accountDelete 178
accountChangePassword 180
accountChangeGroup 181

Chapter 12: Traffic Report Functions in the Classic SOAP API 183
getTrafficData 184
getTrafficGraph 187

Glossary 191

Index 201

Software License Agreement 205

Proprietary and Confidential Information of Arbor Networks Inc. 5

Peakflow SP API Guide, Version 7.6

6 Proprietary and Confidential Information of Arbor Networks Inc.

Preface

Introduction
This guide provides instructions for the API configurations for your Peakflow deployment and is
intended for network administrators who are responsible for the day-to-day availability of their
company's network infrastructure. Users should have a strong understanding of networking and
the network environment, including topology and traffic.
This guide supports the 7.6 release for all Peakflow appliances.

Peakflow SP API Guide, Version 7.6 7

Peakflow SP API Guide, Version 7.6

How to Use Peakflow Documentation

Using this guide

This guide provides instructions for the API configurations for your Peakflow deployment.

Additional Peakflow documentation

See the following documentation for more information about Peakflow appliances and this
version of the Peakflow software:

Additional documentation

Available Documentation Contents

Peakflow SP and Peakflow TMS Instructions and requirements for the initial installation
Quick Start Cards and configuration of Peakflow SP and Peakflow TMS
appliances.

Peakflow SP and Threat Instructions and information that explain how to

Management System (TMS) User configure and use Peakflow appliances and software
Guide using the Peakflow SP Web user interface (UI).

Peakflow SP and Peakflow Instructions and information about configuring

Threat Management System advanced settings in Peakflow SP and Peakflow TMS,
(TMS) Advanced Configuration including those that can only be configured using the
Guide command line interface (CLI).

Peakflow Help Online help topics from the User Guide and Advanced
Configuration Guide. The Help is context-sensitive to
the Peakflow SP Web UI page from which it is
accessed.

Peakflow SP Managed Services Instructions and information for the managed services
Customer Guide customers who use the Peakflow SP 7.6 Web user
interface.

(information) Information about a report or a particular feature of the

Peakflow SP Web user interface (UI). This information
appears when you hover the mouse pointer over the
icon.

8 Proprietary and Confidential Information of Arbor Networks Inc.

 Preface

Conventions Used in this Guide

Introduction
This guide uses typographic conventions to make the information in procedures, commands,
and expressions easier to recognize.

Conventions for procedures

The following conventions represent the elements that you select, press, and type as you follow
procedures.

Typographic conventions for procedures

Convention Description Examples

Italics A label that identifies an area On the Summary page, view the
on the graphical user interface. Active Alerts section.

Bold An element on the graphical Type the computer’s address in the

user interface that you click or IP Address box.
interact with. Select the Print check box, and
then click OK.

SMALL CAPS A key on the keyboard. Press ENTER.

To interrupt long outputs, press CTRL
+ C.
Monospaced A file name, folder name, or Navigate to the
path name. C:\Users\Default\Favorites
Also represents computer folder.
output. Expand the Addresses folder, and
then open the readme.txt file.
Monospaced Information that you must type Type https:// followed by the IP
bold exactly as shown. address.
Monospaced A file name, folder name, path Type the server's IP address or
italics name, or other information that hostname.
you must supply.

> A navigation path or sequence In the Web UI, select Settings >
of commands. Company.
Navigate to the Account page
(Settings > Account).
In the Web UI, select Mitigation >
Threat Management.
Navigate to the Alerts Ongoing page
(Alerts > Ongoing).

Proprietary and Confidential Information of Arbor Networks Inc. 9

Peakflow SP API Guide, Version 7.6

Conventions for commands and expressions

The following conventions show the syntax of commands and expressions. Do not type the
brackets, braces, or vertical bar in commands or expressions.

Typographic conventions for commands and expressions

Convention Description
Monospaced bold Information that you must type exactly as shown.
Monospaced A variable for which you must supply a value.
italics

{ } (braces) A set of choices for options or variables, one of which is required. For
example: {option1 | option2}.

[ ] (square brackets) A set of choices for options or variables, any of which is optional. For
example: [variable1 | variable2].

| (vertical bar) Separates the mutually exclusive options or variables.

10 Proprietary and Confidential Information of Arbor Networks Inc.

 Preface

Contacting the Arbor Technical Assistance Center

Introduction
The Arbor Technical Assistance Center is your primary point of contact with Arbor Networks®
for all service and technical assistance issues.

Contact methods
You can use the following methods to contact the Arbor Technical Assistance Center:

How to contact the Arbor Technical Assistance Center

Method Contact details

telephone US toll free +1 877 272 6721
Worldwide +1 781 362 4301

Web https://support.arbor.net/

Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor Technical
Assistance Center. Please include the following information:
n Title of the guide
n Document number (listed on the reverse side of the title page)
n Page number

Example
PSP-API-76-2015/10
Peakflow SP API Guide
Page 9

Proprietary and Confidential Information of Arbor Networks Inc. 11

Peakflow SP API Guide, Version 7.6

12 Proprietary and Confidential Information of Arbor Networks Inc.

Part I:
Introduction to Peakflow
APIs
Peakflow SP API Guide, Version 7.6

14 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 1:
Introduction to Peakflow APIs

Introduction
Peakflow provides SOAP APIs and a Web Services API. These APIs allow you to have
programmatic access to the data on Peakflow appliances.

In this section
This section contains the following topics:
About the SOAP APIs and Arbor Web Services API 16
How Classic SOAP API Calls Map to Current SOAP API Calls 17

Peakflow SP API Guide, Version 7.6 15

Peakflow SP API Guide, Version 7.6

About the SOAP APIs and Arbor Web Services API

Introduction
The Arbor SDK package contains the files for the Arbor Web Services API, the current SOAP
API, and Arbor’s classic SOAP API (released prior to Peakflow SP version 5.5). All APIs do not
provide the same capabilities. This topic briefly describes the advantages of using each API.

Downloading the SDK

You can download the complete Arbor SDK package for the SOAP and Web Services APIs by
navigating to Administration > Download Arbor API SDK in the Peakflow SP Web UI.

Advantages of the Arbor Web Services API

The Arbor Web Services API is easier to use and faster to get started with than the SOAP API.
For this reason, it is the recommended API for users who have not used a Peakflow SP API
before. The Web Services API provides access to almost all of the same functionality as the
SOAP API, but the Web Services API is simpler to use. You can access the Web Services API
using your regular Web browser or a command-line tool, such as cURL.

Advantages of the current SOAP API

The current SOAP API is an updated version of the classic SOAP API that was part of versions
of Peakflow SP prior to 5.5. The current SOAP API includes the same functionality as the
classic SOAP API; however, some of the function names have changed or have new
parameters to support expanded functionality. The current SOAP API also provides significant
new API functionality, such as the following:
n enhanced search capabilities for DoS alerts
n the ability to access mitigation information
n the ability to run wizard reports and obtain report results

Arbor recommends that all classic SOAP users migrate to the current SOAP API to take
advantage of its broader functionality. For more information about migrating to the current
SOAP API, see “How Classic SOAP API Calls Map to Current SOAP API Calls” on the facing
page.

Advantages of the classic SOAP API

The classic SOAP API is still available for existing SOAP users who want to have the
previously available SOAP functionality without updating their SOAP clients to use the current
SOAP API.
Important: The classic SOAP API has been deprecated and support is limited to bugs that
break the service completely. The classic SOAP API is maintained only as a courtesy to
customers until they can migrate to the current SOAP API or to the Arbor Web Services API.
Individual functions in the classic SOAP API may not work in releases after Peakflow SP 7.0.

16 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 1: Introduction to Peakflow APIs

How Classic SOAP API Calls Map to Current SOAP API Calls

Introduction
This topic describes how classic SOAP API calls map to current SOAP API calls. This can help
you transition to using the current SOAP API.

SOAP call changes

The following table shows how classic SOAP API calls map to current SOAP API calls:

Classic SOAP API mapping to current SOAP API

Classic SOAP Call Current SOAP Call Notes

getAlertSummaries getDosAlertSummaries Characterization is available
using getDosAlertDetails-
XML.

getAlertGraph getDosAlertGraph

getAlertGraphData getDosAlertDetails
getDosAlertDetailsXML (the
impact_bps and impact_pps
values)

getAlertInterfaces getDosAlertDetails

getAlertInterfaceDetails getDosAlertDetails

getAlertInterfacesXML getDosAlertDetailsXML

getAlertRouterInterfacesXML getDosAlertDetailsXML

getReport getReportList Only available for Wizard

getReportListXML reports.
getReportResult
getReportResultsList
getReportResultsListXML
getLastReportResultAsCSV
getLastReportResultAsXML
getLastReportResultAsPDF
getReportResultAsCSV
getReportResultAsXML
getReportResultAsPDF

accountAdd accountAdd Arguments are different.

accountDelete accountDelete

accountChangeGroup accountChangeGroup Arguments are different.

accountChangePassword accountChangePassword Arguments are different.

sqlQuery deprecated

Proprietary and Confidential Information of Arbor Networks Inc. 17

Peakflow SP API Guide, Version 7.6

Classic SOAP API mapping to current SOAP API (Continued)

Classic SOAP Call Current SOAP Call Notes

getTrafficData runXmlQuery

getTrafficGraph getTrafficGraph

cliRun cliRun

18 Proprietary and Confidential Information of Arbor Networks Inc.

Part II:
Arbor Web Services API
Peakflow SP API Guide, Version 7.6

20 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 2:
Using the Arbor Web Services API

Introduction
This chapter includes an overview of the Arbor Web Services API and describes its functions.

In this section
This section contains the following topics:
Introduction to the Arbor Web Services API 22
Alerts 23
Traffic 25
Mitigations 27
Managed Object 29
Routers 31
Devices 33
Peakflow SP CP 5500 Appliance 36
Peakflow TMS Appliance 39
Peakflow TMS Ports 42
Portal 44
Reports 46

Peakflow SP API Guide, Version 7.6 21

Peakflow SP API Guide, Version 7.6

Introduction to the Arbor Web Services API

Introduction
The Arbor Web Services API allows you to easily access the data on a Peakflow SP leader
appliance or a non-leader appliance that has the user interface role by using your Web
browser or cURL. Data is returned in either JSON or XML format.

Advantages of the Arbor Web Services API

The Arbor Web Services API is easier to use and faster to get started with than the SOAP API.
For this reason, it is the recommended API for users who have not used a Peakflow SP API
before. The Web Services API provides access to almost all of the same functionality as the
SOAP API, but the Web Services API is simpler to use. You can access the Web Services API
using your regular Web browser or a command-line tool, such as cURL.

Downloading the Arbor SDK

The arborws folder in the Arbor SDK contains useful examples and a README file that you
can use to help you get started with the Arbor Web Services API. You can download the Arbor
SDK in the Peakflow SP Web UI (Administration > Download Arbor API SDK).

References
For more information about how to use the Arbor Web Services API, see the following:

Additional references

Reference Description
https://addons.mozilla.org/en- A JSON plug-in that you can use to assist you
US/firefox/addon/10869 with debugging.

http://www.json.org/ The authoritative source for information about

JSON.

http://en.wikipedia.org/wiki/JSON A broad overview of JSON, including a section

about how it differs from XML.

http://jsonformatter.curiousconcept.com A formatter that makes JSON output more

readable.

http://curl.haxx.se/docs/httpscripting.html A tutorial about using cURL.

Before you begin

Before you can use the Web Services API, you must generate API keys that enable users to
access Peakflow SP data using the API. You can configure API keys in the Peakflow SP Web
UI (Administration > Arbor API Web Services).
See “Enabling Customers to View Peakflow SP Data in the Web Services API” in the
Peakflow SP and Threat Management System (TMS) User Guide for more information.

22 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Alerts

URL
/arborws/alerts

About this function

The alerts function allows you to search for and retrieve XML alert information. It accepts the
following parameters:

alerts parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

limit (Optional) The maximum number of alerts to return that match the filter.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on the
Alerts pages in the Web UI.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

cURL example
The following is a cURL example of querying for the top three host alerts in Peakflow SP:
curl -k https://mariner/arborws/alerts -d api_key=1234abc -d
filter=host -d limit=3

HTTPS example
The following is an HTTPS example of querying for all alerts in Peakflow SP:
https://mariner/arborws/alerts?api_key=1234abc&format=xml

Example output
The following is an example of the output returned by the alerts function:
<?xml version="1.0" encoding="utf-8"?>
<alert-list>
<alert_count>100</alert_count>
<page_size>10</page_size>
<page>1</page>
<alert id="81966" type="9" class="2">

Proprietary and Confidential Information of Arbor Networks Inc. 23

Peakflow SP API Guide, Version 7.6

<device gid="133" name="shete"/>

<importance level="1"/>
<resource>
<name>Some Community College</name>
<blob gid="596" lid="0"/>
</resource>
<ticket></ticket>
<classification>Possible Attack</classification>
<duration ongoing="f" start="1270574782" stop="1270575291”
length="509"/>
<fcap_filter_base64></fcap_filter_base64>
<protos>0</protos>
<rate_unit>bps</rate_unit>
<direction>Incoming</direction>
<class class="1" subclass="3"/>
<impact bps="1737735" pps="152"/>
<impact_bps>1737735 </impact_bps>
<impact_pps>152 </impact_pps>
<impact_recorded>1270574842 </impact_recorded>
</alert>

24 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Traffic

URL
/arborws/traffic

About this function

The traffic function allows you to search for and retrieve XML traffic data. It accepts the
following parameters:

traffic parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

query An XML query in standard Peakflow SP XML query format. This parameter is
only the XML query, not an entire XML report. Data is returned in the XML
result format, as specified in the Peakflow SP and Threat Management
System (TMS) User Guide.
For current XML report specifications, see “Using Customized Reports” in
the Peakflow SP and Threat Management System (TMS) User Guide.

graph (Optional) When specified, this parameter indicates that you want Peakflow
SP to return a binary PNG graph file of the queried traffic data. If you do not
specify a graph argument, then Peakflow SP returns XML.

cURL example
The following are cURL examples of querying for traffic data, excluding and then including the
graph parameter:
curl -k https://mariner/arborws/traffic -d api_key=1234abc --data-
urlencode query@query.xml

curl -k https://mariner/arborws/traffic -d api_key=1234abc --data-

urlencode query@query.xml --data-urlencode graph@graph.xml

Query example input

The following is an example of the query parameter input:
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="2.0">
   <query type="traffic">
       <time start_ascii="24 hours ago" end_ascii="now"/>
       <unit type="bps"/>
       <search limit="100" timeout="30"/>
       <class type="in"/>

Proprietary and Confidential Information of Arbor Networks Inc. 25

Peakflow SP API Guide, Version 7.6

       <class type="out"/>
       <filter type="customer">
           <instance name="CustomerName"/>
       </filter>
       <filter type="application" binby="1"/>
   </query>
</peakflow>

Graph example input

The following is an example of the graph parameter input:
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<peakflow version=\"2.0\">
<graph id=\"graph1\">
   <title>Google Daily Traffic</title>
   <ylabel>bps</ylabel>
   <width>800</width>
   <height>300</height>
   <legend>1</legend>
</graph>
</peakflow>

26 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Mitigations

URL
/arborws/mitigations/status

About this function

The mitigations function allows you to search for and retrieve XML mitigation information. It
accepts the following parameters:

mitigations parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on the
Mitigations pages in the Web UI.

limit (Optional) The maximum number of mitigations to return that match the filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

cURL example
The following is a cURL example of querying for the top three mitigations in Peakflow SP:
curl -k https://mariner/arborws/mitigations/status -d api_key=1234abc -d
limit=3

HTTPS example
The following is an HTTPS example of querying for mitigation data in Peakflow SP:
https://mariner/arborws/mitigations/status?api_key=1234abc&filter=auto-
mitigation

Example output
The following is an example of the output returned by the mitigations function:
<?xml version="1.0" encoding="utf-8"?>
<mitigation-list>
<mitigation type="2" type_name="tms_mitigation" config_id="28"
prefix=""

Proprietary and Confidential Information of Arbor Networks Inc. 27

Peakflow SP API Guide, Version 7.6

blob_gid="134" alert_id="96516" user="auto-mitigation" is_

automitigation="t">
<name>Alert 96516 Auto-Mitigation</name>
<description>Auto-Mitigation</description>
<annotation-list>
<annotation>
<added>1272896275</added>
<author>auto-annotation</author>
<section-list>
<section>Bandwidth attack #96516 Incoming to State of
Michigan</section>
</section-list>
</annotation>
<annotation>
<added>1272893400</added>
<author>auto-annotation</author>
<section-list>
<section>Bandwidth attack #96516 Incoming to Michigan is now
"High"</section>
</section-list>
</annotation>
</annotation-list>
<duration ongoing="f" start="1272893400" stop="1272896275"
length="2875"/>
</mitigation>
</mitigation-list>

28 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Managed Object

URL
/arborws/admin/managed_object

About this function

The managed object function allows you to view managed object configuration data in JSON
format. It accepts the following parameters:

managed_object parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI. When you
configure the API key, you must associate it with an account group.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on the
Managed Objects page in the Web UI.

limit (Optional) The maximum number of managed objects to display. The default
is 100.

cURL example
The following is a cURL example of querying for managed objects in Peakflow SP that contain
the word “dorms” in their configurations:
curl -ks https://mariner/arborws/admin/managed_object -d api_
key=1234abc -d filter=”dorms”

HTTPS example
The following is an HTTPS example of querying for the data of no more than 225 managed
objects in Peakflow SP:
https://mariner/arborws/admin/managed_object?api_key=1234abc&limit=225

Example output
The following is an example of the output returned by the managed object function:
{
  "current_page":"1",
  "total_pages":"3",
  "data":[
{
        "gid":"680",
        "id":"680",

Proprietary and Confidential Information of Arbor Networks Inc. 29

Peakflow SP API Guide, Version 7.6

        "name":"MyCustomer",
        "description":"My+Description",
        "tags":"profile,application,fingerprint",
        "family":"profile",
        "match_type":"cidr_block",
        "match":"192.168.0.0/16"
     },
{
        "gid":"711",
        "name":"An Important College",
        "description":"Do not change the detection threshold for this.",
        "tags":"customer",
        "family":"customer",
        "match_type":"cidr_blocks",
        "match":"198.108.80.0\/21"
     }
  ],
  "continued_blob_current":[

  ],
  "continued_blob_next":[

  ]
}

30 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Routers

URL
/arborws/admin/routers

About this function

The routers function allows you to view router configuration information in JSON format. It
accepts the following parameters:

routers parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see “About the
show_schema action” below.
n update
Use the show_schema action to view which JSON parameters you must
use to update a router. You must specify the router GID when you update
a router.

filter (Optional) Keywords by which you want to filter search results. You can
enter the same search strings that you can enter in the Search box on the
Configure Routers page in the Web UI.

About the show_schema action

The show_schema action returns the JSON formatted router configuration options that you
can use to update a router configuration.
The following is an HTTPS example of using the show_schema action:
https://mariner/arborws/admin/routers?api_key=1234abc&action=show_
schema

Update example input

The follow is an example of JSON-formatted input for updating a router:
{"gid":"1333",
"flow_sample_rate":"1000",
"flow_export_ip":"192.168.27.5",
"bgp_ip":"192.168.15.2",
"bgp_as":"1234",
"local_as":"5678

Proprietary and Confidential Information of Arbor Networks Inc. 31

Peakflow SP API Guide, Version 7.6

cURL example
The following is a cURL example of updating a router in Peakflow SP:
curl -k -v https://mariner/arborws/admin/routers -d api_key=1234abc -d
action=update --data-urlencode json@router_update.json

In this example, including “-v” returns an HTTP code. An HTTP code of 200 indicates that the
update was successful. An HTTP code of 400 indicates that there was an error parsing the
JSON.

HTTPS example
The following is an HTTPS example of querying for router data in Peakflow SP:
https://mariner/arborws/admin/routers?api_key=1234abc&action=list

Example output
The following is an example of the output returned by the routers list action:
{"gid":"999",
"name":"xyz123",
"bgp_ip":"",
"bgp_local_ip":"",
"bgp_as":"",
"snmp_ip":"198.108.90.21",
"snmp_community":"public",
"snmp_version":"2",
"snmp_security_level":"noAuthNoPriv",
"snmp_authprotocol":"md5",
"snmp_authusername":"",
"snmp_authpassword":"",
"snmp_privkey":"",
"snmp_contextname":"",
"snmp_nov1hccounters":"",
"snmp_nogetbulk":"",
"flow_ignored":"off",
"flow_ignored_ipv6":"off",
"flow_export_ip":"198.108.90.21",
"flow_sample_rate":"1000",
"flow_use_embedded_sampling_rate":"",
"flow_tcp_flags_missing":"",
"local_as":"",
"default_bgp_router":"
...
}

32 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Devices

URL
/arborws/admin/devices

About this function

The devices function allows you to view and update device configurations in JSON format.
This function accepts the following parameters:

devices parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see “About the
show_schema action” on page 31.
n update
Use the show_schema action to view which JSON parameters you must
use to update a device. Updates are performed on the device specified in
the gid field.

filter (Optional) Keywords by which you want to filter search results. You can
search devices by the following:
n name
n description
n tags

About the show_schema action

The show_schema action returns the JSON formatted device configuration options that you
can use to update the device’s configuration.
The following is an HTTPS example of using the show_schema action:
https://mariner/arborws/admin/devices?api_key=1234abc&action=show_
schema

cURL example
The following is a cURL example of updating a device in Peakflow SP:
curl -k -v https://mariner/arborws/admin/devices -d api_key=1234abc -d
action=update --data-urlencode json@devices_update.json

Proprietary and Confidential Information of Arbor Networks Inc. 33

Peakflow SP API Guide, Version 7.6

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

HTTPS example
The following is an HTTPS example of querying for device data in Peakflow SP:
https://mariner/arborws/admin/devices?api_key=1234abc&action=list

Example output
The following is an example of the output returned by the devices function:
[
{

"gid": "115",
"ip": "10.8.2.94",
"name": "spdocvm",
"interfaces": "eth0",
"descr": "",
"tags": "",
"type": "cp",
"model_number": "5500",
"full_model": "",
"license_key": "",
"expiration": "",
"license_mode": "flexible",
"full_model_display": "",
"manager": "",
"flow_ignored": "on",
"forensics": "on",
"arf_enabled": "on",
"scrubber_interface": "",
"scrubber_gids": "",
"portal_hostname": "",
"snmp_community": "",
"snmp_v12_support": "",
"snmp_v3_support": "",
"snmp_security_level": "",
"snmp_authprotocol": "",
"snmp_authusername": "",
"snmp_authpassword": "",
"snmp_privkey": "",
"snmp_contact": "",
"snmp_location": "",
"gre_source": "",
"gre_interval": "",
"gre_retries": "",
"gre_keepalives": "",
"gre_source_v6": "",
"gre_interval_v6": "",
"gre_retries_v6": "",
"gre_keepalives_v6": "",

34 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

"peer_from": "mitigation",
"offramp_nexthop": "",
"offramp_nexthop_v6": "",
"stacking": "",
"stacking_level": "",
"nblades": "",
"blacklist_offloading": "",
"blacklist_offloading_src_dst": "",
"physical_ports": "",
"logical_ports": "",
"subinterfaces": "",
"dns_sensitivity": "",
"dns_ignore": "",
"flow_export_port": "",
"flow_export_sample_rate": "",
"flow_export_bgp_default": "",
"dpi_deployment_type": "",
"dpi_capabilities": "",
"dpi_reach_src_via_tx_intf": "",
"dpi_l3_forwarding": "",
"dpi_hardware_bypass": "",
"dpi_flow_id_ignore_rx_tags": "",
"dpi_flow_id_ignore_rx_port": "",
"dpi_fail_open": "",
"dpi_routers": "",
"incoming_bw_limit": "0",
"max_mitigations": "",
"offramp_method": "",
"flowspec_route_target": "",
"tms_cluster": "",
"in_tms_cluster": "0",
"rear_10g_only": "",
"fate_sharing_interface": "",
"fate_sharing_nexthop": "",
"fate_sharing_bgppeer": "",
"fate_sharing_gretunnel": "",
"interface_properties": "00",
"routers":
"ar1.chi|ar1.lax|ar1.nyc|br1.chi|br1.lax|br1.nyc|cr1.chi|cr1.lax|cr1.ny
c|mpls1.chi|vr1.lax|vr1.nyc"
}
]

Proprietary and Confidential Information of Arbor Networks Inc. 35

Peakflow SP API Guide, Version 7.6

Peakflow SP CP 5500 Appliance

URL
/arborws/admin/cp5500

About this function

The cp5500 function allows you to view CP 5500 appliance configurations in JSON format.
Note: This function is only available with appliance-based licensing for Traffic and Analysis
Routing appliances (formerly Collector Platform (CP) appliances).
This function accepts the following parameters:

cp5500 parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see “About the
show_schema action” on page 31.
n update
Use the show_schema action to view which JSON parameters you must
use to update an appliance.

filter (Optional) Keywords by which you want to filter search results. You can
search appliances by the following:
n name
n description
n tags

About the show_schema action

The show_schema action returns the JSON formatted appliance configuration options that you
can use to update the appliance’s configuration.
The following is an HTTPS example of using the show_schema action:
https://mariner/arborws/admin/cp5500?api_key=1234abc&action=show_schema

cURL example
The following is a cURL example of updating a CP 5500 appliance in Peakflow SP:
curl -k -v https://mariner/arborws/admin/cp5500 -d api_key=1234abc -d
action=update --data-urlencode json@cp5500_update.json

36 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

HTTPS example
The following is an HTTPS example of querying for CP 5500 appliance data in Peakflow SP:
https://mariner/arborws/admin/cp5500?api_key=1234abc&action=list

Example output
The following is an example of the output returned by the CP 5500 show_schema function:
gid is_u_int16
name is_collector_name
ip is_ip_addr
interfaces is_local_interface
descr is_notnull
tags is_valid_tag_name_list
type is_device_type
model_number is_valid_model_number
full_model is_notnull
license_key is_notnull
expiration is_notnull
full_model_display is_notnull
manager is_collector_gid
flow_ignored is_on_off
forensics is_on_off
arf_enabled is_on_off
scrubber_interface is_notnull
scrubber_gids is_notnull
portal_hostname is_notnull
snmp_community is_notnull
snmp_v12_supportis_enabled_or_disabled
snmp_v3_support is_enabled_or_disabled
snmp_security_level is_snmp_security_level
snmp_authprotocol is_snmp_authpassword
snmp_authusername is_snmp_username
snmp_authpassword is_snmp_authpassword
snmp_privkey is_snmp_authpassword
snmp_contact is_notnull
snmp_location is_notnull
gre_source is_ip_addr
gre_interval is_u_int
gre_retries is_u_int
gre_keepalives is_enabled_or_disabled
peer_from is_notnull
offramp_nexthop is_ip_addr
stackingis_enabled_or_disabled
stacking_level is_valid_stacking_level
nblades is_valid_nblades
physical_ports is_list_of_physical_port_gids
logical_ports is_valid_logical_port_name
subinterfaces is_list_of_subinterface_gids

Proprietary and Confidential Information of Arbor Networks Inc. 37

Peakflow SP API Guide, Version 7.6

dns_sensitivity is_dns_sensitivity_threshold
dns_ignore is_dns_ignore_threshold
flow_export_portis_port
flow_export_sample_rate is_sample_rate
flow_export_bgp_default is_bgp_router
dpi_deployment_type is_tms_deployment_type
dpi_capabilitiesis_tms_capabilities
dpi_l3_forwarding is_enabled_or_disabled
dpi_hardware_bypass is_enabled_or_disabled
dpi_flow_id_ignore_rx_tags is_enabled_or_disabled
dpi_flow_id_ignore_rx_port is_enabled_or_disabled
dpi_fail_open is_enabled_or_disabled
dpi_routers is_assoc_mitigation_router
incoming_bw_limit is_notnull
max_mitigations is_notnull
rear_10g_only is_enabled_or_disabled
fate_sharing_interface is_enabled_or_disabled
fate_sharing_nexthop is_enabled_or_disabled
fate_sharing_bgppeer is_enabled_or_disabled
fate_sharing_gretunnel is_enabled_or_disabled
routers is_assoc_collector_router
max_fps is_pos_int

38 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Peakflow TMS Appliance

URL
/arborws/admin/tms

About this function

The TMS function allows you to view and update TMS appliance configurations in JSON
format. It accepts the following parameters:

tms parameters

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

action One of the following actions that you want to initiate:

n list
n show_schema
For more information about the show_schema parameter, see “About the
show_schema action” on page 31.
n update
Use the show_schema action to view which JSON parameters you must
use to update an appliance.

filter (Optional) Keywords by which you want to filter search results. You can
search appliances by the following:
n name
n description
n tags

About the show_schema action

The show_schema action returns the JSON formatted appliance configuration options that you
can use to update an appliance’s configuration.
The following is an HTTPS example of using the show_schema action:
https://mariner/arborws/admin/tms?api_key=1234abc&action=show_schema

cURL example
The following is a cURL example of updating a TMS appliance in Peakflow SP:
curl -k -v https://mariner/arborws/admin/tms -d api_key=1234abc -d
action=update --data-urlencode json@tms_update.json

Including “-v” returns an HTTP code. An HTTP code of 200 indicates that the update was
successful. An HTTP code of 400 indicates that there was an error parsing the JSON.

Proprietary and Confidential Information of Arbor Networks Inc. 39

Peakflow SP API Guide, Version 7.6

HTTPS example
The following is an HTTPS example of querying for TMS appliance data in Peakflow SP:
https://mariner/arborws/admin/tms?api_
key=1234abc&action=list&filter=tms_Chicago

Example output
The following is an example of the output returned by the TMS function:
[
{
"gid": "1166",
"ip": "10.8.10.49",
"name": "tms_Chicago",
"interfaces": "eth0",
"descr": "Arbor Peakflow collector 8 ",
"tags": "",
"type": "cp",
"model_number": "5500",
"full_model": "CP-5500-10",
"license_key": "*****-*****-*****-*****-*****-*****-*****-*****-
*****",
"expiration": "",
"full_model_display": "CP-5500-10",
"manager": "",
"flow_ignored": "off",
"forensics": "on",
"arf_enabled": "on",
"scrubber_interface": "",
"scrubber_gids": "",
"portal_hostname": "",
"snmp_community": "",
"snmp_v12_support": "",
"snmp_v3_support": "",
"snmp_security_level": "",
"snmp_authprotocol": "",
"snmp_authusername": "",
"snmp_authpassword": "",
"snmp_privkey": "",
"snmp_contact": "",
"snmp_location": "",
"gre_source": "",
"gre_interval": "",
"gre_retries": "",
"gre_keepalives": "",
"peer_from": "mitigation",
"offramp_nexthop": "",
"stacking": "",
"stacking_level": "",
"nblades": "",
"physical_ports": "",
"logical_ports": "",

40 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

"subinterfaces": "",
"dns_sensitivity": "",
"dns_ignore": "",
"flow_export_port": "",
"flow_export_sample_rate": "",
"flow_export_bgp_default": "",
"dpi_deployment_type": "",
"dpi_capabilities": "",
"dpi_hardware_bypass": "",
"dpi_flow_id_ignore_rx_tags": "",
"dpi_flow_id_ignore_rx_port": "",
"dpi_fail_open": "",
"dpi_routers": "",
"incoming_bw_limit": "0",
"max_mitigations": "",
"ospf_area": "",
"ospf_interfaces": "",
"ospf_md5": "",
"ospf_hello_interval": "",
"ospf_router_dead_time": "",
"ospf_retransmit_interval": "",
"ospf_transmit_delay": "",
"rear_10g_only": "",
"fate_sharing_interface": "",
"fate_sharing_nexthop": "",
"fate_sharing_bgppeer": "",
"fate_sharing_gretunnel": "",
"routers": "aa1-aa2-aa3-aa4-aa5-aa6-aa7"
}
]

Proprietary and Confidential Information of Arbor Networks Inc. 41

Peakflow SP API Guide, Version 7.6

Peakflow TMS Ports

URL
/arborws/admin/tms_ports

About this function

The TMS Ports function allows you to view TMS appliance port data in JSON format. It accepts
the following parameters:

tms_ports parameter

Name Description
api_key A unique, dedicated key that enables an account group to access this API
data. You must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

cURL example
The following is a cURL example of querying for TMS appliance port data in Peakflow SP:
curl -ks https://mariner/arborws/admin/tms_ports -d api_key=1234abc

HTTPS example
The following is an HTTPS example of querying for TMS appliance port data in Peakflow SP:
https://mariner/arborws/admin/tms_ports?api_key=1234abc

Example output
The following is an example of the output returned by the TMS ports function:
[
{gid: "33"
name: "tmsx0.0.1"
device: "2360"
type: "subinterface"
action_dns: "1"
action_http: "1"
action_mitigate: ""
address: "10.0.0.1"
description: "Test"
nexthop: "5.6.7.8"
output: "543"
parent: "2369"
snmp_id: "1008"
vlan: "1"
}

42 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

Proprietary and Confidential Information of Arbor Networks Inc. 43

Peakflow SP API Guide, Version 7.6

Portal

URL
/arborws/portal

About this function

Important: Do not use this function in a production environment, it is for preview only. If you
preview the function, please contact Arbor with your feedback.
The portal function displays a static snapshot HTML page using the Web Services API.
Caution: You cannot restrict which pages can or cannot be displayed. Anyone with the
correct API key can view all pages with this function.
This function is disabled by default. To enable it, create an empty file in the /base/store
directory named PORTAL_ENABLED on the Peakflow SP leader appliance or a non-leader
appliance that has the user interface role.
The portal function accepts the following parameters:

portal parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

id The static page to display.

n Alert page—use one of the following values:
l host_alert
l profiled_router_alert
l profiled_network_alert
An alert page also requires the alert_id parameter.
n Mitigation status page—use the mitigation_status value.
The mitigation status page also requires the mitigation_id parameter.
n Report page—use the report page ID value.
You can obtain the ID by opening the report in the Peakflow SP Web UI
and copying the text following page?id= in the address bar.

alert_id ID number of the alert to display. This parameter is required if the id

parameter value is:
n host_alert
n profiled_router_alert
n profiled_network_alert

mitigation_id ID number of the mitigation status to display. This parameter is required if the
id parameter value is mitigation_status.

44 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

cURL example
The following is a cURL example of querying for a profiled router alert with an ID of 33 in
Peakflow SP:
curl -ks https://mariner/arborws/portal -d api_key=1234abc -d
id=profiled_router_alert -d &alert_id=33

HTTPS example
The following is an HTTPS example of querying for a mitigation status with an ID of 2 in
Peakflow SP:
https://mariner/arborws/portal?api_key=1234abc&id=mitigation_
status&mitigation_id=2

Proprietary and Confidential Information of Arbor Networks Inc. 45

Peakflow SP API Guide, Version 7.6

Reports

URL
/arborws/reports/function

About these functions

The following are the functions for wizard reports in the Arbor Web Services API:

Wizard report functions

Function
/arborws/reports/configured
Description
Allows you to view a list of the configured wizard reports in
Peakflow SP.
For more information about this function and its accepted
parameters, see “/arborws/reports/configured” below.

/arborws/reports/queue Allows you to queue a wizard report to run.

For more information about this function and its accepted
parameters, see “/arborws/reports/queue” on the facing page.

/arborws/reports/results
Allows you to view a list of the wizard report results that can
be downloaded from Peakflow SP.
For more information about this function and its accepted
parameters, see “/arborws/reports/results” on the facing
page.

/arborws/reports/download Allows you to download a completed wizard report.

For more information about this function and its accepted
parameters, see “/arborws/reports/download” on page 48.

/arborws/reports/configured
The /arborws/reports/configured function accepts the following parameters:

configured parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

filter (Optional) Keywords by which you want to filter search results.

46 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

configured parameters (Continued)

Name Description
limit (Optional) The maximum number of wizard reports to return that match the
filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

/arborws/reports/queue
The /arborws/reports/queue function accepts the following parameters:

queue parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

name The name of the configured wizard report that you want to run.
The returned value is one of the following:
n an HTTP status code 204, which indicates success
n an error message

/arborws/reports/results
The /arborws/reports/results function accepts the following parameters:

results parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

filter (Optional) Keywords by which you want to filter search results.

Proprietary and Confidential Information of Arbor Networks Inc. 47

Peakflow SP API Guide, Version 7.6

results parameters (Continued)

Name Description
limit (Optional) The maximum number of wizard reports to return that match the
filter.

format The format in which you want data returned, which can be one of the
following:
n json
This is the default format.
n xml

/arborws/reports/download
The /arborws/reports/download function accepts the following parameters:

download parameters

Name Description
api_key A unique, dedicated key that enables users to access this API data. You
must configure the API key in the Peakflow SP Web UI.
See “Enabling Customers to View Peakflow SP Data in the Web Services
API” in the Peakflow SP and Threat Management System (TMS) User
Guide for more information.

name The name of the configured wizard report that you want to download.

request_time The time of the wizard report result that you want to download, which can
be one of the following:
n last
The “last” parameter downloads the most recent wizard report result.
n time
The “time” parameter is the time at which a wizard report ran, in seconds
and microseconds since the epoch.

format The format in which you want a wizard report returned, which can be one of
the following:
n PDF
n XML
n CSV

cURL example
The following is a cURL example of querying for a list of configured wizard reports in Peakflow
SP:
curl -ks https://mariner/arborws/reports/configured -d api_key=1234abc

48 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 2: Using the Arbor Web Services API

HTTPS example
The following is an HTTPS example of downloading a PDF wizard report in Peakflow SP:
https://mariner/arborws/reports/download?api_key=1234abc&name=Camp
peers and apps&request_time=last&format=PDF

Proprietary and Confidential Information of Arbor Networks Inc. 49

Peakflow SP API Guide, Version 7.6

50 Proprietary and Confidential Information of Arbor Networks Inc.

Part III:
Current SOAP API
Peakflow SP API Guide, Version 7.6

52 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 3:
Introduction to the Current SOAP
API

Introduction
This chapter includes an introduction to the current SOAP API and how to use it with the PHP
package.

In this section
This section contains the following topics:
Using the Current SOAP API in Peakflow SP 54

Peakflow SP API Guide, Version 7.6 53

Peakflow SP API Guide, Version 7.6

Using the Current SOAP API in Peakflow SP

Introduction
The current SOAP API in Peakflow SP is implemented by the SP leader appliance or a
non-leader appliance that has the user interface role. You can access the SOAP API using
HTTPS.
Note: The SOAP interface requires Digest Authentication using either the user name “arbor”
and your zone secret as the password or the user name and password of a user whose account
has been assigned the sp_soap capability token.

References
For more information about SOAP API, see the following references:
n SOAP v1.1: http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
n SOAP v1.2: http://www.w3.org/TR/soap/
n WSDL v1.1: http://www.w3.org/TR/wsdl
n XMLSchema: http://www.w3.org/TR/xmlschema-0/

About the WSDL file

The WSDL file for the current SOAP package is named PeakflowSP.wsdl.

SOAP endpoint address

The Peakflow SP Web Services Definition Language (WSDL) document contains the endpoint
address for the web service. You can edit the endpoint address to reference your SP leader or
an appliance that has the user interface role in order to use the WSDL file to create a SOAP
client. Depending upon the configuration of the Peakflow SP appliance, this may or may not be
a fully qualified domain name (FQDN).
The following WSDL snippet shows a typical SOAP endpoint binding:
Note: The address of the Peakflow SP appliance in this example is peakflowsp.
<!-- endpoint/soap binding -->
<service name="PeakflowSPService">
<port name="PeakflowSPPort" binding="tns:PeakflowSPBinding">
<soap:address location="https://peakflowsp/soap/sp"/>
</port>
</service>

PHP client requirements

To run the PHP SOAP client, you must have a version of PHP installed on your system that has
SOAP support enabled.
To confirm SOAP support in your PHP build:
1. Go to a terminal prompt on the computer where you installed PHP.
2. Run the php -i command.
3. Verify that you see soap or enable-soap in the output.

54 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 3: Introduction to the Current SOAP API

Note: If you do not have SOAP support enabled in your PHP build, you can download a
current PHP source package from http://www.php.net/downloads.php. Follow the building and
installation instructions included with the source package. To enable SOAP support, include
the “--enable-soap” option when running the build’s “configure” script.

Resolving address resolution problems

You may experience address resolution problems with your SOAP client code that may be
related to a lack of a FQDN associated with the endpoint address. You can resolve this issue
with one of the following methods:

Methods to resolve resolution problems

Method Procedure
Method 1 Manually edit the endpoint/soap binding section of the Peakflow SP
WSDL to include a FQDN. Replace the string @@HOSTNAME@@ with the
FQDN of the Peakflow SP appliance you plan to send your SOAP
queries to.

Method 2 Programmatically change the endpoint URL within the code. Most
clientside SOAP libraries provide a facility by which you can change
the endpoint URL programatically to redirect the transactions with the
web service.

Ensuring optimal performance

To ensure optimal performance when you use the SOAP API with Peakflow SP, Arbor
recommends the following:
n For the getTrafficGraph() and runXmlQuery() functions, run the same query at five-minute or
greater intervals.
n For all other SOAP functions, run the same query at one minute or greater intervals.
n Make 15 or fewer active SOAP connections to Peakflow SP at one time.
n Make 100 or fewer SOAP queries per minute.

Using the example XML reports and queries included in the SOAP package
The binby_router.xml file contains an example XML query for use with runXmlQuery().
The XML query format is described in “XML Specifications” of the Peakflow SP and Threat
Management System (TMS) User Guide and in the XML schema files included in the SOAP
package.
Note: As an alternative, you can create your own client interface in Perl, Java, or another
language. Select an appropriate SOAP package for that language and use the
PeakflowSP.wsdl file to generate your own client-side interface.

Changing the default SOAP digest authentication timeout interval

It is possible to change the default SOAP digest authentication timeout interval.
Note: You should only make this change in the very rare situation where performing the SOAP
digest authentication at the default interval is problematic. When you upgrade your Peakflow
SP system, this change is lost and must be reapplied.

Proprietary and Confidential Information of Arbor Networks Inc. 55

Peakflow SP API Guide, Version 7.6

To change the default timeout interval:

1. Log in to the appliance’s CLI.
2. Type / shell, and then press enter to access the diagnostic shell.
3. In the file /base/usr/local/share/peakflow/www/conf/httpd.conf, in the
section that begins with <Directory “/user/local/share/peakflow/www/soap”>,
add the line AuthDigestNonceLifetime X.
Where X is an appropriate number of seconds. The default is 300.
4. Type / services sp stop.
5. Type / services sp start.

56 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 4:
Alert Functions in the Current SOAP
API

Introduction
This chapter includes information about the supported Peakflow SP current SOAP API alert
functions.
You can download the PeakflowSP.wsdl file for a complete specification of the data types
used for each current SOAP API alert function’s parameters and return values. The WSDL file
is downloaded as part of the API SDK (Administration > Download Arbor API SDK).

In this section
This section contains the following topics:
getDosAlertSummaries 58
getDosAlertSummariesXML 63
getDosAlertDetailsXML 64
getDosAlertGraph 65
getDosAlertDetails 66

Peakflow SP API Guide, Version 7.6 57

Peakflow SP API Guide, Version 7.6

getDosAlertSummaries

Prototype
getDosAlertSummaries(filter, count)

Accepted parameters
getDosAlertSummaries accepts the following parameters:

getDosAlertSummaries parameters

Name Type Description

filter string Keywords by which you want to filter search results.
You can enter the same search strings that you can
enter in the Search box on the Alerts pages in the
Web UI.

count unsigned integer The number of alerts to return that match the filter.
The default setting is 10.

Return value
getDosAlertSummaries returns the following value:

getDosAlertSummaries return value

Name Type Description

results DosAlertSummaryArray An array of DosAlertSummary records. These
include the same alert information that is
available on the All Alerts page.
See “DosAlertSummary” below.

DosAlertSummary
DosAlertSummary contains the following summary data about DoS alerts:

DosAlertSummary elements

Name Type Description

id unsigned An alert’s ID.
integer

type string The type of an alert.

is_fast_detected boolean One of the following:

n “True” for a DoS Fast Flood Host alert.
n “False” for all other DoS alerts including a DoS
Host Alert that was not triggered by fast flood
detection.

58 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertSummary elements (Continued)

Name Type Description

importance string A string that indicates the importance of an alert,
which can be one of the following:
n low
n medium
n high

classification string An alert’s classification.

device_gid unsigned The ID number of the Peakflow SP appliance.

integer

device_name string The name of the Peakflow SP appliance.

direction string A string that indicates the direction of an alert’s traffic,

which can be one of the following:
n Incoming
n Outgoing
n N/A

unit string A string that indicates how an alert’s traffic is

measured, which can be one of the following:
n bps
n pps

threshold float The high severity threshold of the misuse type that the
alert traffic has exceeded by the highest percentage.

severity_percent float The highest single-minute ratio of the alert traffic to

the high severity rate over the lifetime of the alert.

ticket string (Optional) The ticket number that corresponds to an

alert, if ticketing is configured.

ongoing boolean One of the following:

n “True” for an ongoing alert
n “False” for any other alert

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which an alert ended,
in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

duration float The number of seconds that an alert has lasted.

resource AlertResource An array of AlertResource records.

See “AlertResource” on page 61.

Proprietary and Confidential Information of Arbor Networks Inc. 59

Peakflow SP API Guide, Version 7.6

DosAlertSummary elements (Continued)

Name Type Description

signature base64Binary (Optional) A base64-encoded signature of alert
traffic.

protocols string (Optional) One or more protocol numbers of the

protocols in the alert traffic.

misuseTypes string (Optional) One or more misuse signatures observed in

a DoS Host alert’s traffic.

annotations Annotation (Optional) An array of one or more Annotation

records.
See “Annotation” on page 62.

max_impact_bps float (Optional) The maximum impact values (in bps)

observed over the life on an alert.

max_impact_pps float (Optional) The maximum impact values (in pps)

observed over the life of an alert.

max_impact_ float The boundary where the maximum impact values were
boundary observed over the life of an alert.

impact_bps_ float (Optional) The raw data points for the impact values
points (in bps) that are used to generate an alert’s minigraph
in the Web UI.

impact_pps_ float (Optional) The raw data points for the impact values
points (in pps) that are used to generate an alert’s minigraph
in the Web UI.

impact_recorded float (Optional) One or more timestamps that correspond to

when each of the raw data points for impact value
were recorded for an alert.

dos_version unsigned (Optional) The dos version for a DoS Profiled Router
integer alert. A DoS Profiled Router alert has a dos version of
3 if the alert is triggered by a Peakflow SP 7.6
appliance. A DoS Profiled Router alert has a dos
version of 1 if the alert is triggered by a Peakflow SP
5.8 or 6.0 appliance. The alert can be triggered by a
5.8 or 6.0 appliance in a multi-version deployment or
before you upgrade to Peakflow SP 7.6.

60 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

AlertResource
AlertResource describes the resource affected by an alert and contains the following
elements:

AlertResource elements

Name Type Description

name string (Optional) The name of the resource involved
in alert traffic.

cidr string (Optional) If applicable, of the following:

n the destination IP address (/32) of the
traffic in a misuse or host alert
n the CIDR against which an alert was
detected, if it is detected for a CIDR
group-based managed object

ipVersion unsigned integer Indicates whether the alert was IPv4 or IPv6
traffic.

managedObjects AlertManagedObject An array of AlertManagedObject records.

See “AlertManagedObject” below.

AlertManagedObject
AlertManagedObject describes the managed object affected by an alert and contains the
following elements:

AlertManagedObject elements

Name Type Description

name string The name of a managed object.

id unsigned integer The managed object ID.

cidrGroup string (Optional) The CIDR against which an alert was

detected, if it is detected for a CIDR group-based
managed object.

importance string (Optional) A string that indicates the importance of

an alert, which can be one of the following:
n low
n medium
n high

Proprietary and Confidential Information of Arbor Networks Inc. 61

Peakflow SP API Guide, Version 7.6

Annotation
Annotation describes an alert annotation and contains the following elements:

Annotation elements

Name Type Description

added dateTime The date and time when an annotation was added to
an alert, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

author string The user who added an annotation to an alert.

content string The comments that a user wrote in an annotation.

62 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

getDosAlertSummariesXML

Prototype
getDosAlertSummaries(filter, count)

Accepted parameters
getDosAlertSummariesXML accepts the following parameters:

getDosAlertSummariesXML parameters

Name Type Description

filter string Keywords by which you want to filter search results.
You can enter the same search strings that you can
enter in the Search box on the Alerts pages in the
Web UI.

count unsigned integer The number of alerts to return that match the filter.
The default setting is 10.

Return value
getDosAlertSummariesXML returns the following value:

getDosAlertSummariesXML return value

Name Type Description

results string An XML representation of the same data that is
returned by the DosAlertSummary function.
See “DosAlertSummary” on page 58.

Proprietary and Confidential Information of Arbor Networks Inc. 63

Peakflow SP API Guide, Version 7.6

getDosAlertDetailsXML

Prototype
getDosAlertDetailsXML(alertID)

Accepted parameter
getDosAlertDetailsXML accepts the following parameter:

getDosAlertDetailsXML parameter

Name Type Description

alertID unsigned integer The alert ID for the alert whose data you want to
view.

Return value
getDosAlertDetailsXML returns the following value:

getDosAlertDetailsXML return value

Name Type Description

results string An XML representation of detailed data about
the specified alert. The returned data is the same
as the data that can be viewed on the DoS Alert
page in the Web UI.

64 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

getDosAlertGraph

Prototype
getDosAlertGraph(alertID, width, height)

Accepted parameters
getDosAlertGraph accepts the following parameters:

getDosAlertGraph parameters

Name Type Description

alertID unsigned integer The ID of a misuse or profiled DoS alert.

width unsigned integer The width that you want the graph to be. If you enter
0 for either the width or the height argument, then
Peakflow SP returns a graph that is 948 x 160.

height unsigned integer The height that you want the graph to be. If you enter
0 for either the width or the height argument, then
Peakflow SP returns a graph that is 948 x 160.

Return value
getDosAlertGraph returns the following value:

getDosAlertGraph return value

Name Type Description

graph base64binary A PNG graph file of the impact data for a specified
alert ID. If an alert does not have impact data, then
the SOAP API does not populate a graph.

Proprietary and Confidential Information of Arbor Networks Inc. 65

Peakflow SP API Guide, Version 7.6

getDosAlertDetails

Prototype
getDosAlertDetails(alertID)

Accepted parameter
getDosAlertDetails accepts the following parameter:

getDosAlertDetails parameter

Name Type Description

alertID unsigned integer The ID of a DoS alert.

Return value
getDosAlertDetails returns the following value:

getDosAlertDetails return value

Name Type Description

results DosAlertDetails An array of DosAlertDetails records.
See “DosAlertDetails 7.0” on the facing page and
“DosAlertDetails 6.0 ” on page 74.

About DosAlertDetails
Peakflow SP 7.0 uses two sets of DosAlertDetails as described in the following table:

DosAlertDetails sets

DosAlertDetails Set Used For

DosAlertDetails 7.0 n All DoS alerts that are triggered on a Peakflow SP 7.0
appliance.
n DoS Host alerts and DoS Profiled Network alerts that existed
before an upgrade to Peakflow SP 7.0.
n DoS Host alerts and DoS Profiled Network alerts that are
triggered on a Peakflow SP 5.8 or 6.0 appliance in a
multi-version deployment.

See “DosAlertDetails 7.0” on the facing page.

DosAlertDetails 6.0 n DoS Profiled Router alerts that existed before an upgrade to
Peakflow SP 7.0.
n DoS Profiled Router alerts that are triggered on a Peakflow
SP 5.8 or 6.0 appliance in a multi-version deployment.

See “DosAlertDetails 6.0 ” on page 74.

66 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetails 7.0
DosAlertDetails for DoS 3 alerts contains the following elements:

DosAlertDetails 7.0 elements

Name Type Description

id unsigned integer An alert’s ID.

start dateTime The date and time when an alert

started, in the following ISO 8601
format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which

an alert ended, in the following ISO
8601 format:
n YYYY-MM-DDThh:mm:ssTZD

dest_addr DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

dest_tcp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

dest_udp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

protos DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

src_addr DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

src_tcp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

src_udp_ DosAlertDetailsItem (Optional) One or more arrays of

ports DosAlertDetailsItem records.
See “DosAlertDetailsItem” on page 69.

icmp_ DosAlertDetailsItem (Optional) One or more arrays of

type_and_ DosAlertDetailsItem records.
code See “DosAlertDetailsItem” on the
facing page.

Proprietary and Confidential Information of Arbor Networks Inc. 67

Peakflow SP API Guide, Version 7.6

DosAlertDetails 7.0 elements (Continued)

Name Type Description

misuse_ DosAlertDetailsItem (Optional) One or more arrays of
types DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

src_asn DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

src_ DosAlertDetailsItem (Optional) One or more arrays of

countries DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

tcp_flags DosAlertDetailsItem (Optional) One or more arrays of

DosAlertDetailsItem records.
See “DosAlertDetailsItem” on the
facing page.

top_ DosAlertTopPatternsItem (Optional) One or more arrays of

patterns DosAlertTopPatternsItem records.
See “DosAlertTopPatternsItem” on the
facing page.

packet_ DosAlertPacketDistributionBoundary (Optional) One or more arrays of

distribution DosAlertPacketDistributionBoundary
records.
See
“DosAlertPacketDistributionBoundary”
on page 70.

alert_ DosAlertDetailsRoutersBoundary (Optional) One or more arrays of

routers DosAlertDetailsRoutersBoundary
records.
See
“DosAlertDetailsRoutersBoundary” on
page 73.

68 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetailsItem
DosAlertDetailsItem contains the following elements:

DosAlertDetailsItem elements

Name Type Description

id string The ID of an item.

name string The name of an item.

mo DosAlertDetailsRates One or more arrays of DosAlertDetailsRates

records for the rate of traffic at the managed
object boundary.
See “DosAlertDetailsRates” below.

net DosAlertDetailsRates One or more arrays of DosAlertDetailsRates

records for the rate of traffic at the network
boundary.
See “DosAlertDetailsRates” below.

DosAlertDetailsRates
DosAlertDetailsRates contains the following elements:

DosAlertDetailsRates elements

Name Type Description

bps unsigned integer The rate of traffic (in bps) for the duration of an
alert.

pps unsigned integer The rate of traffic (in pps) for the duration of an
alert.

DosAlertTopPatternsItem
DosAlertTopPatternItem contains the following elements:

DosAlertTopPatternItem elements

Name Type Description

router_id unsigned integer The ID of a router where a traffic pattern was
observed.

router_ string The name of a router where a traffic pattern was

name observed.

patterns DosAlertTopPatternsDetails One or more arrays of DosAlertTopPatternsDetails

records.
See “DosAlertTopPatternsDetails” on the next
page.

Proprietary and Confidential Information of Arbor Networks Inc. 69

Peakflow SP API Guide, Version 7.6

DosAlertTopPatternsDetails
DosAlertTopPatternDetails displays the top (up to 10) traffic patterns from the last 5 minutes of
the selected timeframe of a DoS Host alert or DoS Profiled Router alert.
DosAlertTopPatternDetails contains the following elements:

DosAlertTopPatternDetails elements

Name Type Description

protocol string The protocol of a traffic pattern.

src_ip string The source IP address of a traffic pattern.

src_port unsigned integer The source port of a traffic pattern.

src_port_name string The name of the service of a source port of a

traffic pattern.

dst_ip string The destination IP address of a traffic pattern.

dst_port unsigned integer The destination port of a traffic pattern.

dst_port_name string The name of the service of a destination port of a

traffic pattern.

tcp_flags string The TCP flag of a traffic pattern.

bps unsigned integer The rate of traffic (in bps) of a traffic pattern.

pps unsigned integer The rate of traffic (in pps) of a traffic pattern.

DosAlertPacketDistributionBoundary
DosAlertPacketDistributionBoundary contains the following elements:

DosAlertPacketDistributionBoundary elements

Name Type Description

mo DosAlertPacketDistribution One or more arrays of DosAlertPacketDistribution
records for the size of packets at the managed
object boundary.
See “DosAlertPacketDistribution” on the facing
page.

net DosAlertPacketDistribution One or more arrays of DosAlertPacketDistribution

records for the size of packets at the network
boundary.
See “DosAlertPacketDistribution” on the facing
page.

70 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertPacketDistribution
DosAlertPacketDistribution contains the following elements:

DosAlertPacketDistribution elements

Name Type Description

packet_size_0_to_50 unsigned The number of packets that are between 0 and
integer 50 bytes.

packet_size_51_to_100 unsigned The number of packets that are between 51 and

integer 100 bytes.

packet_size_101_to_ unsigned The number of packets that are between 101

150 integer and 150 bytes.

packet_size_151_to_ unsigned The number of packets that are between 151

200 integer and 200 bytes.

packet_size_201_to_ unsigned The number of packets that are between 201

250 integer and 250 bytes.

packet_size_251_to_ unsigned The number of packets that are between 251

300 integer and 300 bytes.

packet_size_301_to_ unsigned The number of packets that are between 301

350 integer and 350 bytes.

packet_size_351_to_ unsigned The number of packets that are between 351

400 integer and 400 bytes.

packet_size_401_to_ unsigned The number of packets that are between 401

450 integer and 450 bytes.

packet_size_451_to_ unsigned The number of packets that are between 451

500 integer and 500 bytes.

packet_size_501_to_ unsigned The number of packets that are between 501

550 integer and 550 bytes.

packet_size_551_to_ unsigned The number of packets that are between 551

600 integer and 600 bytes.

packet_size_601_to_ unsigned The number of packets that are between 601

650 integer and 650 bytes.

packet_size_651_to_ unsigned The number of packets that are between 651

700 integer and 700 bytes.

packet_size_701_to_ unsigned The number of packets that are between 701

750 integer and 750 bytes.

packet_size_751_to_ unsigned The number of packets that are between 751

800 integer and 800 bytes.

Proprietary and Confidential Information of Arbor Networks Inc. 71

Peakflow SP API Guide, Version 7.6

DosAlertPacketDistribution elements (Continued)

Name Type Description

packet_size_801_to_ unsigned The number of packets that are between 801
850 integer and 850 bytes.

packet_size_851_to_ unsigned The number of packets that are between 851

900 integer and 900 bytes.

packet_size_901_to_ unsigned The number of packets that are between 901

950 integer and 950 bytes.

packet_size_951_to_ unsigned The number of packets that are between 951

1000 integer and 1000 bytes.

packet_size_1001_to_ unsigned The number of packets that are between 1001

1050 integer and 1050 bytes.

packet_size_1051_to_ unsigned The number of packets that are between 1051

1100 integer and 1100 bytes.

packet_size_1101_to_ unsigned The number of packets that are between 1101

1150 integer and 1150 bytes.

packet_size_1151_to_ unsigned The number of packets that are between 1151

1200 integer and 1200 bytes.

packet_size_1201_to_ unsigned The number of packets that are between 1201

1250 integer and 1250 bytes.

packet_size_1251_to_ unsigned The number of packets that are between 1251

1300 integer and 1300 bytes.

packet_size_1301_to_ unsigned The number of packets that are between 1301

1350 integer and 1350 bytes.

packet_size_1351_to_ unsigned The number of packets that are between 1351

1400 integer and 1400 bytes.

packet_size_1401_to_ unsigned The number of packets that are between 1401

1450 integer and 1450 bytes.

packet_size_1451_to_ unsigned The number of packets that are between 1451

1500 integer and 1500 bytes.

packet_size_1501_ unsigned The number of packets that are greater than

and_greater integer 1500 bytes.

72 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetailsRoutersBoundary
DosAlertDetailsRoutersBoundary contains the following elements:

DosAlertDetailsRoutersBoundary elements

Name Type Description

none DosAlertDetailsRouters One or more arrays of DosAlertDetailsRouters
records that match neither a managed object
boundary or a network boundary of a DoS Host
alert or a DoS Profiled Router alert.
See “DosAlertDetailsRouters” below.

mo DosAlertDetailsRouters One or more arrays of DosAlertDetailsRouters

records that match a managed object boundary
of a DoS Profiled Network alert.
See “DosAlertDetailsRouters” below.

net DosAlertDetailsRouters One or more arrays of DosAlertDetailsRouters

records that match a network boundary of a
DoS Profiled Network alert.
See “DosAlertDetailsRouters” below.

DosAlertDetailsRouters
DosAlertDetailsRouters contains the following elements:

DosAlertDetailsRouters elements

Name Type Description

id unsigned integer The ID of the router where traffic was
observed for an alert.

name string The name of the router where traffic was

observed for an alert.

max_bps unsigned integer The maximum rate of alert traffic (in bytes)
at a router.

max_pps unsigned integer The maximum rate of alert traffic (in

packets) at a router.

interfaces DosAlertDetailsInterfaces One or more arrays of

DosAlertDetailsInterfaces records.
See “DosAlertDetailsInterfaces” on the
next page.

Proprietary and Confidential Information of Arbor Networks Inc. 73

Peakflow SP API Guide, Version 7.6

DosAlertDetailsInterfaces
DosAlertDetailsInterfaces contains the following elements:

DosAlertDetailsInterfaces elements

Name Type Description

name string The name of the interface where alert traffic was
observed.

direction string A string that indicates the direction of alert traffic on

the interface. The direction can be one of the
following:
n Incoming
n Outgoing
n N/A

max_bps unsigned integer The maximum rate of alert traffic (in bytes) observed
for an interface.

max_pps unsigned integer The maximum rate of alert traffic (in packets)
observed for an interface.

DosAlertDetails 6.0
DosAlertDetails for DoS 3 alerts contains the following elements:

DosAlertDetails 6.0 elements

Name Type Description

id unsigned integer An alert’s ID.

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time at which an alert

ended, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

bytes_total unsigned integer The total traffic involved in an alert (in bytes).

packets_total double The total traffic involved in an alert (in packets).

src_prefixes PrefixTraffic (Optional) One or more arrays of PrefixTraffic

records.
See “PrefixTraffic” on the facing page.

dst_prefixes PrefixTraffic (Optional) One or more arrays of PrefixTraffic

records.
See “PrefixTraffic” on the facing page.

74 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

DosAlertDetails 6.0 elements (Continued)

Name Type Description

src_ports PortTraffic (Optional) One or more arrays of PortTraffic
records.
See “PortTraffic” on the next page.

dst_ports PortTraffic (Optional) One or more arrays of PortTraffic

records.
See “PortTraffic” on the next page.

protocols ProtocolTraffic (Optional) One or more arrays of ProtocolTraffic

records.
See “ProtocolTraffic” on the next page.

tcpFlags TcpFlagsTraffic (Optional) One or more arrays of TcpFlagsTraffic

records.
See “TcpFlagsTraffic” on the next page.

impact_bps float The raw data points for the impact values (in bps)
observed over the life of an alert. These are the
same data points used to generate graphs for DoS
Alerts in the Web UI.

impact_pps float The raw data points for the impact values (in pps)
observed over the life of an alert. These are the
same data points used to generate graphs for DoS
alerts in the Web UI.

routers DosAlertRouter (Optional) One or more arrays of DosAlertRouter

records.
See “DosAlertRouter” on page 77.

PrefixTraffic
PrefixTraffic contains the following elements:

PrefixTraffic elements

Name Type Description

cidr string A CIDR block that was a significant contributor to
an alert.

bytes double The amount of alert traffic (in bytes) observed for a
prefix.

packets double The amount of alert traffic (in packets) observed

for a prefix.

Proprietary and Confidential Information of Arbor Networks Inc. 75

Peakflow SP API Guide, Version 7.6

PortTraffic
PortTraffic contains the following elements:

PortTraffic elements

Name Type Description

portRangeStart unsigned integer The first port in the port range.

portRangeEnd unsigned integer The last port in the port range.

name string The name of the application associated with a

single port, if a port range only includes one port.

bytes double The amount of alert traffic (in bytes) observed for a
port or port range.

packets double The amount of alert traffic (in packets) observed

for a port or port range.

ProtocolTraffic
ProtocolTraffic contains the following elements:

ProtocolTraffic elements

Name Type Description

name string The name of the protocol of the traffic of an alert.

number unsigned integer The number for the protocol of the traffic of an alert.

bytes double The amount of alert traffic (in bytes) observed for a protocol.

packets double The amount of alert traffic (in packets) observed for a
protocol.

TcpFlagsTraffic
TcpFlagsTraffic contains the following elements:

TcpFlagsTraffic elements

Name Type Description

text string The alphabetic values that represent the TCP flags
of the traffic of an alert.

value unsigned integer The single numeric value, which is the logical OR of
all TCP flag values detected in the traffic of an alert.

76 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 4: Alert Functions in the Current SOAP API

TcpFlagsTraffic elements (Continued)

Name Type Description

bytes double The amount of alert traffic (in bytes) observed for a
TCP flag.

packets double The amount of alert traffic (in packets) observed for
a TCP flag.

DosAlertRouter
DosAlertRouter contains the following elements:

DosAlertRouter elements

Name Type Description

gid unsigned integer The ID of the router where the traffic of an alert
was observed.

name string The name of the router where the traffic of an

alert was observed.

bytes_total double The amount of alert traffic (in bytes) observed for
a router.

packets_total double The amount of alert traffic (in packets) observed

for a router.

packet_rate_max double The maximum rate of alert traffic (in packets)

observed for a router.

byte_rate_max double The maximum rate of alert traffic (in bytes)

observed for a router.

duration unsigned integer The amount of time alert traffic was observed on
a router.

start dateTime The date and time when an alert started, in the
following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop dateTime (Optional) The date and time when an alert

ended, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

interfaces DosAlertInterface One or more arrays of DoSAlertInterface records.

See “DosAlertInterface” on the next page.

Proprietary and Confidential Information of Arbor Networks Inc. 77

Peakflow SP API Guide, Version 7.6

DosAlertInterface
DosAlertInterface contains the following elements:

DosAlertInterface elements

Name Type Description

gid unsigned integer The ID of the interface where alert traffic was
observed.

name string The name of the interface where alert traffic was
observed.

description string The description of the interface where alert traffic

was observed.

snmp_index string The SNMP index of the interface where alert

traffic was observed.

ip string The IP address of the interface where alert traffic

was observed.

bytes_total double The total alert traffic (in bytes) observed at an

interface.

packets_total double The total alert traffic (in packets) observed at an

interface.

packet_rate_max double The maximum rate of alert traffic (in packets)

observed at an interface.

byte_rate_max double The maximum rate of alert traffic (in bytes)

observed at an interface.

duration unsigned integer The amount of time alert traffic was observed at
an interface.

78 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 5:
Mitigation Functions in the Current
SOAP API

Introduction
This chapter includes information about the supported Peakflow SP current SOAP API
mitigation functions.
You can download the PeakflowSP.wsdl file for a complete specification of the data types
used for each current SOAP API mitigation function’s parameters and return values. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor API
SDK).

In this section
This section contains the following topics:
applyMitigationTemplateById 80
applyMitigationTemplateByName 81
getMitigationSummaries 82
getMitigationSummariesXML 84
getMitigationStatisticsByIdXML 85
getMitigationStatisticsByNameXML 86
addTmsFilterList 87
editTmsFilterList 89
deleteTmsFilterList 90

Peakflow SP API Guide, Version 7.6 79

Peakflow SP API Guide, Version 7.6

applyMitigationTemplateById

Prototype
applyMitigationTemplateByID(mitigation_id, template_id, apply_method)

Accepted parameters
applyMitigationTemplateById accepts the following parameters:

applyMitigationTemplateById parameters

Name Type Description

mitigation_id unsigned integer The “Id” of a TMS mitigation. When this parameter
is used alone, a TMS mitigation template that is
already set in the mitigation is applied. If a TMS
mitigation template is not set, it returns an error.
When this parameter is used with the template_id
parameter, the specified TMS mitigation template is
set and applied to the mitigation.

template_id unsigned integer (Optional) The “Id” of a TMS mitigation template

that is set and applied to the mitigation.

apply_method string The method used to apply the specified

TMS mitigation template. The override method is
supported, and override is the default value. As of
Peaklfow 7.0, the merge method is no longer
supported.
The override method overrides the settings in the
TMS mitigation with the settings in the template. If
the settings in the template are blank, the empty
settings in the template will clear the corresponding
settings in the mitigation except for the diversion
prefixes and timeout setting that are configured on
the Protect tab of a mitigation. If the diversion
prefixes and timeout setting are blank in the
template, they do not clear the corresponding
settings in the mitigation.

Return values
applyMitigationTemplateByID returns the following values:

applyMitigationTemplateById return value

Name Type Description

results string A success or failure message.

80 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 5: Mitigation Functions in the Current SOAP API

applyMitigationTemplateByName

Prototype
applyMitigationTemplateByName(mitigation_name, template_name, apply_method)

Accepted parameters
applyMitigationTemplateByName accepts the following parameters:

applyMitigationTemplateByName parameters

Name Type Description

mitigation_name string The name of a TMS mitigation. When this parameter
is used alone, a TMS mitigation template that is
already set in the mitigation is applied. If a TMS
mitigation template is not set, it returns an error.
When this parameter is used with the template_
name parameter, the specified TMS mitigation
template is set and applied to the mitigation.

template_name string (Optional) The name of a TMS mitigation template

that is set and applied to the mitigation.

apply_method string The method used to apply the specified

TMS mitigation template. The override method is
supported, and override is the default value. As of
Peaklfow 7.0, the merge method is no longer
supported.
The override method overrides the settings in the
TMS mitigation with the settings in the template. If
the settings in the template are blank, the empty
settings in the template will clear the corresponding
settings in the mitigation except for the diversion
prefixes and timeout setting that are configured on
the Protect tab of a mitigation. If the diversion
prefixes and timeout setting are blank in the
template, they do not clear the corresponding
settings in the mitigation.

Return values
applyMitigationTemplateByName returns the following values:

applyMitigationTemplateByName return value

Name Type Description

results string A success or failure message.

Proprietary and Confidential Information of Arbor Networks Inc. 81

Peakflow SP API Guide, Version 7.6

getMitigationSummaries

Prototype
getMitigationSummaries(filter, max_count)

Accepted parameters
getMitigationSummaries accepts the following parameters:

getMitigationSummaries parameters

Name Type Description

filter string Keywords by which you want to filter search results.
You can enter the same search strings that you can
enter in the Search box on the Mitigations pages in
the Web UI.

max_count unsigned integer The maximum number of mitigations to return that

match the filter.

Return values
getMitigationSummaries returns the following values:

getMitigationSummaries return value

Name Type Description

results MitigationSummaryArray An array of one or more MitigationSummary
records.
See “MitigationSummary” below.

MitigationSummary
MitigationSummary contains the following data about a mitigation:

MitigationSummary elements

Name Type Description

id integer The ID assigned to a mitigation.

type string The type of mitigation.

name string The name of a mitigation.

description string (Optional) The description of a mitigation.

user string The user who started a mitigation.

alert_id integer (Optional) The alert ID that is associated with a

mitigation.

82 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 5: Mitigation Functions in the Current SOAP API

MitigationSummary elements (Continued)

Name Type Description

prefix string The diversion prefix used in the mitigation.

is_automitigation boolean One of the following:

“True” for an automitigation
“False” for any other mitigation

managed_object_ integer (Optional) The ID of the managed object

id protected by a mitigation.

managed_object_ string (Optional) The name of the managed object

name protected by a mitigation.

ongoing boolean One of the following:

n “True” for an ongoing mitigation
n “False” for any other mitigation

start time dateTime The date and time when a mitigation started, in
the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

stop time dateTime (Optional) The date and time at which a

mitigation ended, in the following ISO 8601
format:
n YYYY-MM-DDThh:mm:ssTZD

duration float The amount of time that a mitigation has lasted.

annotations array of (Optional) An array of one or more Annotation

Annotation records.
See “Annotation” below.

Annotation
Annotation describes a mitigation annotation and contains the following elements:

Annotation elements

Name Type Description

added dateTime The date and time when an annotation was added to
a mitigation, in the following ISO 8601 format:
n YYYY-MM-DDThh:mm:ssTZD

author string The user who added an annotation to a mitigation.

content string The comments that a user wrote in an annotation.

Proprietary and Confidential Information of Arbor Networks Inc. 83

Peakflow SP API Guide, Version 7.6

getMitigationSummariesXML

Prototype
getMitigationSummariesXML(filter, max_count)

Accepted parameters
getMitigationSummariesXML accepts the following parameters:

getMitigationSummariesXML parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Search box on the
Mitigations pages in the Web UI.

max_count unsigned integer The maximum number of mitigations to return that

match the filter.

Return value
getMitigationSummariesXML returns the following value:

getMitigationSummariesXML return value

Name Type Description

results string An XML representation of the same data that is
returned by the MitigationSummary function.
See “MitigationSummary” on page 82.

84 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 5: Mitigation Functions in the Current SOAP API

getMitigationStatisticsByIdXML

Prototype
getMitigationStatisticsByIdXML(id, start, stop)

Accepted parameters
getMitigationStatisticsByIdXML accepts the following parameters:

getMitigationStatisticsByIdXML parameters

Name Type Description

id unsigned integer The ID of a mitigation.

start unsigned integer A UNIX timestamp that specifies the start time of a
mitigation.

stop unsigned integer A UNIX timestamp that specifies the stop time of a
mitigation.

Return value
getMitigationStatisticsByIdXML returns the following value:

getMitigationStatisticsByIdXML return value

Name Type Description

results string An XML representation of the same data that is
available for a mitigation in the Web UI.

Proprietary and Confidential Information of Arbor Networks Inc. 85

Peakflow SP API Guide, Version 7.6

getMitigationStatisticsByNameXML

Prototype
getMitigationStatisticsByNameXML(name, start, stop)

Accepted parameters
getMitigationStatisticsByNameXML accepts the following parameters:

getMitigationStatisticsByNameXML parameters

Name Type Description

name string The name of a mitigation.

start unsigned integer A UNIX timestamp that specifies the start time of a
mitigation.

stop unsigned integer A UNIX timestamp that specifies the stop time of a
mitigation.

Return value
getMitigationStatisticsByNameXML returns the following value:

getMitigationStatisticsByNameXML return value

Name Type Description

results string An XML representation of the same data that is
available for a mitigation in the Web UI.

86 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 5: Mitigation Functions in the Current SOAP API

addTmsFilterList

Prototype
addTmsFilterList(name, type, filters, import_format, description)

Accepted parameters
addTmsFilterList accepts the following parameters:

addTmsFilterList parameters

Name Type Description

name string The name of a filter list.

type tmsFilterListType The type of filter list, which can be one of

the following strings:
n black_white
n dns
n ip_location
n ip_address
n ipv6_address
n url

filters base64-encoded A list of one of the following:

n IPv4 or IPv6 addresses
n URL regular expressions (in PCRE
format)
n DNS domain name or FQDN regular
expressions (in PCRE format)

import_format tmsFilterListImportFormat The format of the filter list entries, which

can be one of the following values:
n line-delimited
n comma-delimited
n tab-delimited

The default value is line-delimited.

description string A description that helps you identify a

filter list.

Proprietary and Confidential Information of Arbor Networks Inc. 87

Peakflow SP API Guide, Version 7.6

Return value
addTmsFilterList returns an array with the following values:

addTmsFilterList return value

Name Type Description

results string “Success” if the call was successful.

validation_errors base64-encoded An error string with a list of validation

string errors.

88 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 5: Mitigation Functions in the Current SOAP API

editTmsFilterList

Prototype
editTmsFilterList(name, filters, import_format, description)

Accepted parameters
editTmsFilterList accepts the following parameters:

editTmsFilterList parameters

Name Type Description

name string The name of the filter list that you want to
edit.

filters base64-encoded A list of one of the following:

n IPv4 or IPv6 addresses
n URL regular expressions (in PCRE
format)
n DNS domain name or FQDN regular
expressions (in PCRE format)

import_format tmsFilterListImportFormat The format of the filter list entries, which

can be one of the following values:
n line-delimited
n comma-delimited
n tab-delimited

The default value is line-delimited.

description string A description that helps you identify the

filter list.

Return value
editTmsFilterList returns an array with the following values:

editTmsFilterList return value

Name Type Description

results string “Success” if the call was successful.

validation_errors base64-encoded An error string with a list of validation

string errors.

Proprietary and Confidential Information of Arbor Networks Inc. 89

Peakflow SP API Guide, Version 7.6

deleteTmsFilterList

Prototype
deleteTmsFilterList(name)

Accepted parameters
deleteTmsFilterList accepts the following parameters:

deleteTmsFilterList parameter

Name Type Description

name string The name of the filter list that you want to delete.

Return value
deleteTmsFilterList returns the following value:

deleteTmsFilterList return value

Name Type Description

results string “Success” if the call was successful or errors if the
call was not.

90 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 6:
Configuration Management
Functions in the Current SOAP API

Introduction
This chapter includes information about the supported configuration management functions in
the Peakflow SP current SOAP API.
You can download the PeakflowSP.wsdl file (Administration > Download Arbor API
SDK) for a complete specification of the data types used for each current SOAP API
function’s parameters and return values.

In this section
This section contains the following topics:
About the Configuration Management Functions 92
cliRun 94
accountAdd 95
accountDelete 97
accountChangePassword 98
accountChangeGroup 99

Peakflow SP API Guide, Version 7.6 91

Peakflow SP API Guide, Version 7.6

About the Configuration Management Functions

Introduction
Peakflow SP supports the following configuration management functions:
n cliRun
n accountAdd
n accountDelete
n accountChangePassword
n accountChangeGroup

Output format
The output for all of the Configuration Management functions is returned in the standard
Peakflow SP XML data format with a base64-encoded query-reply text node.
The following XML snippet shows an example result from an accountAdd operation:
<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query-reply name="accountAdd" type="text"> T0s= </query-reply>
</peakflow>
Note: With the exception of the cliRun operation, the normal return value for successful
completion of the operations documented below is OK. The example above reflects the result
from the successful completion of an accountAdd operation—the text node value is the
base64-encoded representation of OK.

Error handling
Errors that occur during the execution of the Configuration Management operations result in
SOAP faults.
The following example shows a typical SOAP fault message (in this case, for the addition of an
account that already exists):
<SOAP-ENV:Envelope SOAP-
ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Server error</faultstring>
<detail> /detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Note: The faults that are returned by the Peakflow API contain a descriptive string that
explains the nature of the fault in the detail element, as shown above. The faultcode describes

92 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 6: Configuration Management Functions in the Current SOAP API

the source of the problem, which is either Client or Server. If the faultcode is Client, then there
was a problem with the parameters submitted to the API. If the faultcode is Server, then
Peakflow encountered a problem while processing the request.

Showing the current configuration

To show the current configuration:
n Execute the config show command with the cliRun method described above.

Note: To apply the configuration, a client could parse this output and replay each command
with this same interface.

Committing and saving the current configuration

Because this API is an extension of the CLI, you must also commit your changes in order to
save them.
To commit configuration changes:
n Execute the config write command.

Important: If you reboot, you will lose any changes that were not committed.

Proprietary and Confidential Information of Arbor Networks Inc. 93

Peakflow SP API Guide, Version 7.6

cliRun

Prototype
cliRun(command, timeout)

Accepted parameters
cliRun accepts the following parameters:

cliRun parameters

Name Type Description

command base64- A Peakflow SP base64-encoded CLI command.
encoded
command string

timeout unsigned integer The number of seconds that the cliRun call is
allowed to run. If the call is not completed in the
specified amount of time, Peakflow SP throws a
fault. If you specify 0 for the timeout, then Peakflow
SP uses the default value of 30 seconds.

Return value
cliRun returns the following value:

cliRun return value

Name Type Description

results string The output from the CLI after running the command.
Note: In the case of most configuration commands,
the normal output from the CLI is empty. Errors during
the operation result in SOAP faults.
See “Error handling” on page 92.

94 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 6: Configuration Management Functions in the Current SOAP API

accountAdd

Prototype
accountAdd(AccountConfiguration)

Accepted parameter
accountAdd accepts the following parameter:

accountAdd parameter

Name Type Description

AccountConfiguration complex type A SOAP structure that includes all of an
account’s parameters.
See “AccountConfiguration” below.

Note: You can enter an empty value for optional arguments, which indicates that the
parameter is unspecified.

AccountConfiguration
AccountConfiguration contains the following data about an account:

AccountConfiguration elements

Name Type Description

username string The user name for the account that you want to
add.

password base64 binary The base64-encoded password for the account

that you want to add.

group string The account group to which you want to assign

an account.

capabilityLevel capabilityLevelType The capability level that you want to assign to

an account, which can be one of the following:
n admin
n user

device string The name of a Peakflow SP appliance with

which an account is associated.

menu string (Optional) The UI menu system that you want

the user of this account to view.

timezone string (Optional) The time zone associated with the

account that you want to add.

Proprietary and Confidential Information of Arbor Networks Inc. 95

Peakflow SP API Guide, Version 7.6

AccountConfiguration elements (Continued)

Name Type Description

realname string (Optional) The full name of the user whose
account you want to add.

email string (Optional) The email address of the user whose

account you want to add.

Return values
accountAdd returns the following value:

accountAdd return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 92.

96 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 6: Configuration Management Functions in the Current SOAP API

accountDelete

Prototype
accountDelete(name)

Accepted parameter
accountDelete accepts the following parameter:

accountDelete parameter

Name Type Description

name string The user name of the account that you want to
delete.

Return value
accountDelete returns the following value:

accountDelete return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 92.

Proprietary and Confidential Information of Arbor Networks Inc. 97

Peakflow SP API Guide, Version 7.6

accountChangePassword

Prototype
accountChangePassword(name, device, password)

Accepted parameters
accountChangePassword accepts the following parameters:

accountChangePassword parameters

Name Type Description

name string The user name of the account whose password you
want to change.

device string The name of a Peakflow SP appliance with which an

account is associated.

password string The new base64-encoded password for the

account.

Return value
accountChangePassword returns the following value:

accountChangePassword return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 92.

98 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 6: Configuration Management Functions in the Current SOAP API

accountChangeGroup

Prototype
accountChangeGroup(name, device, group, capabilityLevel)

Accepted parameters
accountChangeGroup accepts the following parameters:

accountChangeGroup parameters

Name Type Description

name string The user name of the account for which you
want to change the account group.

device string The name of a Peakflow SP appliance with

which an account is associated.

group string The new account group with which you want to
associate the account.

capabilityLevel capabilityLevelType The capability level that you want to assign to

an account, which can be one of the following:
n admin
n user

Return value
accountChangeGroup returns the following value:

accountChangeGroup return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 92.

Proprietary and Confidential Information of Arbor Networks Inc. 99

Peakflow SP API Guide, Version 7.6

100 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 7:
Report Functions in the Current
SOAP API

Introduction
This chapter includes information about the supported report functions in the current Peakflow
SP SOAP API. These functions retrieve data for configured Wizard reports in the Web UI.
You can download the PeakflowSP.wsdl file for a complete specification of the data types
used for each current SOAP API report function’s parameters and return values. The WSDL
file is downloaded as part of the API SDK (Administration > Download Arbor API SDK).

In this section
This section contains the following topics:
queueReportToRun 102
getReportList 103
getReportListXML 105
getReportResultsList 106
getReportResultsListXML 108
getLastReportResultAsCSV 109
getLastReportResultAsXML 110
getLastReportResultAsPDF 111
getReportResultAsCSV 112
getReportResultAsXML 113
getReportResultAsPDF 114
runXmlQuery 115
getTrafficGraph 117

Peakflow SP API Guide, Version 7.6 101

Peakflow SP API Guide, Version 7.6

queueReportToRun

Prototype
queueReportToRun(name)

Accepted parameter
queueReportToRun enters a report into the run queue and accepts the following parameter:

queueReportToRun parameter

Name Type Description

name string The name of a configured wizard report that you
want to run.
Up to 8 reports can run at once.

Return value
queueReportToRun returns the following value:

queueReportToRun return value

Name Type Description

results string One of the following:
n “Success,” which indicates that a report was
successfully queued
n a SOAP Fault with an error message for failed
commands

102 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getReportList

Prototype
getReportList(filter, count)

Accepted parameters
getReportList returns a list of all configured wizard reports on the system and accepts the
following parameters:

getReportList parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Select a <object>
window Search box on the Reports pages in the
Web UI.

count unsigned integer The number of configured reports to return that

match the filter.
Tip: Type 0 to return unlimited results.

Return value
getReportList returns the following value:

getReportList return value

Name Type Description

results ReportConfigurationArray One or more arrays of ReportConfiguration
records.
See “ReportConfiguration” below.

ReportConfiguration
ReportConfiguration describes a report’s configuration and contains the following elements:

ReportConfiguration elements

Name Type Description

id string The ID of a configured report.

name string The name of a report.

type string The type of report.

description string The description of a report.

tags string (Optional) One or more tags that are applied to a report.

Proprietary and Confidential Information of Arbor Networks Inc. 103

Peakflow SP API Guide, Version 7.6

ReportConfiguration elements (Continued)

Name Type Description

recipient string The user configured to receive the report when it is complete.

schedule string The schedule on which a report runs, if configured, in cron

notation.

last_ string The user who last edited a report configuration.

changed_by

104 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getReportListXML

Prototype
getReportListXML(filter, count)

Accepted parameters
getReportListXML returns a list of all configured wizard reports on the system and accepts the
following parameters:

getReportListXML parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Select a <object>
window Search box on the Reports pages in the
Web UI.

count unsigned integer The number of configured reports to return that

match the filter.
Tip: Type 0 to return unlimited results.

Return value
getReportListXML returns the following value:

getReportListXML return value

Name Type Description

results string An XML representation of the same data that
is returned by the ReportConfiguration
function.
See “ReportConfiguration” on page 103.

Proprietary and Confidential Information of Arbor Networks Inc. 105

Peakflow SP API Guide, Version 7.6

getReportResultsList

Prototype
getReportResultsList(filter, count)

Accepted parameters
getReportResultsList returns a list of meta-data about all available configured report results. It
accepts the following parameters:

getReportResultsList parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Select a <object>
window Search box on the Reports pages in the
Web UI.

count unsigned integer The number of configured reports to return that

match the filter.
Tip: Type 0 to return unlimited results.

Return value
getReportResultsList returns the following value:

getReportResultsList return value

Name Type Description

results ReportResultArray One or more arrays of ReportResult records.

ReportResult
ReportResult describes a report’s results and contains the following elements:

ReportResult elements

Name Type Description

id string The ID of a configured report.

name string The name of a report.

type string The type of report.

description string The description of a report.

tags string (Optional) One or more tags that are applied to a report.

106 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

ReportResult elements (Continued)

Name Type Description

request_time float The time at which a report ran, in seconds and microseconds
since the epoch. You can obtain the request_time (not the
request_time_iso) for a report by using the
getReportResultsList function.

request_time_ dateTime The date and time when an alert started, in the following ISO
iso 8601 format:
n CCYY-MM-DDThh:mm:ss

request_method string The method by which the report was run, which can be one of
the following:
n manual
n scheduled

requested_by string The user configured to receive the report when it is complete.

last_changed_ string The user who last edited a report configuration.

by

Proprietary and Confidential Information of Arbor Networks Inc. 107

Peakflow SP API Guide, Version 7.6

getReportResultsListXML

Prototype
getReportResultsListXML(filter, count)

Accepted parameters
getReportResultsListXML returns a list of meta-data about all available configured report
results. It accepts the following parameters:

getReportResultsListXML parameters

Name Type Description

filter string Keywords by which you want to filter search
results. You can enter the same search strings
that you can enter in the Select a <object>
window Search box on the Reports pages in the
Web UI.

count unsigned integer The number of configured reports to return that

match the filter.
Tip: Type 0 to return unlimited results.

Return value
getReportResultsListXML returns the following value:

getReportResultsListXML return value

Name Type Description

results string An XML representation of the same data that
is returned by the ReportResult function.

108 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getLastReportResultAsCSV

Prototype
getLastReportResultAsCSV(name)

Accepted parameter
getLastReportResultAsCSV returns the output of the specified wizard report in CSV format.
Note: Wizard reports that contain complex data types (for example, alerts and mitigations) are
not supported in CSV format.
Peakflow SP returns the results in a zip file that contains one CSV file per query in the report. It
accepts the following parameter:

getLastReportResultAsCSV parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsCSV returns the following value:

getLastReportResultAsCSV return value

Name Type Description

csv_zip base64binary A base64-encoded zip file that contains a CSV
file for each query in the specified report.

Proprietary and Confidential Information of Arbor Networks Inc. 109

Peakflow SP API Guide, Version 7.6

getLastReportResultAsXML

Prototype
getLastReportResultAsXML(name)

Accepted parameter
getLastReportResultAsXML returns the output of the specified wizard report in XML format. It
accepts the following parameter:

getLastReportResultAsXML parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsXML returns the following value:

getLastReportResultAsXML return value

Name Type Description

xml string The XML query results for the specified report.

110 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getLastReportResultAsPDF

Prototype
getLastReportResultAsPDF(name)

Accepted parameter
getLastReportResultAsPDF returns the output of the specified wizard report in PDF format. It
accepts the following parameter:

getLastReportResultAsPDF parameter

Name Type Description

name string The name of a configured wizard report.

Return value
getLastReportResultAsPDF returns the following value:

getLastReportResultAsPDF return value

Name Type Description

pdf base64binary A base64-encoded PDF of the most recently
completed run of the specified report.

Proprietary and Confidential Information of Arbor Networks Inc. 111

Peakflow SP API Guide, Version 7.6

getReportResultAsCSV

Prototype
getReportResultAsCSV(name, request_time)

Accepted parameters
getReportResultAsCSV returns the output of the specified wizard report, at a specified run
time, in CSV format.
Note: Wizard reports that contain complex data types (for example, alerts and mitigations) are
not supported in CSV format.
Peakflow SP returns the results in a zip file that contains one CSV file per query in the report. It
accepts the following parameters:

getReportResultAsCSV parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain the
request_time (not the request_time_iso) for a report
by using the getReportResultsList function.

Return value
getReportResultAsCSV returns the following value:

getReportResultAsCSV return value

Name Type Description

csv_zip base64binary A base64-encoded zip file that contains a CSV file
for each query in the specified report.

112 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getReportResultAsXML

Prototype
getReportResultAsXML(name, request_time)

Accepted parameters
getReportResultAsXML returns the output of the specified wizard report, at a specified run
time, in XML format. It accepts the following parameters:

getReportResultAsXML parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain
the request_time (not the request_time_iso) for a
report by using the getReportResultsList
function.

Return value
getReportResultAsXML returns the following value:

getReportResultAsXML return value

Name Type Description

xml string The XML query results from the specified run of
the configured report.

Proprietary and Confidential Information of Arbor Networks Inc. 113

Peakflow SP API Guide, Version 7.6

getReportResultAsPDF

Prototype
getReportResultAsPDF(name, request_time)

Accepted parameters
getReportResultAsPDF returns the output of the specified wizard report, at a specified run
time, in a PDF file. It accepts the following parameters:

getReportResultAsPDF parameters

Name Type Description

name string The name of a configured wizard report.

request_time float The time at which a report ran, in seconds and

microseconds since the epoch. You can obtain
the request_time (not the request_time_iso) for a
report by using the getReportResultsList
function.

Return value
getReportResultAsPDF returns the following value:

getReportResultAsPDF return value

Name Type Description

pdf base64binary A base64-encoded PDF of the specified run of
the specified report.

114 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

runXmlQuery

Prototype
runXmlQuery(query)

Accepted parameter
runXmlQuery accepts the following parameter:

runXmlQuery parameter

Name Type Description

query string An XML query in standard Peakflow SP XML
query format. This parameter is only the XML
query, not an entire XML report, like the
getTrafficGraph function. Data is returned in the
XML result format as specified in the Peakflow
SP and Threat Management System (TMS) User
Guide.

For current XML report specifications, see “Using Customized Reports” in the Peakflow SP
and Threat Management System (TMS) User Guide.

Using the example query included in the SOAP package

An example XML query that can be used with runXmlQuery() is included in the Peakflow SP
SOAP package (in the binby_router.xml file). You must edit this file so that it refers to existing
routers in your system.

Creating an XML report on the View Reports page

To create an XML report on the View Reports page:
1. Navigate to the Configure Reports page (Administration > Reports).
2. Click the Add Report Configuration button and select Classic XML Report.
3. Type the name of the report in the Name box.
4. Type the title of the report in the Title box.
5. Click Add Query.
6. Specify the query details for the data that you want to graph in the Report Object Wizard.
7. Click Save to generate the report XML.
8. Cut the <query> portion of the XML (to use in the runXmlQuery() function), and then
paste it directly under the <peakflow> XML element.
9. Delete the remaining part of the <report> XML element.

Editing your XML so it works with SOAP

You must enclose all XML queries inside a <peakflow></peakflow> XML element.
Edit your report XML so it matches the following:
<?xml version=”1.0”?>
<peakflow version=”1.0”>

Proprietary and Confidential Information of Arbor Networks Inc. 115

Peakflow SP API Guide, Version 7.6

...
</query>
</peakflow>

runXmlQuery outputs
The query returns detailed sample data for items matching the query. The results are returned in
the standard Peakflow SP XML data format, as if it was downloaded directly from the Peakflow
SP Web UI.

Writing XML reports manually

You can also write XML reports manually using the XML specifications (either compact or
RelaxNG notation) in the Peakflow SP SOAP package.

116 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 7: Report Functions in the Current SOAP API

getTrafficGraph

Prototype
getTrafficGraph(query, graph_configuration)

Accepted parameters
getTrafficGraph accepts the following parameters:

getTrafficGraph parameters

Name Type Description

query string An XML query, defined using current the standard Peakflow SP
XML query schema.
See “Example: XML query” below.

graph_ string An XML representation that specifies the following for the graph:
configuration n (Optional) the title of the graph
n (Optional) the y-axis label
n (Optional) the width of the graph
n (Optional) the height of the graph
n (Optional) whether you want to include a legend with the
graph

See “Example: graph_-configuration XML format” below.

Example: XML query

The following is an example of an XML query:
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="2.0">
   <query type="traffic">
       <time start_ascii="24 hours ago" end_ascii="now"/>
       <unit type="bps"/>
       <search limit="100" timeout="30"/>
       <class type="in"/>
       <class type="out"/>
       <filter type="customer">
           <instance name="CustomerName"/>
       </filter>
       <filter type="application" binby="1"/>
   </query>
<peakflow>

Example: graph_-configuration XML format

The following is an example of the graph_configuration XML format:
<?xml version=\"1.0\" encoding=\"utf-8\"?>

Proprietary and Confidential Information of Arbor Networks Inc. 117

Peakflow SP API Guide, Version 7.6

<peakflow version=\"2.0\">
<graph id=\"graph1\">
   <title>Google Daily Traffic</title>
   <ylabel>bps</ylabel>
   <width>800</width>
   <height>300</height>
   <legend>1</legend>
</graph>
</peakflow>

Return value
getTrafficGraph returns the following value:

getTrafficGraph return value

Name Type Description

graph base64-encoded PNG A graph that displays all of the items returned by
image the query specified as part of the XML report. If
greater than 15 items are returned, then the top
15 items are graphed.

118 Proprietary and Confidential Information of Arbor Networks Inc.

Part IV:
Classic SOAP API
Peakflow SP API Guide, Version 7.6

120 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 8:
Introduction to the Classic SOAP
API and the Python and PHP
Package

Introduction
Peakflow SP supports its classic SOAP API, which allows you to have programmatic access to
the data on Peakflow SP appliances. This chapter includes an introduction to the classic
SOAP API and how to use it with the Python and PHP package. Information about using the
classic SOAP API with Java is described in the next chapter.
Important: The classic SOAP API has been deprecated and support is limited to bugs that
break the service completely. The classic SOAP API is maintained only as a courtesy to
customers until they can migrate to the current SOAP API or to the Arbor Web Services API.
Individual functions in the classic SOAP API may not work in releases after Peakflow SP 7.0.

In this section
This section contains the following topics:
Using the SOAP API in Peakflow SP 122
Getting Started 124
Installing the Peakflow SP SOAP Python Client 125
Viewing Classic SOAP API Examples in PHP 126

Peakflow SP API Guide, Version 7.6 121

Peakflow SP API Guide, Version 7.6

Using the SOAP API in Peakflow SP

Introduction
The SOAP API in Peakflow SP is implemented by the SP leader appliance or a non-leader
appliance that has the user interface role. You can access the SOAP API using HTTPS.
Note: The SOAP interface requires Digest Authentication using either the user name “arbor”
and your zone secret as the password or the user name and password of a user whose account
has been assigned the sp_soap capability token.

References
For more information about SOAP API, see the following references:
n SOAP v1.1: http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
n WSDL v1.1: http://www.w3.org/TR/wsdl
n XMLSchema: http://www.w3.org/TR/xmlschema-0/
n ZSI (a Python SOAP framework) documentation: http://pywebsvcs.sourceforge.net/zsi.html
Note: There is a known bug with Digest Authentication in ZSI that causes all calls to the
SOAP API to fail. See http://sourceforge.net/p/pywebsvcs/bugs/285/ for information about
the bug and how to fix it.
n Java (Oracle Technology Network): http://www.oracle.com/technetwork/java/index.html
n Apache Axis: http://ws.apache.org/axis/

Components of the Peakflow SP SOAP packages

There are two Peakflow SP SOAP packages. One package is for Python and PHP and the
other package is for Java / Axis.
Each package contains the following components:
n Peakflow SP Web Services Definition Language (WSDL) document (called
PeakflowSPClassic.wsdl)
n SOAP client samples (Python and PHP or Java /Axis)
n Readme documentation

The files in these packages provide an XML specification for the Peakflow SP XML Query and
XML Report formats. XML reports always include an XML query. XML queries are not used
outside of an XML report, except with the SOAP API call getTrafficData().
For an example of an XML report query, see the samples in the SOAP package or Appendix B,
“XML Specifications” in the Peakflow SP and Threat Management System (TMS) User Guide.

SOAP endpoint address

The Peakflow SP Web Services Definition Language (WSDL) document contains the endpoint
address for the web service. You can edit the endpoint address to reference your SP leader or
an appliance that has the user interface role in order to use the WSDL file to create a SOAP
client. Depending upon the configuration of the Peakflow SP appliance, this may or may not be
a fully qualified domain name (FQDN).
The following WSDL snippet shows a typical SOAP endpoint binding:
Note: The address of the Peakflow SP appliance in this example is peakflowsp.
<!-- endpoint/soap binding -->

122 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package

<service name="PeakflowSPService">
<port name="PeakflowSPPort" binding="tns:PeakflowSPBinding">
<soap:address location="https://peakflowsp/cgi-bin/soap"/>
</port>
</service>

Resolving address resolution problems

You may experience address resolution problems with your SOAP client code that may be
related to a lack of a FQDN associated with the endpoint address. You can resolve this issue
with one of the following methods:

Methods to resolve resolution problems

Method Procedure
Method 1 1. Set the FQDN on the Peakflow SP appliance using the following
command: / system name set host.domain.ext.
2. Change the name of the appliance in the SP configuration using
the following command: / services sp devices rename
oldnamenewname

Note: You must download the WSDL file from the Peakflow SP Web
UI in order to show the changed address. The WSDL file is downloaded
as part of the API SDK (Administration > Download Arbor API
SDK).

Method 2 Manually edit the endpoint/soap binding section of the Peakflow SP

WSDL to include a FQDN.

Method 3 Programmatically change the endpoint URL within the code. Most
client-side SOAP libraries provide a facility by which you can change
the endpoint URL programatically to redirect the transactions with the
web service.

Arbor recommendations to ensure optimal performance

Arbor recommends the following to ensure optimal performance when you use the SOAP API
with Peakflow SP:
n For the getTrafficGraph() and getTrafficData() SOAP functions, run the same query at five
minute or greater intervals.
n For all other SOAP functions, run the same query at one minute or greater intervals.
n Make 15 or fewer active SOAP connections to Peakflow SP at one time.
n Make 100 or fewer SOAP queries per minute.

Proprietary and Confidential Information of Arbor Networks Inc. 123

Peakflow SP API Guide, Version 7.6

Getting Started

Introduction
The Peakflow API works well with the following:
n Python using the ZSI 1.5 SOAP package
Note: There is a known bug with Digest Authentication in ZSI that causes all calls to the
SOAP API to fail. See
http://sourceforge.net/tracker/index.php?func=detail&aid=2936589&group_
id=26590&atid=387667 for information about the bug and how to fix it.
n PHP
n Java and Apache Axis 1.4

This topic provides information about and instructions for using Python as well as Java and
Apache Axis with the Peakflow API.

Using the example XML reports and queries included in the SOAP package
The binby_router.xml file contains an example XML query for use with getTrafficData(). The file
report.xml contains an example XML report for use with getTrafficGraph().
The XML query format is described in Appendix B, “XML Specifications” of the Peakflow SP
and Threat Management System (TMS) User Guide and in the XML schema files included in
the SOAP package.
Note: As an alternative, you can create your own client interface in Perl, Java, or another
language. Select an appropriate SOAP package for that language and use the
PeakflowSP.wsdl file to generate your own client-side interface.

124 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 8: Introduction to the Classic SOAP API and the Python and PHP Package

Installing the Peakflow SP SOAP Python Client

Introduction
This topic describes how to install the Peakflow SP SOAP Python client.

Procedure
To install the Peakflow SP SOAP Python client:
1. Download the Arbor SDK from the Web UI (Administration > Download Arbor API
SDK).
The example SOAP clients are located in the Classic folder.
2. Install the following third-party packages:
l py-ZSI 1.5–You can download the ZSI 1.5 package for Python from
http://pywebsvcs.sourceforge.net/zsi.html.
l pyXML 0.6 or later–You can download the XML package for Python from
http://python.org.
l Python 2.3 or later–You can download Python from
http://python.org.
3. Run the sudo Python setup application. This installs the necessary sp.soap Python library
into your Python site-packages location.
4. Test the script by running the following:
./soap_client.py -h leader_appliance -z zone_secret \ -c
getAlertSummaries -o offset=0 -o count=10
where:
leader_appliance = the name of the leader appliance
zone_secret = the word or phrase that is used by all appliances in the system for
internal communication
5. Run the following command to get its usage and a list of examples:
./soap_client.py -h

Note: There is a known bug with Digest Authentication in ZSI that causes all calls to the
SOAP API to fail. See
http://sourceforge.net/tracker/index.php?func=detail&aid=2936589&group_
id=26590&atid=387667 for information about the bug and how to fix it.

Proprietary and Confidential Information of Arbor Networks Inc. 125

Peakflow SP API Guide, Version 7.6

Viewing Classic SOAP API Examples in PHP

Introduction
The PHP SOAP client shows examples of the classic SOAP API written in PHP. You can use
the examples to determine how to use many of the Peakflow SP classic SOAP API calls. Arbor
recommends using PHP because it is easy to use and well-supported.

PHP client requirements

To run the PHP SOAP client, you must have a version of PHP installed on your system that has
SOAP support enabled.
To confirm SOAP support in your PHP build:
1. Go to a terminal prompt on the computer where you installed PHP.
2. Run the php -i command.
3. Verify that you see soap or enable-soap in the output.

Note: If you do not have SOAP support enabled in your PHP build, you can download a
current PHP source package from http://www.php.net/downloads.php. Follow the building and
installation instructions included with the source package. To enable SOAP support, include
the “--enable-soap” option when running the build’s “configure” script.

126 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 9:
Using Java/Axis with the Classic
SOAP API

Introduction
This chapter provides information about and instructions for using Java and Axis with the
classic Peakflow SOAP API.

In this section
This section contains the following topics:
Prerequisites for Using Java/Axis with the SP SOAP Interface 128
Configuring Certificates 130
Generating the Client Proxy Code 132
Using the Client Proxy Code 133
Using the Utility Package 135
Working with the Sample Code for Java/Axis 136
Building and Running the Sample Projects 138
Fault Handling 147
Capturing the XML Request and Response 148

Peakflow SP API Guide, Version 7.6 127

Peakflow SP API Guide, Version 7.6

Prerequisites for Using Java/Axis with the SP SOAP Interface

Introduction
This topic describes the component and configuration prerequisites for using Java/Axis with the
classic SP SOAP Interface.

Requirements
The information and examples included in this chapter use the following configuration:
n Java JDK 5.0 Update 9 or higher
n Apache Axis 1.4 -- http://ws.apache.org/axis/
Note: Due to a known issue in the Axis 1.4 release build (AXIS-2394), you may want to use
an Axis 1.4 nightly build for Peakflow SP SOAP client development.
n Apache Commons HttpClient, version 3.1 -- http://hc.apache.org/httpclient-3.x/
Note: In Peakflow SP versions 5.0 and later, clients must support HTTP Digest
Authentication. To enable this behavior, the Commons HTTPSender is selected as the
HTTP transport in client-config.wsdd. Clients must also either force HTTP/1.0 or disable
chunked encoding with the present server implementation. The Java client example forces
HTTP/1.0 for SOAP transactions. To disable chunked encoding instead, use the following
Java statement:
pfspStub._setProperty
(org.apache.axis2.transport.http.HTTPConstants.CHUNKED,”false”)
n Apache Commons Codec, version 1.2 or higher -- http://commons.apache.org/codec/

Classpath notes
The Axis toolkit has a number of jar files that Java must be able to find. These include the
following:
n axis.jar
n axis-ant.jar
n axis-schema.jar
n commons-discovery-0.2.jar
n commons-logging-1.0.4.jar
n jaxrpc.jar
n saaj.jar
n wsdl4j-1.5.1
n log4j-1.2.8.jar (or whatever is appropriate for your chosen logging implementation)

Note: All of these Axis class .jar files should be added to the AXISCLASSPATH environment
variable.
In addition, the following classes from the Apache Commons project must be somewhere in
your classpath:
n commons-httpclient-3.1.jar
n commons-codec-1.2.jar

128 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Note: This guide assumes that variables were configured as described in the “Classpath
Setup” section of the Axis Installation Guide. As such, this guide includes simpler, rather than
detailed, references to variables like AXIS_HOME and AXISCLASSPATH.
For more information, see the following page detailing the Axis classpath:
http://ws.apache.org/axis/java/install.html#ClasspathSetup

Digest authentication
Starting with version 5.0, Peakflow SP uses Digest authentication for HTTPS connections.
You must configure your Java Axis environment to perform Digest authentication in order to use
the Peakflow SP Java SOAP client. The Peakflow SP Java client examples are configured to
perform Digest authentication by default, using the Apache Commons HttpClient.

Proprietary and Confidential Information of Arbor Networks Inc. 129

Peakflow SP API Guide, Version 7.6

Configuring Certificates

Introduction
All Peakflow API calls are encrypted with SSL (as HTTPS) to protect the privacy of your data.
Use of the Peakflow API is therefore subject to SSL certificate configuration.
When you use a browser to display an SSL encrypted site, you may be prompted to configure a
certificate if the certificate was not issued by a trusted certificate authority or if there is another
certificate issue. However, when you attempt to make an SSL connection programmatically,
there is not an automated mechanism for interactive prompting. Because of this, a connection
that normally results in a prompt for the user results in a failed connection for a Web service
client application.
Before using the Peakflow API, you must configure the Java environment to accept the
certificate of the Peakflow appliance. You can download the certificate from the Peakflow
appliance and then install it into a system-wide Java keystore as described below.

Obtaining the Peakflow certificate file

You can obtain the Peakflow SP certificate file from Arbor Customer Support or by issuing
either of the following commands:
n / system files show

The certificate file is listed in the output.

n / system files directory disk:
The certificate file is on disk.

The Java Runtime Environment and the cacerts keystore

The Java Runtime Environment (JRE) uses keystore databases to store information about
private keys and certificates. Keystores are configured using the keytool command-line utility
included with the JRE.
A system-wide keystore named cacerts resides in the security properties directory,
java.home\lib\security, where java.home is the runtime environment's directory (the JRE
directory in the SDK or the top-level directory of the Java 2 Runtime Environment). For the
examples in this chapter, you should import the Peakflow certificate into the cacerts keystore.

Importing a Peakflow certificate file

To import a Peakflow SP certificate file:
1. Type openssl x509 -in peakflowsp.crt -out peakflowsp.der -outform
der, and then press ENTER to convert the Peakflow SP certificate to X.509 format using
the openssl tool.
Note: Replace peakflowsp with the hostname of the Peakflow SP system from which
you downloaded the certificate.
2. Type $JAVA_HOME/bin/keytool -import -alias peakflowsp -file
peakflowsp.der -keystore $JRE_HOME/lib/security/cacerts, and then press
ENTER to import the Peakflow SP certificate into your cacerts keystore.
Note: Replace peakflowsp with the hostname of the Peakflow SP system from which
you downloaded the certificate.

130 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Note: A password is required to change the cacerts keystore (the keytool will prompt you for
this password). The default password for the cacerts keystore is changeit. You may want to
change this for security purposes.
Completion of these steps configures the Java environment to allow connections to the
Peakflow appliance.

Proprietary and Confidential Information of Arbor Networks Inc. 131

Peakflow SP API Guide, Version 7.6

Generating the Client Proxy Code

Introduction
To generate Web service client proxy code for the Peakflow API, use the WSDL2Java tool that
is provided with Axis. WSDL2Java is part of the org.apache.axis.wsdl package and uses the
following syntax:
java [-cp <classpath>] org.apache.axis.wsdl.WSDL2Java [options]

You can use the WSDL2Java tool to process remote WSDL documents that are specified by
URL or local WSDL documents that are specified by path. The generated client code is
created in a package hierarchy rooted in the current working directory.
Note: For WSDL documents specified by URL, WSDL2Java connects to the Web service
server and then downloads the WSDL document and process.

Generating the client proxy code with WSDL2Java

After you download the WSDL document for your Peakflow appliance to your local system, you
can use WSDL2Java to generate the client proxy code. The WSDL2Java command to do this
requires only the path to the local WSDL document as an argument.
By default, the WSDL2Java tool uses the current working directory as the output target. This
means that it will generate a directory hierarchy within the current working directory that
contains the various class files that comprise the Peakflow stub client code. You can move
these directories and files later; however, you may want to run this command directly from your
project directory so that the files are created there. Alternatively, you can also use the –o
argument to specify an output directory.
The following command processes the Peakflow WSDL document that is located in the
current directory (named peakflowsp.wsdl) and generates the stub client code:
Windows: java -cp %AXISCLASSPATH% org.apache.axis.wsdl.WSDL2Java
peakflowsp.wsdl

Unix: java -cp "$AXISCLASSPATH" org.apache.axis.wsdl.WSDL2Java

peakflowsp.wsdl

If successful, the generated client proxy code is created as a PeakflowSP package, rooted in
the current working directory. A directory hierarchy appropriate for this package (for example,
PeakflowSP/PeakflowSP/… ) is created in the current directory.

132 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Using the Client Proxy Code

Introduction
The following sections detail the steps required to use the generated client proxy code in a
Java/Axis project.

Task Overview
After the client proxy code is generated, perform the following required tasks to begin using the
Peakflow API:
1. Import the classes into your Java project.
2. Create and initialize the necessary interface objects.
3. Supply the proper authentication credentials to the interface.
4. Import and add handling for the AxisFault class for SOAP faults.
5. Add proper handling of response values.

Importing the classes

To import the classes into your Java project:
1. Confirm that the directory hierarchy (PeakflowSP), containing the Peakflow classes
generated by WSDL2Java, is located within your project directory. If it is not, copy it there.
2. Add the following import statement to your referencing Java class:
import PeakflowSP.*;

Creating and initializing the interface objects

To create and initialize the interface objects:
1. Create a PeakflowSPServiceLocator object (ServiceLocator).
2. Initialize the getPeakflowSPPort() method to retrieve the PeakflowSPPort object
that is the actual wrapper for the Peakflow API.
Note: Peakflow SP operations are member functions of the Port class.

The following code shows an example of these steps for creating and initializing the pfspPort
object:
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();
PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

Supplying authentication credentials

To supply the proper authentication credentials for the interface to connect to the Peakflow
appliance:
n Use the Stub class (the class that hides all of the detailed work behind the scenes) to supply
a user name and password for the connection.

Note: Verify that you have your Java Axis environment configured to perform Digest
authentication.
The following code shows an example of these steps to set up authentication:
PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;
pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");

Proprietary and Confidential Information of Arbor Networks Inc. 133

Peakflow SP API Guide, Version 7.6

Note: For users who do not have the sp_soap capability, the SOAP interface requires
authentication using the user name arbor and their zone secret as the password.

Adding exception handling

To add exception handling:
1. Add an import for the org.apache.axis.AxisFault class for catching these SOAP
faults.
2. Wrap SOAP operations in try-catch blocks to handle AxisFaults.
3. Add the following import statements to your referencing Java class:
import org.apache.axis.AxisFault;

Note: You must use the proper exception handling with try-catch blocks that include handling
of the AxisFault class for SOAP faults. AxisFaults represent the error conditions that can
occur during SOAP operations with Java/Axis.

AxisFault handling example

The following code shows an example of AxisFault handling:
try {
...
String strResultXML = pfspPort.cliRun(strCommand);
...
}
catch (AxisFault e) {
System.out.println("AxisFault: " + e.getFaultString());
}

For more information about AxisFaults and their content, see “Fault Handling” on page 147.

Response handling
The output for all of the Configuration Management functions are returned in the standard
Peakflow SP XML data format with a base64-encoded query-reply text node.
The following XML snippet shows an example result from an accountAdd operation:
<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query-reply name="accountAdd" type="text"> T0s= </query-reply>
</peakflow>
Note: With the exception of the cliRun operation, the normal return value for successful
completion of the operations documented below is OK. The example above reflects the result
from the successful completion of an accountAdd operation—the text node value is the
base64-encoded representation of OK.
A Peakflow SP SOAP client application will need to parse the returned XML blob to extract the
query-reply text node. The value of this text node is base64-encoded and must be decoded to
get the plaintext result value.
Note: The Peakflow SP Utility package (described in the next section) includes helper
functions to assist with the processing of response values.

134 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Using the Utility Package

Introduction
A Peakflow SP Utility package was created with some simple helper functions that you might
find useful while developing Peakflow SP SOAP client code with Java/Axis. The sample code,
discussed in the sections below, uses this package. The use of this package is not required but
provides a shared codebase of common methods and allows for the samples themselves to be
as simple as possible with a minimum of code duplication. The utility package provides simple
functions to handle base64 encoding and decoding as well as a helper function to parse and
decode a Peakflow SP response value.

Procedure
To import the Peakflow SP Utility classes into your Java project:
1. Confirm that the directory hierarchy (PeakflowSPUtil), containing the Peakflow utility class
(available within the Peakflow SP SOAP Package), is located within your project
directory. If it is not, copy it there.
2. Add the following import statement to your referencing Java class:
import PeakflowSPUtil.*;

Example
You can use the simple utility functions within the PeakflowSPUtil package once they are
imported into your project. The functions are all static member functions within the PfSPUtil
class and can be called without creation of a class instance.
The following code is an example of how to use the getResultFromXML function:
try
{
...
String strResultXML = pfspPort.cliRun(strCommand);
System.out.println(PfSPUtil.getResultFromXML(strResultXML));
...
}
catch(AxisFault e)
{
e.printStackTrace();
}

Proprietary and Confidential Information of Arbor Networks Inc. 135

Peakflow SP API Guide, Version 7.6

Working with the Sample Code for Java/Axis

Introduction
This section provides a few example projects that integrate all of the elements discussed earlier
into applications that use the classic Peakflow API to query and display data from the Peakflow
appliance. The SDK includes the source code and the necessary project files and scripts.

About the sample code included

The src directory of the SDK includes the sample code for Java with Axis. There are four
subdirectories that correspond to the two sample projects (pfspsample1 and pfspsample2),
the shared client proxy code (pfspproxy), and the utility package (pfsputil).
The following diagram shows this hierarchy:
+ src
+ pfspsample1 – Sample Project 1
+ pfspsample2 – Sample Project 2

+ pfspproxy - Shared Client Proxy Package

+ PeakflowSP - Root of generated Peakflow SP proxy package

+ pfsputil - Shared Utility Package

+ PeakflowSPUtil - Root of the provided Peakflow SP Utility package

Customizing the sample code

Because the Peakflow client proxy code is associated with an endpoint of a specific Peakflow
appliance, you must customize the projects for your Peakflow deployment.
Complete the following steps to customize the solution for your Peakflow deployment:
1. Update the client proxy code within the pfspproxy directory.
2. Update the user name and password used for authentication in each of the sample
projects (pfspsample1, pfspsample2).

Updating the client proxy code

You can update the client proxy code (pfspproxy) for your Peakflow deployment by using one of
the following methods:
n Replace the existing client proxy code (pfspproxy).
n Programmatically change the endpoint URL within the code.

Note: An existing pfspproxy client proxy package is included but is intended to be only a
placeholder.

Replacing the sample client proxy code

To replace the client proxy code included in the pfspproxy directory:
1. Delete the existing net directory within pfspproxy.
2. Download the WSDL document for your Peakflow appliance to the pfspproxy directory.
3. Generate the PeakflowSP package (recreating the PeakflowSP directory and content).

136 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

For information on generating the PeakflowSP package, see “Generating the Client Proxy
Code” on page 132.

Changing the endpoint URL

As an alternative to replacing the client proxy code, you can also programmatically modify the
endpoint URL within the code (while continuing to use the pre-generated client proxy code
included with the SDK). To do this:
1. Locate the block of code that includes the call to
setPeakflowSPPortEndpointAddress in each of the sample classes.
It is located near the beginning of each of the samples immediately following the creation
of the PeakflowSPServiceLocator object. It looks like the following:
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);
Note: The client proxy code in the SDK was generated using a version of the Peakflow SP
WSDL document that is not specific to a particular Peakflow SP appliance. Instead, it
includes an endpoint address of ”https://@@HOSTNAME@@/cgi-bin/soap”. You can
replace the ”@@HOSTNAME@@” programatically with the address of your Peakflow SP
appliance, which is the purpose of the three samples above.
2. Uncomment the calls as they are currently commented out.
3. Replace peakflowsp with the address of your Peakflow appliance.

Updating the password

You must change the password used for communication with the Peakflow appliance to your
Peakflow SP zone secret. The user name and password are configured using the stub’s
setUserName and setPassword methods in each of the sample projects (pfspsample1,
pfspsample2). You must change each instance.
Note: For users who do not have the sp_soap capability, the SOAP interface requires
authentication using the user name arbor and their zone secret as the password.
To update the password:
1. Locate calls to the setUserName and setPassword methods in each of the sample
classes.
They are located at the beginning of each of the samples closely following the creation of
the PeakflowSPServiceLocator object. It looks like the following:
pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");
2. Replace the <<zonesecret>> with your Peakflow SP zone secret.

Proprietary and Confidential Information of Arbor Networks Inc. 137

Peakflow SP API Guide, Version 7.6

Building and Running the Sample Projects

Introduction
You can use the script files in the SDK to build and run the sample projects after you perform
the following actions:
n either replace the client proxy code or change the endpoint URL
n update the user name and password to customize the sample code for your Peakflow
appliance

The script files are located in the project directories (pfspsample1, pfspsample2). Use the
build scripts (build.sh for Unix; build.cmd for Windows) to build a project, and then use the
test scripts (testit.sh for Unix; testit.cmd for Windows) to run a project.

Sample 1— adding and deleting accounts

The first use of the interface (pfspsample1) is a program that demonstrates the addition and
deletion of a sample account (PfSPSampleUser). This program presents a simple menu with
the following three options:
n (1) Create the PfSPSampleUser account
n (2) Delete the PfSPSampleUser account
n (0) Exit the sample application

Sample 1 code overview

To build and run the sample 1 project:
1. Create the objects and initialize the Peakflow stub client (pfspPort).
2. Use the pfspStub object to establish network credentials with the appropriate user name
and password (as described above) for the Peakflow appliance.
3. Display a menu with options to create the account, delete the account, and exit the
application.
4. Prompt the user for the menu selection and then process as described in the following:
l [1] Use the accountAdd operation to add the PfSPSampleUser account.
l [2] Use the accountDelete operation to delete the PfSPSampleUser account.
l [0] Exit the program.
5. Parse, decode, and display the result of the SOAP operation executed.
6. Prompt the user to “Press <ENTER> to continue...”
7. Return to Step 3 to display the menu for the user.
The menu repeatedly displays after each operation until the user selects to exit the
application.

Sample 1 listing
The following example shows the listing of the first sample project:
import java.io.BufferedReader;
import java.io.InputStreamReader;

import org.apache.axis.AxisFault;
import org.w3c.dom.Element;

138 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

import org.w3c.dom.Node;

import PeakflowSP.*;
import PeakflowSPUtil.*;

public class PfSPSample1 {

public static void main(String[] args) {

try
{
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();
// The client proxy code can be customized for a particular Peakflow
SP installation by either:
//
// (1) Generating the client proxy code from the WSDL document
downloaded
// directly from the Peakflow SP interface (from the
Scripting Interface
// page or the Scoped UI Settings page).
// (2) Or, by programmatically modifying the endpoint using
the code below.
// To do so, uncomment the code below and change 'peakflowsp' to
the address of
// the Peakflow SP box.
//
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);

PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;

// Configure Basic Authentication

pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");

String strAccountName = "PfSPSampleUser";

while(true)
{
System.out.println("");

Proprietary and Confidential Information of Arbor Networks Inc. 139

Peakflow SP API Guide, Version 7.6

System.out.println("PeakflowSP Java/Axis1 SOAP Sample #1");

System.out.println("");
System.out.println("[1] Create the " + strAccountName + " account
(accountAdd operation)");
System.out.println("[2] Delete the " + strAccountName + " account
(accountDelete operation)");
System.out.println("");
System.out.println("[0] Exit sample application");
System.out.println("");
System.out.print("Choice: ");

String input = stdin.readLine();

int nChoice = 0;
try { nChoice = Integer.valueOf(input).intValue(); }
catch (NumberFormatException e) { continue; }

if (nChoice == 0)
break;
else if (nChoice == 1)
{
String strPassword = "sample";
String strGroup = "arbor_user";
String strMenu = ""; // Use default
String strTimezone = ""; // Use default
String strScope = ""; // Use default
String strRealname = "Java/Axis1 Sample Account";
String strEmail = "";

System.out.println("");
System.out.println("Calling PeakflowSPPort.accountAdd(" +
toQuotedString(strAccountName) + "," + toQuotedString(strPassword) +
"," + toQuotedString(strGroup) + "," + toQuotedString(strMenu) + "," +
toQuotedString(strTimezone) + "," + toQuotedString(strScope) + "," +
toQuotedString(strRealname) + "," + toQuotedString(strEmail) + ")");
System.out.println("");

try
{
String strResultXML = pfspPort.accountAdd(strAccountName, strPassword,
strGroup, strMenu, strTimezone, strScope, strRealname, strEmail);
System.out.println("PeakflowSPPort.accountAdd return value = " +
PfSPUtil.getResultFromXML(strResultXML));
}

140 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

catch(AxisFault e)
{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
catch(Exception e)
{
e.printStackTrace();
}
}
else if (nChoice == 2)
{
System.out.println("");
System.out.println("Calling PeakflowSPPort.accountDelete(" +
toQuotedString(strAccountName) + ")");
System.out.println("");

try
{
String strResultXML = pfspPort.accountDelete(strAccountName);
System.out.println("PeakflowSPPort.accountDelete return value = " +
PfSPUtil.getResultFromXML(strResultXML));
}
catch(AxisFault e)
{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
catch(Exception e)
{
e.printStackTrace();
}

Proprietary and Confidential Information of Arbor Networks Inc. 141

Peakflow SP API Guide, Version 7.6

System.out.println("");
System.out.println("Press <ENTER> to continue ...");

stdin.readLine();
}
}
catch (Exception e)
{
System.out.println("An exception was encountered: " + e);
e.printStackTrace();
}
}

private static String toQuotedString(String strValue)

{
return "\"" + strValue + "\"";
}

// Create a single shared BufferedReader for keyboard input.

private static BufferedReader stdin = new BufferedReader( 
new InputStreamReader( System.in ) );

Sample 1 output
The output of the first sample project that demonstrates the addition and deletion of accounts
will be similar to the following:
PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 1

Calling PeakflowSPPort.accountAdd("PfSPSampleUser","sample", "arbor_

user","","","", "Java/Axis1 Sample Account","")

PeakflowSPPort.accountAdd return value = OK

142 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Press <ENTER> to continue ...

PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 2

Calling PeakflowSPPort.accountDelete("PfSPSampleUser")

PeakflowSPPort.accountDelete return value = OK

Press <ENTER> to continue ...

PeakflowSP Java/Axis1 SOAP Sample #1

[1] Create the PfSPSampleUser account (accountAdd operation)

[2] Delete the PfSPSampleUser account (accountDelete operation)

[0] Exit sample application

Choice: 0

Sample 2 —Executing CLI commands

The second use of the interface (pfspsample2) provides an example of executing CLI
commands by providing a “pseudo-CLI” interface. The program simply displays a # prompt at
which you can type CLI commands. The output of each specified command is then displayed.

Sample 2 code overview

To build and run the sample 2 project:
1. Create the objects and initialize the Peakflow stub client (pfspPort).
2. Use the pfspStub object to establish network credentials with the appropriate user name
and password (as described above) for the Peakflow appliance.
3. Display ‘#’ and prompt the user for a command to execute.
4. Parse, decode, and display the result of the CLI command (SOAP operation) executed.
Note: /x is used to exit the program.
5. Return to Step 3 to prompt the user for the next command.

Proprietary and Confidential Information of Arbor Networks Inc. 143

Peakflow SP API Guide, Version 7.6

Sample 2 listing
The following example shows the listing of the second sample project:
import java.io.BufferedReader;
import java.io.InputStreamReader;

import org.apache.axis.AxisFault;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

import PeakflowSP.*;
import PeakflowSPUtil.*;

public class PfSPSample2 {

public static void main(String[] args) {

try
{
PeakflowSPServiceLocator pfspLocator = new PeakflowSPServiceLocator();

// The client proxy code can be customized for a particular Peakflow

SP installation by either:
//
// (1) Generating the client proxy code from the WSDL document
downloaded
// directly from the Peakflow SP interface (from the
Scripting Interface
// page or the Scoped UI Settings page).
// (2) Or, by programmatically modifying the endpoint using
the code below.
// To do so, uncomment the code below and change 'peakflowsp' to
the address of
// the Peakflow SP box.
//
// String strAddress = pfspLocator.getPeakflowSPPortAddress();
// String strNewAddress = strAddress.replaceAll("@@HOSTNAME@@",
"peakflowsp");
// pfspLocator.setPeakflowSPPortEndpointAddress(strNewAddress);

PeakflowSPPort pfspPort = pfspLocator.getPeakflowSPPort();

PeakflowSPBindingStub pfspStub = (PeakflowSPBindingStub)pfspPort;

// Configure Basic Authentication

144 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

pfspStub.setUsername("arbor");
pfspStub.setPassword("<<zonesecret>>");

System.out.println("");
System.out.println("Entering Pseudo-CLI Mode ('/x' to exit)...");
System.out.println("");

while(true)
{
try
{
System.out.print("# ");
String strCommand = stdin.readLine();

if (strCommand.compareToIgnoreCase("/x") == 0)
{
System.out.println("");
System.out.println("Exiting Pseudo-CLI Mode...");
System.out.println("");
return;
}

String strResultXML = pfspPort.cliRun(strCommand);

System.out.println(PfSPUtil.getResultFromXML(strResultXML));
}
catch(AxisFault e)
{
// e.printStackTrace();
Element[] details = e.getFaultDetails();
for(int nIndex = 0; nIndex < details.length; ++nIndex)
{
Node textNode = details[0].getFirstChild();
System.out.println(textNode.getNodeValue());
}
}
}
}
catch (Exception e)
{
System.out.println("An exception was encountered: " + e);
e.printStackTrace();

Proprietary and Confidential Information of Arbor Networks Inc. 145

Peakflow SP API Guide, Version 7.6

}
}

private static String toQuotedString(String strValue)

{
return "\"" + strValue + "\"";
}

// Create a single shared BufferedReader for keyboard input.

private static BufferedReader stdin = new BufferedReader( 
new InputStreamReader( System.in ) );

Sample 2 output
The output of the second sample project that allows for the execution of specified CLI
commands for Peakflow will be similar to the following (subject to the commands specified):
Entering Pseudo-CLI Mode ('/x' to exit)...

# / ?

ip/ IP and network configuration

services/ System services
system/ System configuration

# / services sp show

Peakflow SP (CP) state: started

# / services ssh show

SSH service status:

Status: running
Port: 22 (default)
Protocol: 2,1 (default)

# /x

Exiting Pseudo-CLI Mode...

146 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 9: Using Java/Axis with the Classic SOAP API

Fault Handling

Introduction
You must properly handle AxisFaults in your application. This means having the proper catch
blocks to catch exceptions of this type and then processing them accordingly.
See “Generating the client proxy code with WSDL2Java” on page 132.

AxisFault fields
The following table shows the AxisFault fields returned by the Peakflow API and what they
mean:

AxisFault fields

Field Description
faultCode The faultCode field describes the source of the problem, which is
either Client or Server.
n If the faultCode is Client, it means that there was a problem with
the parameters submitted to the API.
n If the faultCode is Server, it means that Peakflow encountered an
unexpected problem while processing the request.
faultString A descriptive string that explains the source of the error.
n If the faultCode is Client, the faultString will be “Client Error”.
n If the faultCode is Server, the faultString will be “Server
Error”.
details A descriptive string that explains the nature of the fault.
Example: The accountAdd operation may result in an AxisFault for
an existing account with the same name, as shown in “About the
Configuration Management Functions” on page 172. This type of
details would look like:
“Local user already exists "PfSPSampleUser": ...“

Proprietary and Confidential Information of Arbor Networks Inc. 147

Peakflow SP API Guide, Version 7.6

Capturing the XML Request and Response

Introduction
It may be helpful to capture the XML request and response messages for debugging purposes.
Axis allows you to log these messages to a file of your choice. To do this, you must create a
client-config.wsdd in the application’s working directory.

Example
The following example shows the content of the client-config.wsdd that accomplishes this:
<!-- Save this file as "client-config.wsdd" in the working directory
of your Axis client. Axis will load it automatically. The
configuration here tells Axis to save all incoming and outgoing
XML into a file named "axis.log"
-->

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<handler name="log" type="java:org.apache.axis.handlers.LogHandler"/>
<globalConfiguration>
<requestFlow>
<handler type="log"/>
</requestFlow>
<responseFlow>
<handler type="log"/>
</responseFlow>
</globalConfiguration>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
</deployment>
Note: All of the sample Java/Axis projects include a client-config.wsdd, configured as shown
above.

148 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 10:
Alert Functions in the Classic SOAP
API

Introduction
This chapter includes information about the supported alert functions in the Peakflow SP
classic SOAP API.
You can download the PeakflowSPClassic.wsdl file for a complete specification of the
data types used for each classic SOAP API alert function’s parameters and return value. The
WSDL file is downloaded as part of the API SDK (Administration > Download Arbor API
SDK).

In this section
This section contains the following topics:
getAlertSummaries 150
getAlertInterfaces 155
getAlertInterfaceDetails 158
getAlertInterfacesXML 163
getAlertRouterInterfacesXML 165
getAlertGraph 167
getAlertGraphData 168
getAlertStatisticsRaw and sqlQuery 170

Peakflow SP API Guide, Version 7.6 149

Peakflow SP API Guide, Version 7.6

getAlertSummaries

Prototype
getAlertSummaries(filter, count, offset )

Accepted parameters
getAlertSummaries accepts the following parameters:

getAlertSummaries parameters

Name Type Description

filter AlertSummaryFilter Criteria to filter which alerts to return.
See “AlertSummaryFilter elements” below.

count unsigned integer The number of alerts to return.

offset unsigned integer Designates to skip the first offset alerts (sorted
by alert ID).

AlertSummaryFilter elements
AlertSummaryFilter is a complex type that contains the following elements:

AlertSummaryFilter element

Name Type Description

parentProfile string Limits the returned alerts to those that affect the
managed object named parentProfile and its
children.

Return values
getAlertSummaries returns the following values:

getAlertSummaries return values

Name Type Description

count unsigned integer The number of alerts to return.

offset unsigned integer The offset of the returned alerts (as sorted by
alert ID).

summaries array of An array of summary information about each

AlertSummary alert.
See “AlertSummary elements” on the facing
page.

150 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

AlertSummary elements
The AlertSummary record describes a single alert and contains the following elements:

AlertSummary elements

Name Type Description

alertId unsigned integer An alert ID.

active boolean One of the following:

n “True” for an ongoing alert
n “False” for any other alert

srcCidr string The primary source CIDR that matches the

alert traffic.

dstCidr string The primary destination CIDR that matches

the alert traffic.

direction string The direction of the alert traffic, relative to the

managed object against which the alert was
detected. The direction can be either
“Incoming” or “Outgoing.”

startTime unsigned integer The time at which an alert started, in seconds

past the epoch (January 1, 1970 UTC).

stopTime unsigned integer The time at which an alert stopped, in

seconds since the epoch (January 1, 1970
UTC).

type string The type of alert, which is the same as that

which is displayed in the Web UI.

importance string The importance of an alert, which can be one

of the following:
n low
n medium
n high

profile string The name of the affected managed object.

characterization AlertCharacterization The alert traffic summary.

See “AlertCharacterization” on the next page.

Proprietary and Confidential Information of Arbor Networks Inc. 151

Peakflow SP API Guide, Version 7.6

AlertCharacterization
AlertCharacterization describes alert traffic and contains the following elements:

AlertCharacterization elements

Name Type Description

src string The primary source of alert traffic.

dst string The primary destination of alert traffic.

srcPorts string The port or port range of primary source ports of

alert traffic.

dstPorts string The port or port range of primary destination ports of

alert traffic.

protocol string The protocol number of the primary protocol of alert

traffic.

tcpFlags string The bitwise OR of all TCP flags detected in alert

traffic.

Example: PHP
The following is a PHP example of calling the getAlertSummaries SOAP function for an alert,
skipping the five most recent alerts and returning the two alerts prior to that:
$count = 2;
$offset = 5;
$filter = array('parentProfile' => 'myCustomer');

$result = $client->getAlertSummaries($count, $offset, $filter);

if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:
Array
(
[count] => 2
[offset] => 5
[summaries] => Array
(
[0] => stdClass Object

152 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

(
[alertId] => 345389
[active] => 0
[srcCidr] => 0.0.0.0/0
[dstCidr] => 2.3.2.5/32
[direction] => Incoming
[startTime] => 1254248832
[stopTime] => 1254249153
[type] => TCP RST
[importance] => 0
[profile] => myCustomer
[characterization] => stdClass Object
(
[src] => 1.1.2.1/32
[dst] => 2.3.3.5/32
[srcPorts] => 1296-1297
[dstPorts] => 80-81
[protocols] => -
[tcpFlags] => 31
)

[1] => stdClass Object

(
[alertId] => 345388
[active] => 0
[srcCidr] => 0.0.0.0/0
[dstCidr] => 1.2.3.5/32
[direction] => Incoming
[startTime] => 1254248832
[stopTime] => 1254249273
[type] => TCP RST
[importance] => 0
[profile] => UUNET
[characterization] => stdClass Object
(
[src] => 2.3.3.5/32
[dst] => 1.2.3.5/32
[srcPorts] => 1222-1223
[dstPorts] => 80-81
[protocols] => -

Proprietary and Confidential Information of Arbor Networks Inc. 153

Peakflow SP API Guide, Version 7.6

[tcpFlags] => 29
)

Example: Python
The following is a Python example of calling the getAlertSummaries SOAP function for an
alert, skipping the five most recent alerts and returning the two alerts prior to that:
soap_client.py -h my_sp_leader -z my_zone_secret -c getAlertSummaries
-o count=2 -o offset=5

154 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

getAlertInterfaces

Prototype
getAlertInterfaces(alertId)

Accepted parameters
getAlertInterfaces accepts the following parameter:

getAlertInterfaces parameters

Name Type Description

alertId unsigned integer An alert ID.

Return values
getAlertInterfaces returns the following value:

getAlertInterfaces return values

Name Type Description

details array of An array of interfaces that saw traffic that
AlertInterface matched a given DoS alert.
See “AlertInterface elements” below.

AlertInterface elements
AlertInterface contains the following elements:

AlertInterface elements

Name Type Description

name string The name of an interface.

descr string The description of an interface.

ip string The IP address of an interface.

snmp_index integer The SNMP index of an interface.

iface_id integer The internal Peakflow SP identifier for the interface.

expected_bps float The expected bps rate of traffic on an interface for

profiled DoS alerts.

expected_pps float The expected pps rate of traffic on an interface for

profiled DoS alerts.

mean_bps float The mean bps rate of traffic on an interface.

mean_pps float The mean pps rate of traffic on an interface.

Proprietary and Confidential Information of Arbor Networks Inc. 155

Peakflow SP API Guide, Version 7.6

AlertInterface elements (Continued)

Name Type Description

max_bps float The maximum bps rate of traffic detected on an
interface.

max_pps float The maximum pps rate of traffic detected on an

interface.

Example: PHP
The following is an example of calling the getAlertInterfaces SOAP function using PHP:
$alertId = 344317;

$result = $client->getAlertInterfaces($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}

print_r($result);

Prints:

Array
(
[0] => stdClass Object
(
[name] => GigabitEthernet0/2.0
[descr] => myCustomer VLAN
[ip] => 1.1.2.2
[snmp_index] => 29
[iface_id] => 1179678
[mean_bps] => 6289.000000
[mean_pps] => 107.000000
[max_bps] => 17702.000000
[max_pps] => 314.000000
)

156 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

Example: Python
The following is an example of calling the getAlertInterfaces SOAP function using Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfaces -o
alertId=344317

Proprietary and Confidential Information of Arbor Networks Inc. 157

Peakflow SP API Guide, Version 7.6

getAlertInterfaceDetails

Prototype
getAlertInterfaceDetails(alertId, interfaceIp)

Accepted parameters
getAlertInterfaceDetails accepts the following parameters:

getAlertInterfaceDetails parameters

Name Type Description

alertId unsigned An alert ID.
integer

interfaceIp string The IP address of the interface that saw traffic for the
specified alert.

Return values
getAlertInterfaceDetails returns the following value:

getAlertInterfaceDetails return values

Name Type Description

details array of Displays an array of details about the traffic seen on the
AlertInterfaceDetail specified interface for the specified alert.
See “AlertInterfaceDetail” below.

AlertInterfaceDetail
AlertInterfaceDetail contains details about the alert traffic seen on the specified interface for a
specified alert and contains the following elements:

158 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

AlertInterfaceDetail elements

Name Type Description

type an The type of data represented by the
AlertInterfaceDetailType structure. This is an enumeration and can
be one of the following:
n srcCidr
n dstCidr
n protocol
n srcPort
n dstPort
n tcpFlag
n icmpCode

typeData string The value that corresponds to the type

field. For example, a srcCidr entry might
have a typeData value of
192.168.12.0/24. A dstPort entry might
have a typeData value of 200-400.

totalBytes unsignedLong The total number of bytes seen for alert

traffic matching the type and typeData
attributes over the life of an alert.

totalPkts unsignedLong The total number of packets seen for alert

traffic matching the type and typeData
attributes over the life of an alert.

meanBytesPerPkt float The average number of Bytes per packet

for all alert traffic matching the type and
typeData attributes.

meanBitsPerSec float The average traffic rate in bps for all alert
traffic matching the type and typeData
attributes.

meanPktsPerSec float The average traffic rate in pps for all alert
traffic matching the type and typeData
attributes.

Example: PHP
The following is an example of calling the getAlertInterfaceDetails SOAP function using PHP:
$alertId = 344317;
$interfaceIp = '1.1.2.2';

$result = $client->getAlertInterfaceDetails($alertId, $interfaceIp);

if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring

Proprietary and Confidential Information of Arbor Networks Inc. 159

Peakflow SP API Guide, Version 7.6

);
}

print_r($result);

Prints:

Array
(
[0] => stdClass Object
(
[type] => tcpFlag
[typeData] => 31
[totalBytes] => 1084141
[totalPkts] => 19038
[meanBytesPerPkt] => 56.946160
[meanBitsPerSec] => 48184.044444
[meanPktsPerSec] => 105.766667
)

[1] => stdClass Object

(
[type] => dstCidr
[typeData] => 2.3.3.5/32
[totalBytes] => 1132067
[totalPkts] => 19322
[meanBytesPerPkt] => 58.589535
[meanBitsPerSec] => 50314.088889
[meanPktsPerSec] => 107.344444
)

[2] => stdClass Object

(
[type] => dstPort
[typeData] => 0-1
[totalBytes] => 4180
[totalPkts] => 41
[meanBytesPerPkt] => 101.951220
[meanBitsPerSec] => 185.777778
[meanPktsPerSec] => 0.227778
)

160 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

[3] => stdClass Object

(
[type] => dstPort
[typeData] => 60011-60012
[totalBytes] => 1117807
[totalPkts] => 19185
[meanBytesPerPkt] => 58.264634
[meanBitsPerSec] => 49680.311111
[meanPktsPerSec] => 106.583333
)

[4] => stdClass Object

(
[type] => srcPort
[typeData] => 0-4096
[totalBytes] => 41094
[totalPkts] => 227
[meanBytesPerPkt] => 181.030837
[meanBitsPerSec] => 1826.400000
[meanPktsPerSec] => 1.261111
)

[5] => stdClass Object

(
[type] => srcPort
[typeData] => 3283-3284
[totalBytes] => 1021082
[totalPkts] => 18658
[meanBytesPerPkt] => 54.726230
[meanBitsPerSec] => 45381.422222
[meanPktsPerSec] => 103.655556
)

[6] => stdClass Object

(
[type] => srcCidr
[typeData] => 1.2.3.5/32
[totalBytes] => 1040408
[totalPkts] => 18742
[meanBytesPerPkt] => 55.512112
[meanBitsPerSec] => 46240.355556

Proprietary and Confidential Information of Arbor Networks Inc. 161

Peakflow SP API Guide, Version 7.6

[meanPktsPerSec] => 104.122222

)

[7] => stdClass Object

(
[type] => srcCidr
[typeData] => 0.0.0.0/0
[totalBytes] => 91659
[totalPkts] => 580
[meanBytesPerPkt] => 158.032759
[meanBitsPerSec] => 4073.733333
[meanPktsPerSec] => 3.222222
)

Example: Python
The following is an example of calling the getAlertInterfaceDetails SOAP function using
Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfaceDetails
-o alertId=344317 -o interfaceIp=1.1.2.2

162 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

getAlertInterfacesXML

Prototype
getAlertInterfacesXML(alertId)

Accepted parameter
getAlertInterfacesXML accepts the following parameter:

getAlertInterfacesXML parameters

Name Type Description

alertId unsigned integer An alert ID.

Return values
getAlertInterfacesXML returns an XML version of the same values as the getAlertInterfaces
function.
For more information about the getAlertInterfaces return values, see “Return values” on page
155.

Example: PHP
The following is an example of calling the getAlertInterfacesXML SOAP function using PHP:
$alertId = 344317;

$result = $client->getAlertInterfacesXml($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}

print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query-reply name="getAlertInterfaces-query" type="soap">
<interface name="GigabitEthernet0/2.0" descr="myCustomer VLAN"
gid="1179678" snmp_index="29" ip="1.1.2.2" sample_id="" max_bps="17702"
mean_bps="6289" max_pps="314" mean_pps="107"/>
</query-reply>

Proprietary and Confidential Information of Arbor Networks Inc. 163

Peakflow SP API Guide, Version 7.6

</peakflow>

Example: Python
The following is an example of calling the getAlertInterfacesXML SOAP function using Python:
soap_client.py -h myleader -z mysecret -c getAlertInterfacesXml
-o alertId=344317

164 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

getAlertRouterInterfacesXML

Prototype
getAlertRouterInterfacesXML(alertId)

Accepted parameter
getAlertRouterInterfacesXML accepts the following parameter:

getAlertRouterInterfacesXML parameter

Name Type Description

alertId unsigned integer An alert ID.

Return value
getAlertRouterInterfacesXML returns the following value:

getAlertRouterInterfacesXML return value

Name Type Description

results string A detailed list of alert traffic for all routers’ interfaces
involved in the specified alert. It returns the results as
XML data, rather than in SOAP structure.
getAlertRouterInterfacesXML returns the following
information about each interface:
n interface name
n interface description
n SNMP index
n IP address
n total bytes seen
n total packets seen
n average bytes seen
n average packets seen

Example: PHP
The following is an example of calling the getAlertRouterInterfacesXML SOAP function using
PHP:
$alertId = 344317;

$result = $client->getAlertRouterInterfacesXml($alertId);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);

Proprietary and Confidential Information of Arbor Networks Inc. 165

Peakflow SP API Guide, Version 7.6

print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query-reply name="getAlertRouterInterfaces" type="soap">
<router am_start="-1.0" am_stop="-1.0" exp_bps="0.0" exp_pps="500.0"
expected="500.0" importance="0" ip="198.110.209.9" lrm="0.0589" max_
bps="17702" max_pps="314" mean_bps="6289" mean_pps="107"
name="myrouter" rate_unit="pps" router_gid="18" router_id="18" rtr_
addr="164720326" sample_id="" type="router" >
<interface descr="myCustomer VLAN" gid="1179678" iface_id="1179678"
ip="1.1.2.3" max_bps="17702" max_pps="314" mean_bps="6289" mean_
pps="107" name="GigabitEthernet0/2.0" router_address="9.1.9.9" router_
gid="18" sample_id="" snmp_index="29" />
</router>
</query-reply>
</peakflow>

Example: Python
The following is an example of calling the getAlertRouterInterfacesXML SOAP function using
Python:
soap_client.py -h myleader -z mysecret -c getAlertRouterInterfacesXml
-o alertId=344317

166 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

getAlertGraph

Prototype
getAlertGraph(alertId, size)

Accepted parameters
getAlertGraph accepts the following parameters:

getAlertGraph parameters

Name Type Description

alertId unsigned integer An alert ID.

size string The size of the graph, which can be one of the
following:
n small (for a thumbnail)
n large (for 600x400)
n larger (for 800x600)

Note: This parameter is optional, and the default

setting is large.

Return values
getAlertGraph returns the following value:

getAlertGraph return values

Name Type Description

graph base64Binary A graph of the total alert traffic per customer
PNG image interface over the life of the alert.

Proprietary and Confidential Information of Arbor Networks Inc. 167

Peakflow SP API Guide, Version 7.6

getAlertGraphData

Prototype
getAlertGraphData(alertId, unit, limit, element_limit)

Accepted parameters
getAlertGraphData accepts the following parameters:

getAlertGraphData parameters

Name Type Description

alertId unsigned An alert ID.
integer

unit string Specifies the type of data that you want returned. You can type
either bps or pps.
Note: This parameter is optional.

limit unsigned Specifies the number of data points to return for each network
integer element. Data is sampled over the life of an alert to return an even
distribution of points.
Note: This parameter is optional, and the default setting is 100.

element_ unsigned Specifies the number of network elements for which you want the
limit integer system to return data.
Note: This parameter is optional, and the default setting is 100.

Return values
getAlertGraphData returns the following value:

getAlertGraphData return values

Name Type Description

results string A list of network elements, including the following:
n router name
n interface name
n interface SNMP index (this is the interface ID)

For each network element involved in an alert, the getAlertGraphData

function returns the following data samples:
n UTC timestamp (this is the time at which the sample was taken)
n amount of traffic for a router or interface at the sample time (this is the
value)

Example
The following is an example of calling the getAlertGraphData function using PHP:
<?xml version="1.0" encoding="utf=8"?>

168 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 10: Alert Functions in the Classic SOAP API

<peakflow version="1.0" release="7.6">

<query-results>
<alertId>15162</alertId>
<unit>pps</unit>
<limit>200</limit>
<element_limit>200</element_limit>
<router name="Fake1">
<samples>
<sample time="1196964375" value="71331.55"/>
<sample time="1196967814" value="70846.67"/>
...
</samples>
<interface id="1" name="index:1">
<samples>
<sample time="1196964375" value="71331.55"/>
<sample time="1196967814" value="70846.67"/>
...
</samples>
</interface>
<interface>
...
</router>
<router>
....
</query_results>
</peakflow>

Proprietary and Confidential Information of Arbor Networks Inc. 169

Peakflow SP API Guide, Version 7.6

getAlertStatisticsRaw and sqlQuery

Internal use only

The getAlertStatisticsRaw and sqlQuery functions are deprecated. These functions are only
used internally by Peakflow SP.

170 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 11:
Configuration Management
Functions in the Classic SOAP API

Introduction
This chapter includes information about the supported configuration management functions in
the Peakflow SP classic SOAP API.
You can download the PeakflowSPClassic.wsdl file for a complete specification of the
datatypes used for each classic SOAP API function’s parameters and return value. The WSDL
file is downloaded as part of the API SDK (Administration > Download Arbor API SDK).

In this section
This section contains the following topics:
About the Configuration Management Functions 172
cliRun 174
accountAdd 175
accountDelete 178
accountChangePassword 180
accountChangeGroup 181

Peakflow SP API Guide, Version 7.6 171

Peakflow SP API Guide, Version 7.6

About the Configuration Management Functions

Introduction
Peakflow SP supports the following configuration management functions:
n cliRun
n accountAdd
n accountDelete
n accountChangePassword
n accountChangeGroup

You can download the PeakflowSPClassic.wsdl file for a complete specification of the
data types used for each classic SOAP API function’s parameters and return value. The WSDL
file is downloaded as part of the API SDK (Administration > Download Arbor API SDK).

Output format
The output for all of the Configuration Management functions are returned in the standard
Peakflow SP XML data format with a base64-encoded query-reply text node.
The following XML snippet shows an example result from an accountAdd operation:
<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query-reply name="accountAdd" type="text"> T0s= </query-reply>
</peakflow>
Note: With the exception of the cliRun operation, the normal return value for successful
completion of the operations documented below is OK. The example above reflects the result
from the successful completion of an accountAdd operation—the text node value is the
base64-encoded representation of OK.

Error handling
Errors that occur during the execution of the Configuration Management operations result in
SOAP faults.
The following example shows a typical SOAP fault message (in this case, for the addition of an
account that already exists):
<SOAP-ENV:Envelope SOAP-
ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Server error</faultstring>
<detail> /detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>

172 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 11: Configuration Management Functions in the Classic SOAP API

</SOAP-ENV:Envelope>
Note: The faults that are returned by the Peakflow API contain a descriptive string that
explains the nature of the fault in the detail element, as shown above. The faultcode describes
the source of the problem, which is either Client or Server. If the faultcode is Client, then there
was a problem with the parameters submitted to the API. If the faultcode is Server, then
Peakflow encountered a problem while processing the request.

Showing the current configuration

To show the current configuration:
n Execute the config show command with the cliRun method described above.

Note: To apply the configuration, a client could parse this output and replay each command
with this same interface.

Committing and saving the current configuration

Because this API is an extension of the CLI, you must also commit your changes in order to
save them.
To commit configuration changes:
n Execute the config write command.

Important: If you reboot, you will lose any changes that were not committed.

Proprietary and Confidential Information of Arbor Networks Inc. 173

Peakflow SP API Guide, Version 7.6

cliRun

Prototype
cliRun(command)

Accepted parameters
cliRun accepts the following parameters:

cliRun parameter

Name Type Description

command base64-encoded A Peakflow SP base64-encoded CLI
command string command.

Return value
cliRun returns the following value:

cliRun return value

Name Type Description

results string The output from the CLI after running the command.
Note: In the case of most configuration commands,
the normal output from the CLI is empty. Errors during
the operation result in SOAP faults.
See “Error handling” on page 172 for more
information.

174 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 11: Configuration Management Functions in the Classic SOAP API

accountAdd

Prototype
accountAdd(name, password, group, capabilityLevel, device, menu, timezone, realname, email)

Accepted parameters
accountAdd accepts the following parameters:

accountAdd parameters

Name Type Description

name string The user name for the account that you want to add.

password string The password for the account that you want to add.

group string The account group to which you want to assign an

account.

capabilityLevel string The capability level that you want to assign to an

account, which can be one of the following:
n admin
n user

device string The name of a Peakflow SP appliance.

menu string The UI menu system that you want the user of this
account to view.
Note: This parameter is optional.

timezone string The time zone associated with the account that you
want to add.
Note: This parameter is optional.

realname string The full name of the user whose account you want
to add.
Note: This parameter is optional.

email string The email address of the user whose account you
want to add.
Note: This parameter is optional.

Note: You can enter an empty value for optional arguments, which indicates that the
parameter is unspecified.

Proprietary and Confidential Information of Arbor Networks Inc. 175

Peakflow SP API Guide, Version 7.6

Return values
accountAdd returns the following value:

accountAdd return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 172 for more
information.

Example: PHP
The following is an example of calling the accountAdd SOAP function in PHP:
$user = 'arborman';
$pass = 'Yarhar13';
$group = 'arbor_admin';
$capabilityLevel = 'admin';
$device = 'global';
$realname = 'Arbor Man';

$result = $client->accountAdd($user, $pass, $group, $device,

$realname);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="5.5">
<query-reply name="accountAdd" type="text">
T0s=

</query-reply>
</peakflow>

176 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 11: Configuration Management Functions in the Classic SOAP API

Example: Python
The following is an example of calling the accountAdd SOAP function in Python:
soap_client.py -h myleader -z mysecret -c accountAdd
-o name=arborman -o password=Yarhar13 -o group=arbor_admin
-o capabilityLevel=admin -o device=global -o realname="Arbor Man"

Proprietary and Confidential Information of Arbor Networks Inc. 177

Peakflow SP API Guide, Version 7.6

accountDelete

Prototype
accountDelete(name)

Accepted parameter
accountDelete accepts the following parameter:

accountDelete parameter

Name Type Description

name string The user name of the account that you want to
delete.

Return value
accountDelete returns the following value:

accountDelete return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 172 for more
information.

Example: PHP
The following is an example of calling the accountDelete SOAP function in PHP:
$user = 'arborman';
$device = 'global';

$result = $client->accountDelete($user, $device);

if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:
<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">

178 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 11: Configuration Management Functions in the Classic SOAP API

<query-reply name="accountDelete" type="text">

T0s=

</query-reply>
</peakflow>

Example: Python
The following is an example of calling the accountDelete SOAP function in Python:
soap_client.py -h myleader -z mysecret -c accountDelete
-o name=arborman -o -o device=global

Proprietary and Confidential Information of Arbor Networks Inc. 179

Peakflow SP API Guide, Version 7.6

accountChangePassword

Prototype
accountChangePassword(name, password, device)

Accepted parameters
accountChangePassword accepts the following parameters:

accountChangePassword parameters

Name Type Description

name string The user name of the account whose password you
want to change.

password string The new password for the account.

device string The name of a Peakflow SP appliance.

Return value
accountChangePassword returns the following value:

accountChangePassword return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 172 for more
information.

180 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 11: Configuration Management Functions in the Classic SOAP API

accountChangeGroup

Prototype
accountChangeGroup(name, group, device, capabilityLevel)

Accepted parameters
accountChangeGroup accepts the following parameters:

accountChangeGroup parameters

Name Type Description

name string The user name of the account for which you want to
change the account group.

group string The new account group with which you want to
associate the account.

device string The name of a Peakflow SP appliance.

capabilityLevel capabilityLevelType The capability level that you want to assign to an

account, which can be one of the following:
n admin
n user

Return value
accountChangeGroup returns the following value:

accountChangeGroup return value

Name Type Description

results string The result of the operation. For all account
management operations, OK is returned to indicate
that the operation was successfully completed.
Errors during the operation result in SOAP faults.
See “Error handling” on page 172 for more
information.

Proprietary and Confidential Information of Arbor Networks Inc. 181

Peakflow SP API Guide, Version 7.6

182 Proprietary and Confidential Information of Arbor Networks Inc.

Chapter 12:
Traffic Report Functions in the
Classic SOAP API

Introduction
This chapter includes information about the supported traffic report functions in the Peakflow
SP classic SOAP API.
You can download the PeakflowSPClassic.wsdl file for a complete specification of the
datatypes used for each classic SOAP API traffic report function’s parameters and return
value. The WSDL file is downloaded as part of the API SDK (Administration > Download
Arbor API SDK).

In this section
This section contains the following topics:
getTrafficData 184
getTrafficGraph 187

Peakflow SP API Guide, Version 7.6 183

Peakflow SP API Guide, Version 7.6

getTrafficData

Prototype
getTrafficData(query)

Accepted parameter
getTrafficData accepts the following parameter:

getTrafficData parameter

Name Type Description

query string An XML query in standard Peakflow SP XML query
format. This parameter is only the XML query, not an
entire XML report, like the getTrafficGraph function.
Data is returned in the XML result format as specified
in the Peakflow SP and Threat Management System
(TMS) User Guide.

For current XML report specifications, see “Using Customized Reports” in the Peakflow SP
and Threat Management System (TMS) User Guide.

Using the example query included in the SOAP package

An example XML query that can be used with getTrafficData() is included in the Peakflow SP
SOAP package (in the binby_router.xml file). You must edit this file so that it refers to existing
routers in your system.

Creating an XML report on the View Reports page

To create an XML report on the View Reports page:
1. Navigate to the Configure Reports page (Administration > Reports).
2. Click the Add Report Configuration button and select Classic XML Report.
3. Type the name of the report in the Name box.
4. Type the title of the report in the Title box.
5. Click Add Query.
6. Specify the query details for the data that you want to graph in the Report Object Wizard.
7. Click Save to generate the report XML.
8. Cut the <query> portion of the XML (to use in the getTrafficData() function), and then
paste it directly under the <peakflow> XML element.
9. Delete the remaining part of the <report> XML element.

Editing your XML so it works with SOAP

You must enclose all XML queries inside a <peakflow></peakflow> XML element.
Edit your report XML so it matches the following:
<?xml version=”1.0”?>
<peakflow version=”1.0”>
...

184 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 12: Traffic Report Functions in the Classic SOAP API

</query>
</peakflow>

getTrafficData outputs
The query returns detailed sample data for items matching the query. The results are returned in
the standard Peakflow SP XML data format, as if it was downloaded directly from the Peakflow
SP Web UI.

Writing XML reports manually

You can also write XML reports manually using the XML specifications (either compact or
RelaxNG notation) in the Peakflow SP SOAP package.
See the PeakflowXML/README.dist file in the SOAP package for more information.

Example: PHP
The following is an example of calling the getTrafficData SOAP function using PHP:
$query = <<<END
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
</peakflow>
END;

$result = $client->getTrafficData($query);
if (is_soap_fault($result)) {
$result = array(
'faultcode' => $soap_result->faultcode,
'faultstring' => $soap_result->faultstring
);
}
print_r($result);

Prints:

<?xml version="1.0"?>
<peakflow version="1.0" release="7.6">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>

Proprietary and Confidential Information of Arbor Networks Inc. 185

Peakflow SP API Guide, Version 7.6

<search limit="100" timeout="30"/>

<filter type="application" binby="1"/>
</query>
<query-reply>
<time start="1254166631" end="1254252731" start_ascii="09/28/2009
19:37:11 +
0000" end_ascii="09/29/2009 19:32:11 +0000"/>
<sample_info duration="300" count="288"/>
<item id="35" name="http">
<key id="35" name="http"/>
<class type="in">
<current value="44854000"/>
<avg value="2984835840"/>
<max value="5331000000"/>
<pct95 value="5015630000"/>
<sample
value="4878225000|4877671000|4772210000|4769017000|4648080000|46
65196000|4618053000|4526825000|4577403000|4552284000|4582147000|4349199
000|44136

Example: Python
The following is an example of calling the getTrafficData SOAP function using Python:
# cat > query.xml
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<query id="query1" type="traffic">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
</peakflow>
^D

soap_client.py -h myleader -z mysecret -c getTrafficData -o

query=@query.xml

186 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 12: Traffic Report Functions in the Classic SOAP API

getTrafficGraph

Prototype
getTrafficGraph(query)

Accepted parameter
getTrafficGraph accepts the following parameter:

getTrafficGraph parameter

Name Type Description

query string An XML report, defined using current XML report
specifications. You can specify the graph options in
the report to control the appearance of the graph.
The report XML must include a chart definition that
indicates the data values to sort on to determine
which items to graph. The default flag, which must
exist in one of the chart column definitions,
determines the sort order.

For current XML report specifications, see “Using Customized Reports” in the Peakflow SP
and Threat Management System (TMS) User Guide.

Using the SOAP package example XML report

An example XML report that can be used with getTrafficGraph() is included in the Peakflow SP
SOAP package (in the report.xml file). You must edit this file so that it references the managed
objects (customer, profiles, etc.) that exist in your system.

Creating an XML report on the View Reports page

You can create an XML report on the Add Classic XML Report page (Administration >
Reports, Add Report Configurationbutton, select Classic XML Report) and then copy
the XML text from the Web UI and save it for later use with the getTrafficGraph call (or the CLI
command /services sp reports quick).Click the

Using a report with the getTrafficGraph() call

Because all XML reports and queries submitted to the system externally must exist inside a
<peakflow></peakflow> XML element, you must make one change to the XML before using
the report with getTrafficGraph(). Once you make this change, you can use the report through
all external interfaces, including getTrafficGraph() and the CLI.
The report XML is displayed in the Web UI as the following:
<?xml version=”1.0”?>
<report id=”my_report”>
...
</report>

Edit your XML report so that it matches the following:

<?xml version=”1.0”?>

Proprietary and Confidential Information of Arbor Networks Inc. 187

Peakflow SP API Guide, Version 7.6

<peakflow version=”1.0”>
<report id=”my_report”>
...
</report>
</peakflow>

Return value
getTrafficGraph returns the following value:

getTrafficGraph return value

Name Type Description

graph base64- A graph that displays all of the items returned by the
encoded PNG query specified as part of the XML report. If greater
image than 15 items are returned, then the top 15 items are
graphed.

Example: PHP
The following is an example of calling the getTrafficGraph SOAP function using PHP:
$report = <<<END
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<report id="myapplications">
<name>my_applications</name>
<timezone>US/Eastern</timezone>
<query id="query1" type="traffic" flag="map_names">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
<graph id="graph">
<title>Traffic per Application</title>
<dataset>query1</dataset>
<type name="stacked" default="yes">
<class>in</class>
<class>out</class>
</type>
<options>
<ylabel>%unit (-In / + Out)</ylabel>
<width>600</width>
<height>400</height>
</options>

188 Proprietary and Confidential Information of Arbor Networks Inc.

 Chapter 12: Traffic Report Functions in the Classic SOAP API

</graph>
<chart id="mychart">
<dataset>query1</dataset>
<column id="CHECKBOX"/>
<column id="NAME"/>
<column id="IN"/>
<column id="OUT"/>
<column id="TOTAL" flag="default"/>
</chart>
<output>
<file format="tar"/>
</output>
</report>
</peakflow>
END;

$result = $client->getTrafficGraph($report);
file_put_contents($result, 'graph.png');

You could then view graph.png in your browser or image viewer.

Example: Python
The following is an example of calling the getTrafficGraph SOAP function using Python:
cat > report.xml
<?xml version="1.0" encoding="utf-8"?>
<peakflow version="1.0">
<report id="myapplications">
<name>my_applications</name>
<timezone>US/Eastern</timezone>
<query id="query1" type="traffic" flag="map_names">
<time start_ascii="24 hours ago" end_ascii="now"/>
<unit type="bps"/>
<search limit="100" timeout="30"/>
<filter type="application" binby="1"/>
</query>
<graph id="graph">
<title>Traffic per Application</title>
<dataset>query1</dataset>
<type name="stacked" default="yes">
<class>in</class>
<class>out</class>
</type>
<options>

Proprietary and Confidential Information of Arbor Networks Inc. 189

Peakflow SP API Guide, Version 7.6

<ylabel>%unit (-In / + Out)</ylabel>

<width>600</width>
<height>400</height>
</options>
</graph>
<chart id="mychart">
<dataset>query1</dataset>
<column id="CHECKBOX"/>
<column id="NAME"/>
<column id="IN"/>
<column id="OUT"/>
<column id="TOTAL" flag="default"/>
</chart>
<output>
<file format="tar"/>
</output>
</report>
</peakflow>
^D

soap_client.py -h myleader -z mysecret -c getTrafficGraph -o

query=@report.xml
-w graph=graph.png

190 Proprietary and Confidential Information of Arbor Networks Inc.

Glossary

a
AAA (Authentication, Authorization, & Accounting) — This is an acronym used to describe the process of
authorizing access to a system, authenticating the identity of users, and logging their behaviors.

ACL (Access Control List) — A list composed of rules and filters stored in a router to allow, deny, or otherwise
regulate network traffic based on network parameters such as IP addresses, protocol types, and port
numbers.

active route — A network route installed in a routing table.

address — A coded representation that uniquely identifies a particular network identity.

AES (Advanced Encryption Standard) — A commonly used encryption block cipher adopted as the standard of
the U.S. government.

AIF (ATLAS Intelligence Feed) — Real-time threat information that is an Arbor-maintained feed consisting of a
database of security threats and signatures that automatically updates each minute and DDoS regular
expressions that are used by TMS to mitigate attacks. Peakflow SP regularly downloads this information
and uses it to detect and block emerging botnet attacks and application-layer attacks.

anomaly — An event or condition in the network that is identified as an abnormality when compared to a
predefined illegal traffic pattern.

anonymous statistic sharing — A service whereby service providers and enterprise businesses share
anonymized statistics on ongoing attacks in order to provide a Internet-wide view of ongoing attacks.

API (Application Programming Interface) — A well-defined set of function calls providing high-level controls for
underlying services.

appliance — A Peakflow server that gathers network statistics from adjacent routers via either packet capture
or flow and performs first-order traffic analysis. Anomalous activities are compressed into alert
messages that are periodically sent to the listening leader.

ARP (Address Resolution Protocol) — A protocol for mapping an IP address to a physical machine address.

AS (Autonomous System) — A collection of IP networks and routers under the control of one entity and
assigned a single ASN for purposes of BGP routing.

Peakflow SP API Guide, Version 7.6 191

Peakflow SP API Guide, Version 7.6

ASCII (American Standard Code for Information Interchange) — A coded representation for standard
alphabetic, numeric, and punctuation characters, also referred to as “plain text.”

ASN (Autonomous System Number) — A unique number assigned to an autonomous system for purposes of
BGP routing.

AS Path (Autonomous System Path) — The ASNs that comprise a packet's path through the internet using
BGP.

ATLAS (Active Threat Level Analysis System) — A globally scoped threat analysis network that analyzes data
from darknets and the Internet’s core backbone to provide information to participating customers about
malware, exploits, phishing, and botnets.

authentication — An identity verification process.

b
backbone router — An OSPF router with all operational interfaces within 0.0.0.0.

baseline — A description of typical traffic patterns over a period of time. Baselines are generated by reducing
collections of fine-grained profiles into a more monolithic data representation that includes a
chronological component.

BGP (Border Gateway Protocol) — The core routing protocol of the Internet.

binning — Grouping data into chunks or "bins" usually defined by time periods, for example, traffic for the last 24
hours.

blackhole routing — A technique to route traffic to null interfaces that can never forward the traffic.

bogon — An IP packet that claims to originate from "dark" IP space.

border router — A router at the border of an AS or network.

bps — Bits per second.

c
CA (Certificate Authority) — A third party which issues digital certificates for use by other parties. CAs are
characteristic of many public key infrastructure (PKI) schemes.

CAR (Committed Access Rate) — A tool for managing bandwidth that provides the same control as ACL with
the additional property that traffic can be regulated based on bandwidth usage rates in bits per second.

CIDR (Classless Inter-Domain Routing) — Method for classifying and grouping Internet addresses.

CIDR Group — CIDR addresses grouped together to share a common managed object configuration. The
equivalent of Peakflow DoS "detection groups."

cflowd — Developed to collect and analyze the information available from NetFlow. It allows the user to store
the information and enables several views of the data. It produces port matrices, AS matrices, network
matrices, and pure flow structures.

192 Proprietary and Confidential Information of Arbor Networks Inc.

 Glossary

challenge packets — Information sent by a TMS model to an unknown host in response to a request from the
unknown host. The unknown host must provide a valid response to the challenge packets. If it does not,
the TMS model refuses the request and adds the unknown host to the blacklist. Several TMS
countermeasures use challenge packets to authenticate unknown hosts.

chargen — The character generator protocol that was used for testing the TCP/IP protocol.

CLI (Command Line Interface) — A user interface that uses a command line, such as a terminal or console (as
opposed to a graphical user interface).

client — The component of client/server computing that uses a service offered by a server.

Collector — An appliance that gathers network information from adjacent routers through flow and performs
first-order traffic analysis. Anomalous events are compressed into event messages that are then sent to
the listening leader.

commit — The process of saving a configuration change so that the changes take effect on the Peakflow SP
system.

customer — A managed object that defines traffic for a business or organization who purchases Internet service
from an internet service provider. Note, this type of managed object should be used to define most
managed services clients.

customer edge router — A router within a customer's network connected to an ISP's customer peering edge.

d
Dark IP — Regions of the IP address space that are reserved or known to be unused.

DDoS (Distributed Denial of Service) — An interruption of network availability typically caused by many,
distributed malicious sources.

designated router — The router designated by other routers (via the OSPF protocol) as the sender of link state
advertisements.

DHCP (Dynamic Host Configuration Protocol) — A protocol used to distribute IP addresses to host machines,
which has a list of available addresses.

DNS (Domain Name System) — A system that translates numeric IP addresses into meaningful, human-
consumable names and vice-versa.

DoS (Denial of Service) — An interruption of network availability typically caused by malicious sources.

DoS alert — A notification indicating an event or condition in the network that is identified as a statistical
abnormality when compared to typical traffic patterns gleaned from previously collected profiles and
baselines or that matches a predefined illegal traffic pattern.

e
encryption — The process by which plain text is scrambled in such a way as to hide its content.

Proprietary and Confidential Information of Arbor Networks Inc. 193

Peakflow SP API Guide, Version 7.6

ESP (Encapsulating Security Payload) — An IPSec protocol for establishing secure tunnels. See “IPSec
(Internet Protocol Security) ” on the facing page.

Ethernet — A series of technologies used for communication on local area networks.

exploit — Tools intended to take advantage of security holes or inherent flaws in the design of network
applications, devices, or infrastructures.

f
failover — Configuring two appliances so that if one appliance fails, the second appliance takes over the duties
of the first, ensuring continued service.

fate sharing — Putting a mitigation out of service when a part of the mitigation’s deployment fails or becomes
unreachable. Fate sharing can occur when a dependent interface loses link, a nexthop becomes
unreachable, a BGP peer is down, a GRE tunnel is down, one or more TMS appliances or TMS clusters
are out of service, or the leader appliance becomes unreachable. For example, if nexthop fate sharing is
configured for a TMS appliance and the nexthop used by a mitigation becomes unreachable, then the
mitigation is put out of service.

FCAP — A fingerprint expression language that describes and matches traffic information.

Fibre Channel — Gigabit-speed network technology primarily used for storage networking.

firewall — A security measure that monitors and controls the types of packets allowed in and out of a network,
based on a set of configured rules and filters.

flow — Flow is a characterization of the network traffic. It defines the traffic that is seen. It provides Peakflow SP
with information from layers 1, 3, and 4 for the traffic that traverses a network.

flowspec — A BGP-based IETF standard for exchanging flexible firewall and ACL rules implemented by Juniper
routers utilizing JunOS 7.3 or later.

fps — Traffic flows per second (NetFlow, ArborFlow, SFlow, etc.).

FQDN (Fully Qualified Domain Name) — A complete domain name, including both the registered domain name
and any preceding node information.

FTP — A TCP/IP protocol for transferring files across a network.

g
GMT (Greenwich Mean Time) — A deprecated world time standard, replaced by UTC.

GRE (Generic Routing Encapsulation) — A tunneling protocol commonly used to build VPNs.

h
host — A networked computer (client or server); in contrast to a router or switch.

194 Proprietary and Confidential Information of Arbor Networks Inc.

 Glossary

HTTP (HyperText Transfer Protocol) — A protocol used to transfer or convey information on the World Wide
Web. Its original purpose was to provide a way to publish and retrieve HTML pages.

HTTPS (HyperText Transfer Protocol over SSL) — The combination of a normal HTTP interaction over an
encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism.

i
IANA (Internet Assigned Numbers Authority) — An entity that oversees global IP address allocation, DNS root
zone management, and other Internet protocol assignments. It is operated by ICANN.

ICMP (Internet Control Message Protocol) — An IP protocol that delivers error and control messages between
TCP/IP enabled network devices, for example, ping packets.

IETF (Internet Engineering Task Force) — An Internet standards organization that develops draft documents
and RFC documents defining protocols for the Internet.

IGMP (Internet Group Management Protocol) — A communications protocol used to manage the membership
of Internet Protocol multicast groups.

intelligent filtering — A feature that adds the ability to work with an integrated filtering device to automatically
filter traffic.

IMAP (Internet Message Access Protocol) — An application layer Internet protocol that allows a local client to
access email on a remote server. (Also known as Internet Mail Access Protocol, Interactive Mail Access
Protocol, and Interim Mail Access Protocol.)

interface — An interconnection between routers, switches, or hosts.

IP (Internet Protocol) — A connectionless network layer protocol used for packet delivery between hosts and
devices on a TCP/IP network.

IP Address — A unique identifier for a host or device on a TCP/IP network.

IPS (Intrusion Prevention System) — A computer security device that exercises access control to protect
computers from exploitation.

IPSec (Internet Protocol Security) — A suite of protocols for securing Internet Protocol (IP) communications by
authenticating and/or encrypting each IP packet in a data stream.

ISP (Internet Service Provider) — A business or organization that provides to consumers access to the Internet
and related services.

l
LAN (Local Area Network) — A typically small network that is confined to a small geographic space.

leader — A designated Peakflow appliance that accepts alert messages from one or more normal devices and
performs second-order traffic analysis in order to identify and visualize potential attacks. (These were
referred to as "Controllers" in previous Peakflow products.)

Proprietary and Confidential Information of Arbor Networks Inc. 195

Peakflow SP API Guide, Version 7.6

m
MAC (Media Access Control) Address — A unique hardware number associated with a networking device.

managed object — User-defined network objects used to classify logical portions of your network or network
traffic. Managed objects can be customers, peers, profiles, VPNs, or VPN sites.

MD5 (Message Digest algorithm 5) — A widely used cryptographic hash function.

MDI (Media Dependent Interface) — An Ethernet port connection that allows network hubs or switches to
connect to other hubs or switches without a null-modem or Ethernet crossover cable.

MIB (Management Information Base) — A database used by the SNMP protocol to manage devices in a
network. Your SNMP polling device uses this to understand Peakflow SNMP traps.

MPLS label — An identifying string for packets using the MPLS protocol.

mitigation — The process of using recommendations from Peakflow SP to apply policies to your network to
reduce the effects of a worm or DoS attack.

mitigation device — A device that filters network traffic passing through it based upon a ruleset provided by
Peakflow SP. This can be either a dedicated network device (Peakflow TMS appliance or Flowspec
capable router) or a Peakflow SP appliance with software mitigation enabled.

MPLS (Multiprotocol Label Switching) — A packet-switching protocol developed by the Internet Engineering
Task Force (IETF) initially to improve switching speeds, but other benefits are now seen as being more
important.

MS (Managed Services) — A Peakflow SP appliance that has the ability to provide a Web UI to allow
customers a special, restricted access to the Peakflow SP system.

MTU (Maximum Transmission Unit) — The size (in bytes) of the largest packet that a given layer of a
communications protocol can efficiently forward.

multicast — Protocols that address multiple IP addresses with a single packet (as opposed to unicast and
broadcast protocols).

n
NAT (Network Address Translation) — Rewriting the source and destination addresses of IP packets as they
pass through a router or firewall.

NetFlow — A technology developed by Cisco Systems, Inc. that allows routers and other network devices to
periodically export information about current network conditions and traffic volumes.

netmask — A dotted quad notation number used by routers determine which part of the address is the network
address and which part is the host address.

network object — Network objects are portions of your network or network traffic and include both managed
objects (customers, peers, profiles, VPNs, or VPN sites) and physical network objects (routers and
interfaces).

196 Proprietary and Confidential Information of Arbor Networks Inc.

 Glossary

NIC (Network Interface Card) — A hardware component that maintains a network interface connection.

NTP (Network Time Protocol) — A protocol that is used to synchronize clock times in a network of computers.

o
OC-3 — A fiber optic network line with transmission speeds of up to 155.52 Mbit/s.

OC-12 — A fiber optic network line with transmission speeds of up to 622.08 Mbit/s.

offnet — Traffic that leaves the network through a BGP boundary and is not destined for a configured customer
entity.

p
packet — A unit of data transmitted across the network that includes control information along with actual
content.

password — A secret code used to gain access to a computer system.

PCC (Packet Capture Collector) — Packet capture is a method of passively monitoring network traffic to create
flow information. The packet capture mode on a Peakflow appliance can be used in cases where flow
from routers is unavailable or unwanted.

PE (Provider Edge) Router — A router in a service provider's network that is connected to a customer edge
router.

peer — A managed object that describes other networks that are peering with yours.

peer to peer — (Sometimes abbreviated P2P) a computer network that relies primarily on the computing power
of the clients in the network rather than concentrating it in a relatively low number of servers. P2P
networks are typically used for connecting nodes via largely ad hoc connections.

pps — Packets per second.

ping — An ICMP request to determine if a host is responsive.

POP (Post Office Protocol) — A TCP/IP email protocol for retrieving messages from a remote server.

PoP (Point of Presence) — A physical connection between telecommunications networks.

port — A field in TCP and UDP protocol, packet headers that corresponds to an application level service (for
example TCP port 80 corresponds to HTTP).

profile — A managed object that defines an arbitrary subset of network traffic that does not fit any of the other
managed object types.

protocol — A well-defined language used by networking entities to communicate with one another.

Proprietary and Confidential Information of Arbor Networks Inc. 197

Peakflow SP API Guide, Version 7.6

q
QoS (Quality of Service) — A method of providing different priority to different traffic, or guaranteeing a certain
level of performance to a data flow for a particular traffic type.

r
RADIUS (Remote Authentication Dial In User Service) — A client/server protocol that enables remote access
servers to communicate with a central server to authenticate dial-in users and authorize their access to
the requested system or service.

RDN (Registered Domain Name) — A domain name as registered, without any preceding node information (for
example, “arbor.net” instead of www.arbor.net).

refinement — The process of continually gathering information about anomalous activity seen.

remediation — The process of minimizing attack damage by taking the recommendations from Peakflow SP and
applying reasonable changes to the network.

remote BGP routeviews — External route servers maintained by Arbor Networks which provide information on
route availability with remote ASNs.

report — An informational page presenting data about a traffic type or event.

RFC (Request For Comments) — An IETF document that defines a protocol or other standard for Internet
communications.

route — A path a packet takes through a network.

route distinguisher — An address qualifier that is prepended to an IPv4 address to create a unique VPN-IPv4
address.

route target — A VPN identifier. A VPN might require more than one route target.

router — A device that connects one network to another. Packets are forwarded from one router to another until
they reach their ultimate destination.

s
scoping — The container managed object within which a managed services customer's traffic view is restricted.

secret key — A secret shared only between a sender and receiver of data.

SFlow — A standard similar to NetFlow which describes a mechanism to capture traffic data in switched or
routed networks.

site-of-origin — A BGP extended community attribute that identifies the VPN site from which a route originates.

skins — Sets of UI parameters, including menus, used to facilitate different Peakflow SP workflows.

198 Proprietary and Confidential Information of Arbor Networks Inc.

 Glossary

SMTP - (Simple Mail Transfer Protocol) — The de facto standard protocol for email transmissions across the
Internet.

smurf attack — A DDoS attack that exploits misconfigured network devices to broadcast large numbers of
ICMP packets to all the computer hosts on a network.

SNMP (Simple Network Management Protocol) — A standard protocol that allows routers and other network
devices to export information about their routing tables and other state information.

spoofing — A situation in which one person or program successfully masquerades as another by falsifying data
(usually the IP address) and thereby gains an illegitimate advantage.

SSDP (Simple Service Discovery Protocol) — A network protocol that is used to advertise and discover
network services and devices.

SSH (Secure Shell) — A command line interface and protocol for securely getting access to a remote
computer. SSH is also known as Secure Socket Shell.

SSL (Secure Sockets Layer) — A protocol for secure communications on the Internet for such things as web
browsing, email, instant messaging, and other data transfers.

t
TACACS+ (Terminal Access Controller Access Control System +) — An authentication protocol common to
UNIX networks that allows a remote access server to forward a user’s login password to an
authentication server to determine whether that user is allowed to access a given system.

target — A victim host or network of a worm or other malicious denial of service (DoS) attacks.

TCP (Transmission Control Protocol) — A connection-based, transport protocol that provides reliable delivery of
packets across the Internet.

TCP/IP — A suite of protocols that controls the delivery of messages across the Internet.

Telnet — A TCP protocol used primarily for unencrypted CLI communications (usually deprecated and replaced
by SSH).

TMS (Threat Management System) — A Peakflow SP appliance designed for intelligent traffic filtering and
DNS monitoring in conjunction with a Peakflow SP deployment.

tunnel — A method of communication where one protocol is encapsulated within another.

u
UDP (User Datagram Protocol) — An unreliable, connectionless, communication protocol.

UNC (Universal Naming Convention) — A standard which originated from UNIX for identifying servers, printers,
and other resources in a network.

uptime — The time elapsed since a given host or server was last rebooted.

Proprietary and Confidential Information of Arbor Networks Inc. 199

Peakflow SP API Guide, Version 7.6

URI (Uniform Resource Identifier) — A protocol, login, host, port, path, etc. in a standard format used to
reference a network resource, (for example http://arbor.net/).

URL (Uniform Resource Locator) — Usually a synonym for URI.

UTC (Universal Time Coordinated) — The time zone at zero degrees longitude which replaced GMT as the
world time standard.

v
VLAN (Virtual Local Area Network) — Hosts connected in an infrastructure that simulates a local area network,
when the hosts are remotely located, or to segment a physical local network into smaller, virtual pieces.

VoIP (Voice over Internet Protocol) — Routing voice communications (such as phone calls) through an IP
network.

VPN (Virtual Private Network) — A private communications network often used within a company, or by several
companies or organizations, to communicate confidentially over a public network using encrypted
tunnels.

vulnerability — A security weakness that could potentially be exploited.

w
WAN (Wide Area Network) — A computer network that covers a broad area. (Also, Wireless Area Network
meaning a wireless network.)

WEP (Wired Equivalent Privacy) — A security scheme for wireless networks intended to provide comparable
confidentiality to a traditional wired network (in particular it does not protect users of the network from
each other).

worm — A self propagating program, usually used to spread a malicious payload across networked computers.

x
XML (eXtensible Markup Language) — A metalanguage written in Standard Generalized Markup Language
(SGML) that allows one to design a markup language for easy interchange of documents on the World
Wide Web.

200 Proprietary and Confidential Information of Arbor Networks Inc.

Index
mapping calls to current SOAP API calls 17
a PHP examples 126
using Java/Axis 128
accountAdd 95, 175 using the client proxy code 133
accountChangeGroup 99, 181 using the Peakflow SP Utility package 135
accountChangePassword 98, 180 working with sample code for Java/Axis 136
accountDelete 97, 178 cliRun 94, 174
address resolution problems configuration management function
resolving 55, 123 about 92, 172
addTmsFilterList 87 accountAdd 95, 175
alert function accountChangeGroup 181
getAlertGraph 167 accountChangePassword 98, 180
getAlertGraphData 168 accountDelete 97, 178
getAlertInterfaceDetails 158 accoutChangeGroup 99
getAlertInterfaces 155 cliRun 94, 174
getAlertInterfacesXML 163 conventions, typographic
getAlertRouterInterfacesXML 165 in commands and expressions 10
getAlertSummaries 150 in procedures 9
getDosAlertDetails 66 cp5500 36
getDosAlertDetailsXML 64 customer support, contacting 11
getDosAlertGraph 65
getDosAlertSummaries 58
getDosAlertSummariesXML 63
d
alerts 23 deleteTmsFilterList 90
applyMitigationTemplateById 80 devices 33
applyMitigationTemplateByName 81 documentation 8
Arbor Technical Assistance Center, contacting 11
Arbor Web Services API
about 16
e
ATAC, contacting 11 editTmsFilterList 89

b g
binby_router.xml file 55 getAlertGraph 167
getAlertGraphData 168
c getAlertInterfaceDetails 158
getAlertInterfaces 155
classic SOAP API getAlertInterfacesXML 163
building and running sample projects 138 getAlertRouterInterfacesXML 165
capturing the XML request and response 148 getAlertStatisticsRaw 170
configuring certificates 130 getAlertSummaries 150
fault handling 147 getDosAlertDetails 66
generating the client proxy code 132 getDosAlertDetailsXML 64

Peakflow SP API Guide, Version 7.6 201

Index: getDosAlertGraph – Web Services

getDosAlertGraph 65
getDosAlertSummaries 58
getDosAlertSummariesXML 63
r
getLastReportResultAsCSV 109 report function
getLastReportResultAsPDF 111 getLastReportResultAsCSV 109
getLastReportResultAsXML 110 getLastReportResultAsPDF 111
getMitigationStatisticsByIdXML 85 getLastReportResultAsXML 110
getMitigationStatisticsByNameXML 86 getReportList 103
getMitigationSummaries 82 getReportListXML 105
getMitigationSummariesXML 84 getReportResultAsCSV 112
getReportList 103 getReportResultAsPDF 114
getReportListXML 105 getReportResultAsXML 113
getReportResultAsCSV 112 getReportResultsList 106
getReportResultAsPDF 114 getReportResultsListXML 108
getReportResultAsXML 113 getTrafficGraph 117
getReportResultsList 106 queueReportToRun 102
getReportResultsListXML 108 runXmlQuery 115
getTrafficData 184 reports 46
getTrafficGraph 117, 187 routers 31
using a report with 187
s
m SDK
managed_object 29 downloading 16
mitigation function SOAP
addTmsFilterList 87 endpoint address 54, 122
applyMitigationTemplateById 80 SOAP API
applyMitigationTemplateByName 81 about 16
deleteTmsFilterList 90 configuration management functions 92, 172
editTmsFilterList 89 recommendations 55, 123
getMitigationStatisticsByIdXML 85 using 22, 54, 122
getMitigationStatisticsByNameXML 86 using Java/Axis 128
getMitigationSummaries 82 SOAP package
getMitigationSummariesXML 84 components 122
mitigations 27 example query 55, 124
sqlQuer 170
o support, contacting 11

optimal performance
recommendations 55, 123
t
tms 39
p tms_ports 42
traffic 25
PHP client traffic report function
requirements 54 getTrafficData 184
portal 44 getTrafficGraph 187
Python client typographic conventions
installing 125 commands and expressions 10
procedures 9
q w
queueReportToRun 102
Web Services
alerts 23
cp5500 36

202 Proprietary and Confidential Information of Arbor Networks Inc.

 Index: WSDL file – XML report

devices 33
managed_object 29
mitigations 27
portal 44
reports 46
routers 31
tms 25, 39
tms_ports 42
WSDL file
about 54

x
XML
editing for SOAP 115, 184
XML report
creating 187
writing manually 116, 185

Proprietary and Confidential Information of Arbor Networks Inc. 203

Peakflow SP API Guide, Version 7.6

204 Proprietary and Confidential Information of Arbor Networks Inc.

Software License Agreement
ARBOR NETWORKS, INC., IF YOUR PRINCIPAL PLACE OF BUSINESS IS IN THE UNITED STATES , OR ARBOR NETWORKS UK
LTD., IF YOUR PRINCIPAL PLACE OF BUSINESS IS OUTSIDE OF THE UNITED STATES (“ARBOR”) LICENSES THE PRODUCT
AND/OR USE OF ARBOR’S CLOUD SERVICE AND/OR MANAGED SERVICES (”SERVICES”) AND DOCUMENTATION
(TOGETHER, THE “SOFTWARE”) TO YOU ("YOU” OR “YOUR") PROVIDED YOU ACCEPT ALL OF THE TERMS OF THIS
LICENSE, CLOUD AND MANAGED SERVICE AGREEMENT (the “AGREEMENT”). IF YOU’VE PURCHASED THE CLOUD OR
MANAGED SERVICE, YOU ALSO AGREE TO THE ADDITIONAL TERMS AND CONDITIONS LOCATED AT
www.arbornetworks.com/cloud-suppterms AND/OR www.arbornetworks.com/managedservice_suppterms. BY SIGNING THE
ATTACHED FORM, OPENING THIS PACKAGE, BREAKING THE SEAL, CONNECTING PRODUCT TO YOUR NETWORK, OR
ACCESSING THE SERVICE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE
TO THESE TERMS AND CONDITIONS, RETURN THE UNUSED PRODUCT WITHIN TEN (10) DAYS OF RECEIPT AND, WHERE
APPLICABLE, YOU’LL BE DISCONNECTED FROM THE SERVICE FOR A REFUND OF FEES PAID.
1. License to Use. Arbor grants You a limited, revocable non-exclusive, non-transferable license (the “License”) to: a) use Arbor’s
software in machine-readable form that is shipped to You and/or identified on the attached form (“Form”) and accompanying
documentation (collectively “Product”) on the machines on which the software has been installed or authorized by Arbor; and/or b)
access and use the Services as described herein. The term of the license shall be as stated on the Form. Your affiliate(s), purchasing
agents, and outsourcing vendors (“Affiliates”) may on your behalf purchase or use Product and/or Services hereunder so long as each is
bound to terms as in this Agreement and You indemnify Arbor for their breach of this Agreement. Any future trial or purchase of Product
and services and future trials or purchases of Services is governed exclusively by this Agreement and may be effected by You or Your
Affiliates providing a purchase order or trial request. Trial term licenses for Services shall be as stated on the Form. Trial term licenses for
Product shall be for the longer of thirty (30) days from date of Product’s delivery to You or as stated on the Form supplied by Arbor. Any
feed, release, revision or enhancement to the Software that Arbor may furnish to You becomes a part of Product or Services and is
governed by this Agreement. Specifically for Product, if You have not purchased a license by the end of a Product trial term or You breach
this Agreement, You agree to return Product and any machine provided by Arbor to Arbor in its original condition less normal wear and
tear in original packaging or equivalent and in accordance with Arbor’s RMA process within 10 days. You agree to pay for any damage to
Product occurring prior to receipt by Arbor. If You purchase a license to Product, this Agreement will control that purchase and title to
machines (where applicable) provided hereunder vests in You.
2. Proprietary Rights and Restrictions. Arbor and/or its licensors and outsourcing vendors (together, “Vendors”) retain all right,
title, and interest in the Software and in all copies thereof, and no title to the Software or any intellectual property or other rights therein,
are transferred to You other than as specified herein. No right, title or interest to any trademarks, service marks or trade names of Arbor
or its Vendors is granted by this Agreement. Software is copyrighted and contains proprietary information and trade secrets belonging
to Arbor and/or its Vendors. You will only use Software for Your own internal business purposes. You may not make copies of the
Software, other than a single copy in machine-readable format for back-up or archival purposes. You may make copies of the associated
documentation for Your internal use only. You shall ensure that all proprietary rights notices on Software are reproduced and applied to
any copies. Licenses are limited to use in accordance with the “Description” on the Form and user documentation. You agree not to
cause or permit the reverse engineering or decompilation of the Software or to derive source code therefrom. You may not create
derivative works based upon all or part of Software. You may not transfer, lend, lease, assign, sublicense, and/or make available through
timesharing, Software, in whole or in part. If you are purchasing spare Product, You’re only licensed to use such spare during such time as
another Product is removed from service for repair.
3. Confidentiality. When disclosing information under this Agreement, the disclosing party will be the “Disclosing Party” and the
receiving party will be the “Receiving Party.” The term “Confidential Information” includes: (a) a party’s technical, financial, commercial or
other proprietary information including without limitation product roadmaps, pricing, software code and documentation, Software,
techniques or systems and (b) information or data that is confidential and proprietary to a third party and is in the possession or control
of a party. The Receiving Party will not disclose any of the Disclosing Party’s Confidential Information to any third party except to the
extent such disclosure is necessary for performance of the Agreement or it can be documented that any such Confidential Information is
in the public domain and generally available to the general public without any restriction or license, or is required to be disclosed by any
authority having jurisdiction so long as Disclosing Party is provided advance notice of such disclosure by the Receiving Party. Each party’s
respective Confidential Information shall remain its own property. Notwithstanding the foregoing, Arbor may use anonymized data from
the Product or Services for its business purposes provided that Arbor shall not identify You to any third party as the source of such data.
4. Product Warranty, Indemnification. Arbor warrants, for sixty (60) days from shipment, that Product will perform in compliance
with user manuals accompanying Product. If, within sixty (60) days of shipment, You report to Arbor that Product is not performing as
described above, and Arbor is unable to correct it within sixty (60) days of the date You report it, You may return the non-performing
Product at Arbor’s expense, and Arbor will refund amounts paid for such Product. The foregoing is Your sole and exclusive remedy.
Arbor agrees to defend You from and against any third party claim or action based on any alleged infringement of any U.S. patent or
copyright arising from use of the Product or Services according to the terms and conditions of this Agreement (“Claim”), and Arbor
agrees to indemnify You from damages awarded against You in any such Claim or settlement thereof, provided that (i) Arbor is promptly
notified in writing of such Claim, (ii) You grant Arbor sole control of the defense and any related settlement negotiations, and (iii) You
cooperate with Arbor in defense of such Claim. Notwithstanding the foregoing, Arbor shall have no liability to You if the infringement
results from (a) use of the Product or Services in combination with software not provided by Arbor; (b) modifications to the Product or
Services not made by Arbor; (c) use of the Product or Services other than in accordance with the Documentation or this Agreement; or
(d) failure to use an updated, non-infringing version of the applicable Product or Services. The foregoing states the entire liability of Arbor
with respect to infringement.
5. Limitations. EXCEPT AS OTHERWISE PROVIDED HEREIN, ARBOR AND ITS THIRD PARTY VENDORS MAKE NO OTHER
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. ARBOR’S AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING OUT OF OR
IN CONNECTION WITH THIS AGREEMENT, THE PERFORMANCE OF PRODUCT PROVIDED HEREUNDER, AND/OR ARBOR'S
PERFORMANCE OF SERVICES (INCLUDING, WITHOUT LIMITATION, THE SERVICES), SHALL NOT EXCEED THE
AMOUNT PAID UNDER THIS AGREEMENT FOR PRODUCT AND/OR SERVICES WITHIN THE TWELVE (12) MONTH
PERIOD IMMEDIATELY PRECEDING THE CLAIM, WHETHER A CLAIM IS BASED ON CONTRACT OR TORT,
INCLUDING NEGLIGENCE. IN NO EVENT SHALL ARBOR OR ITS VENDORS BE LIABLE FOR ANY INDIRECT, SPECIAL,
INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES
RESULTING FROM LOSS OF PROFITS, DATA, OR BUSINESS ARISING OUT OF OR IN CONNECTION WITH THIS
AGREEMENT, EVEN IF ARBOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL
ARBOR BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION
DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA. YOUR SOLE RECOURSE
HEREUNDER SHALL BE AGAINST ARBOR AND YOU SHALL HOLD THIRD PARTY VENDORS HARMLESS.
6. Product Installation and Support. Installation purchased directly from Arbor with Product is governed by this
Agreement, but Arbor shall not be required to continue any installation for longer than 90 days following receipt of Product. If a
perpetual license is granted hereunder, You agree to purchase support ("Support") for at least the initial year from shipment.
Thereafter, Arbor will invoice approximately sixty (60) days prior to the end of the Support term for additional one-year periods
so long as Product is covered by Support. Failure to pay such invoice will result in a lapse of Your Support. If Support lapses,
upon renewal of Support a 10% reinstatement fee will be assessed and you shall pay all Support fees back to the date Support
lapsed. Each annual renewal service price shall be no less than the previous service price. With Support, Arbor will provide You
(i) telephone and email based technical support in accordance with the level purchased and (ii) all new maintenance releases to
Product when and if available during Your participation in Support. Arbor shall not be required to provide Support on any
Product (i) for more than twelve months after its general release, or (ii) more than one release behind the currently shipping
release. Arbor shall be permitted to subcontract any or all of its services or Support obligations under this Agreement to an
affiliated company including, without limitation, Arbor Networks, Inc. in the United States.
7. Export Regulation and Government Rights. You agree to comply strictly with all U.S. export control laws, including
the U.S. Export Administration Act and Export Administration Regulations (“EAR”). Product is prohibited for export or re-
export to the list of terrorist supporting countries or to any person or entity on the U.S. Department of Commerce Denied
Persons List or on the U.S. Department of Treasury's lists of Specially Designated Nationals, Specially Designated Narcotics
Traffickers or Specially Designated Terrorists. If Product is being shipped by Arbor, then it is exported from the U.S. in
accordance with the EAR. Diversion contrary to U.S. law is prohibited. If You are licensing Product or its accompanying
documentation on behalf of the U.S. Government, it is classified as “Commercial Computer Product” and “Commercial
Computer Documentation” developed at private expense, contains confidential information and trade secrets of Arbor and its
licensors, and is subject to “Restricted Rights” as that term is defined in the Federal Acquisition Regulations (“FARs”).
Contractor/Manufacturer is: Arbor Networks, Inc., and its subsidiaries, Burlington, Massachusetts, USA.
8. Modifications to the Agreement. Notwithstanding anything to the contrary in this Agreement, Arbor may modify
Sections 1-3 and 6-8 of this Agreement (including any referenced policies or terms) as they relate to the Services at any time by
posting a revised version at www.arbornetworks.com/cloud-suppterms or www.arbornetworks.com/managedservice_
suppterms and any successor site designated by Arbor. The modified terms will become effective upon posting. By continuing
to use the Services after the effective date of any modification to this Agreement, you agree to be bound by the modified terms.
It is Your responsibility to check the referenced site regularly for modifications to this Agreement.
9. General. This Agreement is made under the laws of the Commonwealth of Massachusetts, USA, excluding the choice of
law and conflict of law provisions. You consent to the federal and state courts of Massachusetts as sole jurisdiction and venue
for any litigation arising from or relating to this Agreement. This Agreement is the entire agreement between You and Arbor
relating to Product and Services and supersedes all prior, contemporaneous and future communications, proposals and
understandings with respect to its subject matter, as well as without limitation terms and conditions of any past, present or
future purchase order. No modification to this Agreement is binding unless in writing and signed by a duly authorized
representative of each party. The waiver or failure of either party to exercise any right provided for herein shall not be deemed a
waiver of any further right hereunder. If any provision of this Agreement is held invalid, all other provisions shall continue in full
force and effect. All licenses and rights granted hereunder shall terminate upon expiration of the term or Your breach of this
Agreement. Neither party shall be liable for the failure to perform its obligations under this Agreement due to events beyond
such party's reasonable control including, but not limited to, strikes, riots, wars, fire, acts of God or acts in compliance with any
applicable law, regulation or order of any court or governmental body. Neither party may assign its rights, duties or obligations
under this Agreement without the prior written consent of the other party and any attempt to do so shall be void; except to a
successor by merger, acquisition or restructuring that assumes the rights and duties of this Agreement. The following sections
survive termination or expiration of this Agreement: Proprietary Rights and Restrictions, Confidentiality, Limitations, Export and
Government Rights, and General. All Product shipments are FCA Shipping Point and title to machines shall pass upon
shipment. (07-09-15)