CISCO-IP-URPF-MIB

        Unicast Reverse Path Forwarding (URPF) is a function that
checks the validity of the source address of IP packets
received on an interface. This in an attempt to prevent
Denial of Service attacks based on IP address spoofing.
        
URPF checks validity of a source address by determining
whether the packet would be successfully routed as a
destination address. 
Based on configuration, the check made
can be for existence of any route for the address, or more
strictly for a route out the interface on which the packet
was received by the device. When a violating packet is
detected, it can be dropped. 
This MIB allows detection of
spoofingevents.

Imported Objects

ciscoMgmtCISCO-SMI
ifIndexIF-MIB
SnmpAdminStringSNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, Gauge32, Integer32, Counter32, Unsigned32, NOTIFICATION-TYPESNMPv2-SMI
TEXTUAL-CONVENTION, TimeStamp, TruthValueSNMPv2-TC

Type Definitions (2)

Name Base Type Values/Constraints
UnicastRpfOptionsallowDefault(0), allowSelfPing(1)
UnicastRpfTypestrict(1), loose(2), disabled(3)

Objects

ciscoIpUrpfMIB .1.3.6.1.4.1.9.9.451
ciscoIpUrpfMIBNotifs .1.3.6.1.4.1.9.9.451.0
ciscoIpUrpfMIBObjects .1.3.6.1.4.1.9.9.451.1
cipUrpfScalar .1.3.6.1.4.1.9.9.451.1.1
cipUrpfDropRateWindow .1.3.6.1.4.1.9.9.451.1.1.1
cipUrpfComputeInterval .1.3.6.1.4.1.9.9.451.1.1.2
cipUrpfDropNotifyHoldDownTime .1.3.6.1.4.1.9.9.451.1.1.3
cipUrpfStatistics .1.3.6.1.4.1.9.9.451.1.2
cipUrpfTable .1.3.6.1.4.1.9.9.451.1.2.1
cipUrpfEntry .1.3.6.1.4.1.9.9.451.1.2.1.1
cipUrpfIpVersion .1.3.6.1.4.1.9.9.451.1.2.1.1.1
cipUrpfDrops
.1.3.6.1.4.1.9.9.451.1.2.1.1.2
cipUrpfDropRate
.1.3.6.1.4.1.9.9.451.1.2.1.1.3
cipUrpfIfMonTable .1.3.6.1.4.1.9.9.451.1.2.2
cipUrpfIfMonEntry
.1.3.6.1.4.1.9.9.451.1.2.2.1
cipUrpfIfIpVersion .1.3.6.1.4.1.9.9.451.1.2.2.1.1
cipUrpfIfDrops
.1.3.6.1.4.1.9.9.451.1.2.2.1.2
cipUrpfIfSuppressedDrops
.1.3.6.1.4.1.9.9.451.1.2.2.1.3
cipUrpfIfDropRate
.1.3.6.1.4.1.9.9.451.1.2.2.1.4
cipUrpfIfDiscontinuityTime
.1.3.6.1.4.1.9.9.451.1.2.2.1.5
cipUrpfVrfIfTable .1.3.6.1.4.1.9.9.451.1.2.3
cipUrpfVrfIfEntry
.1.3.6.1.4.1.9.9.451.1.2.3.1
cipUrpfVrfIfDrops
.1.3.6.1.4.1.9.9.451.1.2.3.1.2
cipUrpfVrfIfDiscontinuityTime
.1.3.6.1.4.1.9.9.451.1.2.3.1.3
cipUrpfInterfaceConfig .1.3.6.1.4.1.9.9.451.1.3
cipUrpfIfConfTable .1.3.6.1.4.1.9.9.451.1.3.1
cipUrpfIfConfEntry .1.3.6.1.4.1.9.9.451.1.3.1.1
cipUrpfIfDropRateNotifyEnable
.1.3.6.1.4.1.9.9.451.1.3.1.1.1
cipUrpfIfNotifyDropRateThreshold .1.3.6.1.4.1.9.9.451.1.3.1.1.2
cipUrpfIfNotifyDrHoldDownReset
.1.3.6.1.4.1.9.9.451.1.3.1.1.3
cipUrpfIfCheckStrict .1.3.6.1.4.1.9.9.451.1.3.1.1.4
cipUrpfIfWhichRouteTableID .1.3.6.1.4.1.9.9.451.1.3.1.1.5
cipUrpfIfVrfName .1.3.6.1.4.1.9.9.451.1.3.1.1.6
cipUrpfVrf .1.3.6.1.4.1.9.9.451.1.4
cipUrpfVrfTable .1.3.6.1.4.1.9.9.451.1.4.1
cipUrpfVrfEntry .1.3.6.1.4.1.9.9.451.1.4.1.1
cipUrpfVrfName .1.3.6.1.4.1.9.9.451.1.4.1.1.1
ciscoIpUrpfMIBConformance .1.3.6.1.4.1.9.9.451.2
ciscoIpUrpfMIBCompliances .1.3.6.1.4.1.9.9.451.2.1
ciscoIpUrpfMIBGroups .1.3.6.1.4.1.9.9.451.2.2

Notifications/Traps

NameOIDDescription
cipUrpfIfDropRateNotify

.1.3.6.1.4.1.9.9.451.0.1
This notification is generated when
cipUrpfIfDropRateNotifyEnable is set to true and
the calculated URPF drop rate (cipUrpfIfDropRate) 
exceeds the notification threshold drop rate 
(cipUrpfIfNotifyDropRateThreshold). Note the 
exceptional value of 0 for threshold allows notification 
generation if any drop events occur in an interval.
          
After generating this notification, another such
notification will not be sent out for a minimum of five 
minutes (note the exception to this provided by 
cipUrpfIfNotifyDrHoldDownReset).
          
The object value present in the notification is the 
the drop rate that exceeded the threshold.