DEFEND_1.3.6.1.4.1.2011.5.25.165.1.11.1 hwBaseSecurityUrpfDiscardedRateRising

Trap Buffer Description

Security URPF drop packets alarmed. (ChassisID=[ChassisID], SlotID=[SlotID], CurrentRateLow=[CurrentRateLow], CurrentRateHigh=[CurrentRateHigh], NotifyEnabled=[NotifyEnabled], RateThreshold=[RateThreshold], RateInterval=[RateInterval])

Security URPF drop packets alarm is generated.

In VS mode, this trap is supported only by the admin VS.

Trap Attributes

Trap Attribute	Description
Alarm or Event	Alarm
Trap Severity	Warning
Mnemonic Code	hwBaseSecurityUrpfDiscardedRateRising
Trap OID	1.3.6.1.4.1.2011.5.25.165.1.11.1
MIB	HUAWEI-SECURITY-MIB
Alarm ID	0x0c152013
Alarm Name	hwBaseSecurityUrpfDiscardedRateRising
Alarm Type	processingErrorAlarm
Raise or Clear	Raise
Match trap	DEFEND_1.3.6.1.4.1.2011.5.25.165.1.11.2 hwBaseSecurityUrpfDiscardedRateResume

Trap Buffer Parameters

Parameter	Description
ChassisID	Indicates a chassis ID.
SlotID	Indicates the slot number of an interface board.
CurrentRateLow	Indicates the low 32 bits of traffic statistics.
CurrentRateHigh	Indicates the high 32 bits of traffic statistics.
NotifyEnabled	Indicates whether the trap function is enabled. 1: Enabled 2: Disabled
RateThreshold	Indicates the threshold of a current alarm.
RateInterval	Indicates the interval of a current alarm.

VB Parameters

VB OID	VB Name	VB Index
1.3.6.1.4.1.2011.5.25.165.1.2.1.1.11	hwLocalUrpfCurrentRateLow	hwLocalUrpfChassisId hwLocalUrpfSlotId
1.3.6.1.4.1.2011.5.25.165.1.2.1.1.12	hwLocalUrpfCurrentRateHigh	hwLocalUrpfChassisId hwLocalUrpfSlotId
1.3.6.1.4.1.2011.5.25.165.1.2.1.1.14	hwLocalUrpfRateThreshold	hwLocalUrpfChassisId hwLocalUrpfSlotId
1.3.6.1.4.1.2011.5.25.165.1.2.1.1.1	hwLocalUrpfChassisId	hwLocalUrpfChassisId hwLocalUrpfSlotId
1.3.6.1.4.1.2011.5.25.165.1.2.1.1.2	hwLocalUrpfSlotId	hwLocalUrpfChassisId hwLocalUrpfSlotId

Impact on the System

The bandwidth for protocol packet sending may be preempted, which may cause protocol interruption or packet loss.

Possible Causes

The number of discarded URPF protocol packets exceeded the alarm threshold.

Procedure

1. Run the display cpu-defend tcpip-defend statistics slot slot-id command to check the information about the interface board protocol CIR and CBS. Check the values of Actual CIR in NP and Actual CBS in NP.

If the configured protocol rate is too low to meet the requirements for service operation, run the car command to increase the rate. After 60 seconds, check whether the alarm is cleared. If the alarm is not cleared, go to Step 2.
If the configured protocol rate meets the requirements for service operation but the alarm is still not cleared, go to Step 2.

2. Run the display cpu-defend policy policy-number command to check the alarm configuration of Application apperceive Configuration. Check whether the protocol configurations of alarm threshold or alarm interval are reasonable.

If the alarm threshold is too low, run the alarm drop-rate command to increase the threshold value according to the traffic volume. Check whether the alarm is cleared. If the alarm is not cleared, go to Step 3.
If the alarm interval is too short, run the alarm drop-rate command to increase the interval. Check whether the alarm is cleared. If the alarm is not cleared, go to Step 3.

3. Run the display attack-source-trace slot slot-id original-information command to check the Attack Source Data. Check the header information cached in the attack source tracing module.

If the packet source IP address or the target IP address does not fall within the service scope, configure attack defense policies to filter the traffic. For specific configurations, see "Configuration of Local Attack Defense". Check whether the alarm is cleared. If the alarm is not cleared, go to Step 4.
If the source IP address and the target IP address of the packet meet the service requirements but the alarm is still not cleared, go to Step 4.

4. Collect the alarm information, log information, and configuration information, and then contact technical support personnel.

5. End.