STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The MPLS router with RSVP-TE enabled must be configured with message pacing or refresh reduction to adjust maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.

DISA Rule

SV-207127r604135_rule

Vulnerability Number

V-207127

Group Title

SRG-NET-000193

Rule Version

SRG-NET-000193-RTR-000001

Severity

CAT III

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Ensure all routers with RSVP-TE enabled have message pacing configured that will adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.

Check Contents

Review the router configuration to verify that the router has been configured to prevent a burst of RSVP traffic engineering signaling messages from overflowing the input queue of any neighbor core router.

If the router with RSVP-TE enabled does not have message pacing configured based on the link speed and input queue size of adjacent core routers, this is a finding.

Vulnerability Number

V-207127

Documentable

False

Rule Version

SRG-NET-000193-RTR-000001

Severity Override Guidance

Review the router configuration to verify that the router has been configured to prevent a burst of RSVP traffic engineering signaling messages from overflowing the input queue of any neighbor core router.

If the router with RSVP-TE enabled does not have message pacing configured based on the link speed and input queue size of adjacent core routers, this is a finding.

Check Content Reference

M

Target Key

2917

Comments