STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.

DISA Rule

SV-207173r604135_rule

Vulnerability Number

V-207173

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-RTR-000002

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure MPLS routers to use their loopback address as the source address for LDP peering sessions.

Check Contents

Review the router configuration to determine if it uses its loopback address as the source address for LDP peering sessions.

Verify that a loopback address has been configured as shown in the following example:

An MPLS router will use the LDP router ID as the source address for LDP hellos and when establishing TCP sessions with LDP peers; hence, it is necessary to verify that the LDP router ID is the same as the loopback address. By default, routers will assign the LDP router ID using the highest IP address on the router, with preference given to loopback addresses. If the router-id command is specified that overrides this default behavior, verify that it is the IP address of the designated loopback interface.

If the router is not configured do use its loopback address for LDP peering, this is a finding.

The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments