STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-216699r531086_rule
V-216699
SRG-NET-000193-RTR-000001
CISC-RT-000610
CAT III
10
Configure the router to rate limit RSVP messages per interface as shown in the example.
R2(config)#ip rsvp signalling rate-limit burst 9 maxsize 2100 period 30 limit 50
Review the router configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled globally and at least one interface as shown in the example below:
mpls traffic-eng tunnels
…
…
…
interface GigabitEthernet0/2
ip address x.x.x.x 255.255.255.0
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp signalling rate-limit period 30 burst 9 maxsize 2100 limit 50
Note: The command "ip rsvp msg-pacing" has been deprecated by the command "ip rsvp signalling rate-limit"
If the router with RSVP-TE enabled does not rate limit RSVP messages based on the link speed and input queue size of adjacent core routers, this is a finding.
V-216699
False
CISC-RT-000610
Review the router configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled globally and at least one interface as shown in the example below:
mpls traffic-eng tunnels
…
…
…
interface GigabitEthernet0/2
ip address x.x.x.x 255.255.255.0
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp signalling rate-limit period 30 burst 9 maxsize 2100 limit 50
Note: The command "ip rsvp msg-pacing" has been deprecated by the command "ip rsvp signalling rate-limit"
If the router with RSVP-TE enabled does not rate limit RSVP messages based on the link speed and input queue size of adjacent core routers, this is a finding.
M
4028