STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper MPLS router with RSVP-TE enabled must be configured to enable refresh reduction features.

DISA Rule

SV-217065r639663_rule

Vulnerability Number

V-217065

Group Title

SRG-NET-000193-RTR-000001

Rule Version

JUNI-RT-000590

Severity

CAT III

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Configure the router to enable all refresh reduction features as shown in the example.

[edit protocols rsvp]
set interface ge-0/0/0.0 aggregate reliable

Note: The aggregate reliable commands will enable the following RSVP refresh reduction features: message bundling, reliable message delivery, and summary refresh.

Check Contents

Review the router configuration to determine if it is compliant with this requirement. The aggregate reliable commands in the example below will enable the following RSVP refresh reduction features: message bundling, Message ID, reliable message delivery, and summary refresh.

protocols {
rsvp {
interface ge-0/0/0.0 {
aggregate;
reliable;
}
}

If the router configured with RSVP-TE does not have refresh reduction features enabled, this is a finding.

Vulnerability Number

V-217065

Documentable

False

Rule Version

JUNI-RT-000590

Severity Override Guidance

Review the router configuration to determine if it is compliant with this requirement. The aggregate reliable commands in the example below will enable the following RSVP refresh reduction features: message bundling, Message ID, reliable message delivery, and summary refresh.

protocols {
rsvp {
interface ge-0/0/0.0 {
aggregate;
reliable;
}
}

If the router configured with RSVP-TE does not have refresh reduction features enabled, this is a finding.

Check Content Reference

M

Target Key

4032

Comments