STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017: STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:SV-87753r1_rule
V-73101
NET-SDN-015
NET-SDN-015
CAT III
10
Configure the SDN manager or controller to set a threshold on the number of unknown data plane packets that are allowed to be punted by a virtual router or switch to the controller within a specific amount of time.
Configure all physical SDN-enabled switches and routers to rate limit the amount of packets that are punted to the SDN controller.
Review the parameters provided by the SDN manager or controller when deploying router or switch instances to determine if they set a threshold on the number of unknown data plane packets that are allowed to be punted by a virtual router or switch to the controller within a specific amount of time.
Review the configuration of all physical SDN-enabled switches and routers and verify that packet-in messages are rate limited.
If SDN-enabled routers and switches do not rate limit the amount of unknown data plane packets that are punted to the SDN controller, this is a finding.
V-73101
False
NET-SDN-015
Review the parameters provided by the SDN manager or controller when deploying router or switch instances to determine if they set a threshold on the number of unknown data plane packets that are allowed to be punted by a virtual router or switch to the controller within a specific amount of time.
Review the configuration of all physical SDN-enabled switches and routers and verify that packet-in messages are rate limited.
If SDN-enabled routers and switches do not rate limit the amount of unknown data plane packets that are punted to the SDN controller, this is a finding.
M
3089