STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

All Virtual Extensible Local Area Network (VXLAN) enabled switches must be configured with the appropriate VXLAN network identifier (VNI) to ensure VMs can send and receive all associated traffic for their Layer 2 domain.

DISA Rule

SV-87759r1_rule

Vulnerability Number

V-73107

Group Title

NET-SDN-020

Rule Version

NET-SDN-020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Define all applicable member VNIs on each VXLAN-enabled switch.

Check Contents

Review the VXLAN topology and documentation for the SDN deployment that identifies each VXLAN segment and distributed logical switch.

Review the configuration of all physical VXLAN-enabled switches to verify that the applicable VNIs are defined.

If the applicable VNIs have not been defined on all VXLAN-enabled switches, this is a finding.

Note: This requirement is applicable to the implementation of technologies similar to VXLAN (e.g., NVGRE, STT) for the purpose of transporting traffic between virtual machines residing on different physical hosts.

Vulnerability Number

V-73107

Documentable

False

Rule Version

NET-SDN-020

Severity Override Guidance

Review the VXLAN topology and documentation for the SDN deployment that identifies each VXLAN segment and distributed logical switch.

Review the configuration of all physical VXLAN-enabled switches to verify that the applicable VNIs are defined.

If the applicable VNIs have not been defined on all VXLAN-enabled switches, this is a finding.

Note: This requirement is applicable to the implementation of technologies similar to VXLAN (e.g., NVGRE, STT) for the purpose of transporting traffic between virtual machines residing on different physical hosts.

Check Content Reference

M

Target Key

3089

Comments