SV-15360r2_rule
V-14681
Loopback address is not used as the iBGP source IP.
NET0903
CAT III
10
Configure the network device's loopback address as the source address for iBGP peering.
Review the configuration and verify the loopback interface address is used as the source address for all iBGP peering.
Step 1: Verify that a loopback address has been configured with an IP address. The configuration should look similar to the following:
interfaces {
lo0 {
unit 0 {
family inet {
address 10.10.2.1/32;
}
}
}
Note: Only one loopback interface can be configured on Juniper routers; however, multiple addresses can be defined.
Step 2: The vulnerability does not require eBGP peering to use the loopback address. Hence, the BGP router only requires that the loopback address is used to peer with its iBGP neighbors. You should find a configuration similar to the example below:
protocols {
bgp {
group iBGP_111 {
type internal;
local-address 10.10.2.1;
export next-hop-self;
peer-as 111;
neighbor 10.10.2.2;
}
}
}
V-14681
False
NET0903
Review the configuration and verify the loopback interface address is used as the source address for all iBGP peering.
Step 1: Verify that a loopback address has been configured with an IP address. The configuration should look similar to the following:
interfaces {
lo0 {
unit 0 {
family inet {
address 10.10.2.1/32;
}
}
}
Note: Only one loopback interface can be configured on Juniper routers; however, multiple addresses can be defined.
Step 2: The vulnerability does not require eBGP peering to use the loopback address. Hence, the BGP router only requires that the loopback address is used to peer with its iBGP neighbors. You should find a configuration similar to the example below:
protocols {
bgp {
group iBGP_111 {
type internal;
local-address 10.10.2.1;
export next-hop-self;
peer-as 111;
neighbor 10.10.2.2;
}
}
}
M
Information Assurance Officer
510