STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216789r531087_rule
V-216789
SRG-NET-000193-RTR-000001
CISC-RT-000610
CAT III
10
Configure the router to rate limit RSVP messages as shown in the example.
RP/0/0/CPU0:R3(config)#rsvp interface g0/0/0/1
RP/0/0/CPU0:R3(config-rsvp-if)#signaling rate-limit rate 50 interval 500
RP/0/0/CPU0:R3(config-rsvp-if)#end
Review the router configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled on any interface as shown in the example below.
mpls traffic-eng
interface GigabitEthernet0/0/0/1
Step 2: If MPLS TE is enabled, verify that RSVP messages are rate limited on each interface. The example allows 50 messages per 500 milliseconds.
rsvp
interface GigabitEthernet0/0/0/1
signaling rate-limit rate 50 interval 500
Note: The command rsvp msg-pacing has been deprecated by the command ip rsvp signaling rate-limit command.
If the router with RSVP-TE enabled does not have message pacing configured based on the link speed and input queue size of adjacent core routers, this is a finding.
V-216789
False
CISC-RT-000610
Review the router configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled on any interface as shown in the example below.
mpls traffic-eng
interface GigabitEthernet0/0/0/1
Step 2: If MPLS TE is enabled, verify that RSVP messages are rate limited on each interface. The example allows 50 messages per 500 milliseconds.
rsvp
interface GigabitEthernet0/0/0/1
signaling rate-limit rate 50 interval 500
Note: The command rsvp msg-pacing has been deprecated by the command ip rsvp signaling rate-limit command.
If the router with RSVP-TE enabled does not have message pacing configured based on the link speed and input queue size of adjacent core routers, this is a finding.
M
4029