STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.

DISA Rule

SV-217085r639663_rule

Vulnerability Number

V-217085

Group Title

SRG-NET-000362-RTR-000120

Rule Version

JUNI-RT-000810

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to limit the multicast forwarding cache for source-active entries.

[edit routing-options multicast]
set forwarding-cache threshold suppress 5000 reuse 4000

Check Contents

Review the router configuration to determine if forwarding cache thresholds are defined as shown in the example below.

routing-options {
multicast {



}
forwarding-cache {
threshold {
suppress 5000;
reuse 4000;
}
}
}
}

If the RP router is not configured to limit the multicast forwarding cache to ensure that its resources are not saturated, this is a finding.

Vulnerability Number

V-217085

Documentable

False

Rule Version

JUNI-RT-000810

Severity Override Guidance

Review the router configuration to determine if forwarding cache thresholds are defined as shown in the example below.

routing-options {
multicast {



}
forwarding-cache {
threshold {
suppress 5000;
reuse 4000;
}
}
}
}

If the RP router is not configured to limit the multicast forwarding cache to ensure that its resources are not saturated, this is a finding.

Check Content Reference

M

Target Key

4032

Comments