STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020: STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:SV-80847r1_rule
V-66357
NET2002
NET2002
CAT III
10
Configure the MPLS router to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.
Review the router configuration and verify that the "mpls ldp sync" command is configured on the IS-IS or OSPF configuration as shown in the following example:
mpls ip
mpls label protocol ldp
!
interface POS0/3
ip router isis
mpls ip
...
...
...
router isis
mpls ldp sync
If not all MPLS routers synchronize IGP and LDP, this is a finding.
Note: If the LDP peer is reachable, the IGP waits indefinitely (by default) for synchronization to be achieved. To limit the length of time the IGP session must wait, enter the "mpls ldp igp sync holddown" command. If the LDP peer is not reachable, the IGP establishes the adjacency to enable the LDP session to be established.
V-66357
False
NET2002
Review the router configuration and verify that the "mpls ldp sync" command is configured on the IS-IS or OSPF configuration as shown in the following example:
mpls ip
mpls label protocol ldp
!
interface POS0/3
ip router isis
mpls ip
...
...
...
router isis
mpls ldp sync
If not all MPLS routers synchronize IGP and LDP, this is a finding.
Note: If the LDP peer is reachable, the IGP waits indefinitely (by default) for synchronization to be achieved. To limit the length of time the IGP session must wait, enter the "mpls ldp igp sync holddown" command. If the LDP peer is not reachable, the IGP establishes the adjacency to enable the LDP session to be established.
M
838