UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78327 SRG-NET-000362-RTR-000120 SV-93033r1_rule Low
Description
MSDP peering between networks enables sharing of multicast source information. Enclaves with an existing multicast topology using PIM-SM can configure their RP routers to peer with MSDP routers. As a first step of defense against a denial-of-service (DoS) attack, all RP routers must limit the multicast forwarding cache to ensure that router resources are not saturated managing an overwhelming number of PIM and MSDP source-active entries.
STIG Date
Router Security Requirements Guide 2020-06-30

Details

Check Text ( C-77885r1_chk )
Review the router configuration to determine if forwarding cache thresholds are defined.

If the RP router is not configured to limit the multicast forwarding cache to ensure that its resources are not saturated, this is a finding.
Fix Text (F-85055r1_fix)
Configure MSDP-enabled RP routers to limit the multicast forwarding cache for source-active entries.