STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper Router RTR Security Technical Implementation Guide

V-217085

CAT III (Low)

The Juniper multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.

Rule ID

SV-217085r878057_rule

STIG

Juniper Router RTR Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-002385

Discussion

MSDP peering between networks enables sharing of multicast source information. Enclaves with an existing multicast topology using PIM-SM can configure their RP routers to peer with MSDP routers. As a first step of defense against a denial-of-service (DoS) attack, all RP routers must limit the multicast forwarding cache to ensure that router resources are not saturated managing an overwhelming number of PIM and MSDP source-active entries.

Check Content

Review the router configuration to determine if forwarding cache thresholds are defined as shown in the example below.

routing-options {
    multicast {
        …
        …
        …
        }
        forwarding-cache {
            threshold {
                suppress 5000;
                reuse 4000;
            }
        }
    }
}

If the RP router is not configured to limit the multicast forwarding cache to ensure that its resources are not saturated, this is a finding.

Fix Text

Configure the router to limit the multicast forwarding cache for source-active entries.

[edit routing-options multicast]
set forwarding-cache threshold suppress 5000 reuse 4000