The Juniper BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).
An XCCDF Rule
Description
<VulnDiscussion>Accepting route advertisements belonging to the local AS can result in traffic looping, being black holed, or at a minimum using a nonoptimized path.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-253975r843958_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Ensure all eBGP routers are configured to reject inbound route advertisements for any prefixes belonging to the local AS.
set policy-options route-filter-list local-routes 192.0.2.0/24 orlonger
set policy-options route-filter-list local-routes 192.0.3.0/24 orlonger
set policy-options route-filter-list local-routes-ipv6 2001:db8:2::/64 orlonger
set policy-options route-filter-list local-routes-ipv6 2001:db8:3::/64 orlonger