6.20 Ensure Default Address Selection is Set

Information

The primary address configured on the loopback should be used as the source in all JUNOS generated packets.

Rationale:

To ensure a consistent source address for traffic from the JUNOS Device, the Loopback address should be configured as the default source address for traffic generated by the Routing Engine. By default the primary address on the Routed or Management Interface from which the traffic will be sent will be used.

When configured, packets for NTP, SNMP Traps, SSH, SYSLOG and other protocols initiated by the router will all use the Loopback address for the packets source unless explicitly configured to use a different address at a more specific hierarchy. This predictable source address makes it easier to configure strict Firewall filters on neighboring network devices.

Impact:

The Primary Address configured on the device's loopback interface will be used as the source for all system generated traffic, unless a different address is specified elsewhere.

Solution

To set the default source address to the loopback interface enter the following command from the [edit system] hierarchy:

[edit system]
user@host#set default-address-selection

Ensure that a loopback address has been configured for the device from the [edit interfaces lo0] hierarchy.

Default Value:

No Loopback Address is configured by default and the source address for system generated traffic will be that of the Routed or Management interface nearest the destination.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|11

Plugin: Juniper

Control ID: 48c8c7492527c7f6269a3648f1c02ee1cee36f443955edd0968db5a9526d7115