← Back to Cisco IOS XE Router RTR Security Technical Implementation Guide

V-229031

CAT II (Medium)

The Cisco router must be configured to have Cisco Express Forwarding enabled.

Rule ID

SV-229031r878127_rule

STIG

Cisco IOS XE Router RTR Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

The Cisco Express Forwarding (CEF) switching mode replaces the traditional Cisco routing cache with a data structure that mirrors the entire system routing table. Because there is no need to build cache entries when traffic starts arriving for new destinations, CEF behaves more predictably when presented with large volumes of traffic addressed to many destinations—such as SYN flood attacks. Because many SYN flood attacks use randomized source addresses to which the hosts under attack will reply to, there can be a substantial amount of traffic for a large number of destinations that the router will have to handle. Consequently, routers configured for CEF will perform better under SYN floods directed at hosts inside the network than routers using the traditional cache.

Check Content

Review the router to verify that CEF is enabled.

IPv4 Example: ip cef 
IPv6 Example: ipv6 cef

If CEF is not enabled, this is a finding.

Fix Text

Enable CEF

IPv4 Example: ip cef 
IPv6 Example: ipv6 cef