The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-217079	SRG-NET-000193-RTR-000113	JUNI-RT-000740	SV-217079r604135_rule	2024-12-05	3

Description
Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework to differentiate traffic and provide a method to manage network congestion. The Differentiated Services Model (DiffServ) is based on per-hop behavior by categorizing traffic into different classes and enabling each node to enforce a forwarding treatment to each packet as dictated by a policy. Packet markings such as IP Precedence and its successor, Differentiated Services Code Points (DSCP), were defined along with specific per-hop behaviors for key traffic types to enable a scalable QoS solution. DiffServ QoS categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment based on the classification. It is imperative that end-to-end QoS is implemented within the IP core network to provide preferred treatment for mission-critical applications.

Description

Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework to differentiate traffic and provide a method to manage network congestion. The Differentiated Services Model (DiffServ) is based on per-hop behavior by categorizing traffic into different classes and enabling each node to enforce a forwarding treatment to each packet as dictated by a policy. Packet markings such as IP Precedence and its successor, Differentiated Services Code Points (DSCP), were defined along with specific per-hop behaviors for key traffic types to enable a scalable QoS solution. DiffServ QoS categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment based on the classification. It is imperative that end-to-end QoS is implemented within the IP core network to provide preferred treatment for mission-critical applications.

ℹ️ Check
Review the router configuration and verify that it has been configured to enforce a QoS policy in accordance with the QoS GIG Technical Profile (GTP-0009). The router must be configured to use either configured or default Behavior Aggregate (BA) classifier on all interfaces as shown in the example below: class-of-service { … … … } interfaces { ge-0/0/1 { unit 0 { classifiers { dscp default; } } } ge-0/1/0 { unit 0 { classifiers { dscp default; } } } ge-1/0/1 { unit 0 { classifiers { dscp default; } } } ge-1/1/0 { unit 0 { classifiers { dscp default; } } } Note: The GTP QOS document (GTP-0009) can be downloaded via the following link: https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List If the router is not configured to enforce a QoS policy in accordance with the QoS DODIN Technical Profile, this is a finding.

ℹ️ Check

Review the router configuration and verify that it has been configured to enforce a QoS policy in accordance with the QoS GIG Technical Profile (GTP-0009). The router must be configured to use either configured or default Behavior Aggregate (BA) classifier on all interfaces as shown in the example below: class-of-service { … … … } interfaces { ge-0/0/1 { unit 0 { classifiers { dscp default; } } } ge-0/1/0 { unit 0 { classifiers { dscp default; } } } ge-1/0/1 { unit 0 { classifiers { dscp default; } } } ge-1/1/0 { unit 0 { classifiers { dscp default; } } } Note: The GTP QOS document (GTP-0009) can be downloaded via the following link: https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List If the router is not configured to enforce a QoS policy in accordance with the QoS DODIN Technical Profile, this is a finding.

✔️ Fix
Configure all interfaces to use a configured or the default BA classifier as shown in the example below: [edit class-of-service interfaces] set ge-0/0/1 unit 0 classifiers dscp default set ge-0/1/0 unit 0 classifiers dscp default set ge-1/0/1 unit 0 classifiers dscp default set ge-1/1/0 unit 0 classifiers dscp default Note: The GTP QOS document (GTP-0009) can be downloaded via the following link: https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List

✔️ Fix

Configure all interfaces to use a configured or the default BA classifier as shown in the example below: [edit class-of-service interfaces] set ge-0/0/1 unit 0 classifiers dscp default set ge-0/1/0 unit 0 classifiers dscp default set ge-1/0/1 unit 0 classifiers dscp default set ge-1/1/0 unit 0 classifiers dscp default Note: The GTP QOS document (GTP-0009) can be downloaded via the following link: https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List