How can RPKI, IRR data, and prefix-lists be combined to create robust inbound filtering?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

How can RPKI, IRR data, and prefix-lists be combined to create robust inbound filtering?

Explanation:
Inbound filtering is strongest when you combine cryptographic validation, policy data, and concrete enforcement rules. RPKI gives cryptographic proof that a prefix is legitimately originated by the listed AS, so you can classify routes as valid, unknown, or invalid and typically drop the invalid ones. But origin validation alone doesn’t express what you should accept from a neighbor or how to handle borderline cases, so you need policy guidance as well. IRR data provides documented routing policies and allocations from registries, helping you define which prefixes and AS paths are allowed from each peer. That policy information is what you translate into concrete rules your router can enforce. Prefix-lists are the practical mechanism to implement these decisions at the edge, turning the policy and validation outcomes into explicit allow/deny statements that the device applies to inbound traffic. So, using RPKI to validate origins, IRR data to shape acceptable prefixes and paths, and prefix-lists to enforce explicit allow/deny rules gives you cryptographic assurance, policy-aware filtering, and precise, enforceable control at the router.

Inbound filtering is strongest when you combine cryptographic validation, policy data, and concrete enforcement rules. RPKI gives cryptographic proof that a prefix is legitimately originated by the listed AS, so you can classify routes as valid, unknown, or invalid and typically drop the invalid ones. But origin validation alone doesn’t express what you should accept from a neighbor or how to handle borderline cases, so you need policy guidance as well. IRR data provides documented routing policies and allocations from registries, helping you define which prefixes and AS paths are allowed from each peer. That policy information is what you translate into concrete rules your router can enforce. Prefix-lists are the practical mechanism to implement these decisions at the edge, turning the policy and validation outcomes into explicit allow/deny statements that the device applies to inbound traffic.

So, using RPKI to validate origins, IRR data to shape acceptable prefixes and paths, and prefix-lists to enforce explicit allow/deny rules gives you cryptographic assurance, policy-aware filtering, and precise, enforceable control at the router.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy