How should you secure BGP sessions with both IPv4 and IPv6 peers?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

How should you secure BGP sessions with both IPv4 and IPv6 peers?

Explanation:
Securing BGP sessions means protecting the TCP stream that carries the BGP messages, so both IPv4 and IPv6 neighbor relationships should be authenticated in the same way with the same credentials. Using the same method and the same keys across both address families ensures every BGP session has equivalent protection, avoids configuration gaps, and minimizes management complexity. MD5 or TCP-AO are common choices because they provide authentication and integrity for the BGP session without changing how BGP itself operates over TCP. If you authenticate one session but not the other, or use a different method for IPv6, you create a weak link where a forged or spoofed connection could appear for the unprotected session. TLS is not the standard approach for BGP in most deployments, since BGP normally runs over TCP with its own per-session authentication; relying on TLS for IPv6 only would require broader changes and isn’t aligned with typical BGP practice. Not authenticating at all leaves you highly exposed to session hijacking and spoofed peers. So, applying the same authentication method with proper keys to both IPv4 and IPv6 BGP sessions is the best practice.

Securing BGP sessions means protecting the TCP stream that carries the BGP messages, so both IPv4 and IPv6 neighbor relationships should be authenticated in the same way with the same credentials. Using the same method and the same keys across both address families ensures every BGP session has equivalent protection, avoids configuration gaps, and minimizes management complexity. MD5 or TCP-AO are common choices because they provide authentication and integrity for the BGP session without changing how BGP itself operates over TCP.

If you authenticate one session but not the other, or use a different method for IPv6, you create a weak link where a forged or spoofed connection could appear for the unprotected session. TLS is not the standard approach for BGP in most deployments, since BGP normally runs over TCP with its own per-session authentication; relying on TLS for IPv6 only would require broader changes and isn’t aligned with typical BGP practice. Not authenticating at all leaves you highly exposed to session hijacking and spoofed peers.

So, applying the same authentication method with proper keys to both IPv4 and IPv6 BGP sessions is the best practice.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy