What are BGP communities and how can they be used to implement security-related policies?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What are BGP communities and how can they be used to implement security-related policies?

Explanation:
BGP communities are a tagging mechanism attached to a route as it moves across different autonomous systems. These tags carry policy intent that downstream routers and peering partners can recognize and act upon. Because the tag travels with the route, it lets each network decide how to treat that route without needing to renegotiate the path or rewrite core attributes like AS_PATH. This tagging approach is especially useful for security-related controls at scale. A network can assign a community that signals its downstream neighbors to apply specific filtering rules, adjust local preference to favor or deprioritize a path, or trigger other policy actions such as blackholing, traffic steering to a scrubbing service, or special handling during incident response. The beauty is that policy decisions live in the receiving network’s routing policy, enabling coordinated security actions with minimal changes to the underlying routing state. Encryption, on the other hand, is not something BGP communities provide; protecting route integrity or confidentiality typically involves other mechanisms (like transport security or cryptographic validation). Similarly, BGP communities do not directly set the AS_PATH length. While communities can influence how routes are filtered or advertised, they are a tagging mechanism specifically designed to convey policy intent so peers can apply security- or policy-related actions accordingly.

BGP communities are a tagging mechanism attached to a route as it moves across different autonomous systems. These tags carry policy intent that downstream routers and peering partners can recognize and act upon. Because the tag travels with the route, it lets each network decide how to treat that route without needing to renegotiate the path or rewrite core attributes like AS_PATH.

This tagging approach is especially useful for security-related controls at scale. A network can assign a community that signals its downstream neighbors to apply specific filtering rules, adjust local preference to favor or deprioritize a path, or trigger other policy actions such as blackholing, traffic steering to a scrubbing service, or special handling during incident response. The beauty is that policy decisions live in the receiving network’s routing policy, enabling coordinated security actions with minimal changes to the underlying routing state.

Encryption, on the other hand, is not something BGP communities provide; protecting route integrity or confidentiality typically involves other mechanisms (like transport security or cryptographic validation). Similarly, BGP communities do not directly set the AS_PATH length. While communities can influence how routes are filtered or advertised, they are a tagging mechanism specifically designed to convey policy intent so peers can apply security- or policy-related actions accordingly.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy