What is a key difference between eBGP and iBGP in terms of path propagation and security implications?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What is a key difference between eBGP and iBGP in terms of path propagation and security implications?

Explanation:
The main idea here is where the BGP session runs and how routes are shared. eBGP operates between different autonomous systems, so there’s a clear policy boundary. Because these boundaries are trusted only to a degree, you need strict filtering to control which routes are advertised and accepted, and you rely on TTL management to ensure the session is truly between directly connected peers and to help prevent certain spoofing/connection problems. This mirrors the security posture at the network boundary: you’re enforcing what crosses into another AS. iBGP, on the other hand, runs inside a single AS. Inside one AS, you don’t have the same external boundary protections, so you must design the internal topology so that all routers can learn the desired routes. That’s why iBGP requires a full mesh of peers or the use of route reflectors; without that topology, routes learned from one iBGP neighbor aren’t reliably propagated to others, which would lead to incomplete or inconsistent routing. This internal propagation rule also has security implications: it limits unintended route propagation inside the AS unless the internal policy and topology are carefully managed. The other options don’t fit because they either misstate how the authentication or next-hop behavior works, or incorrectly imply IPv6 vs IPv4 division for eBGP/iBGP, which isn’t the defining distinction being tested here.

The main idea here is where the BGP session runs and how routes are shared. eBGP operates between different autonomous systems, so there’s a clear policy boundary. Because these boundaries are trusted only to a degree, you need strict filtering to control which routes are advertised and accepted, and you rely on TTL management to ensure the session is truly between directly connected peers and to help prevent certain spoofing/connection problems. This mirrors the security posture at the network boundary: you’re enforcing what crosses into another AS.

iBGP, on the other hand, runs inside a single AS. Inside one AS, you don’t have the same external boundary protections, so you must design the internal topology so that all routers can learn the desired routes. That’s why iBGP requires a full mesh of peers or the use of route reflectors; without that topology, routes learned from one iBGP neighbor aren’t reliably propagated to others, which would lead to incomplete or inconsistent routing. This internal propagation rule also has security implications: it limits unintended route propagation inside the AS unless the internal policy and topology are carefully managed.

The other options don’t fit because they either misstate how the authentication or next-hop behavior works, or incorrectly imply IPv6 vs IPv4 division for eBGP/iBGP, which isn’t the defining distinction being tested here.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy