What is TCP-MD5 and when should you enable it on BGP sessions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What is TCP-MD5 and when should you enable it on BGP sessions?

Explanation:
TCP-MD5 secures the BGP session by authenticating the underlying TCP connection with a shared secret. It adds an MD5-based hash to TCP segments so both peers can verify that the other side knows the secret, preventing unauthorized peers from establishing or hijacking the BGP session. It does not encrypt BGP messages or sign them at the application layer, so confidentiality and per-message integrity beyond the TCP connection aren’t provided by TCP-MD5 itself. Enable TCP-MD5 when the route between peers traverses untrusted networks or there is a higher risk of spoofing, such as across the public Internet or between operators with potential misconfigurations. Configuration requires sharing the same secret on both ends; if the secret mismatches or one side doesn’t support it, the session will fail to establish. In short, TCP-MD5 protects the integrity of the TCP session used by BGP, not the content of BGP messages themselves, and is most useful where the risk of spoofed TCP connections is nontrivial.

TCP-MD5 secures the BGP session by authenticating the underlying TCP connection with a shared secret. It adds an MD5-based hash to TCP segments so both peers can verify that the other side knows the secret, preventing unauthorized peers from establishing or hijacking the BGP session. It does not encrypt BGP messages or sign them at the application layer, so confidentiality and per-message integrity beyond the TCP connection aren’t provided by TCP-MD5 itself.

Enable TCP-MD5 when the route between peers traverses untrusted networks or there is a higher risk of spoofing, such as across the public Internet or between operators with potential misconfigurations. Configuration requires sharing the same secret on both ends; if the secret mismatches or one side doesn’t support it, the session will fail to establish.

In short, TCP-MD5 protects the integrity of the TCP session used by BGP, not the content of BGP messages themselves, and is most useful where the risk of spoofed TCP connections is nontrivial.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy