Chapter 25 - Routing

Abstract

Routing is a powerful tool for any network. It is a fundamental part of any IP (Internet Protocol)-based infrastructure. Every device on an IP-based network uses routes to determine the next hop or location it needs to access the desired host. In many cases, firewalls are just glorified routers. They provide firewall features, but are still a core routing component in many organizations' networks. Routers themselves are usually capable of providing a stateful firewall. NetScreen firewalls can provide the capability to split a normal single routing table into multiple virtual routers. A virtual router is a logical router that can perform all of the tasks a normal routing engine can do. It can contain all of the static routes including the default route. Virtual routers are also capable of supporting dynamic routing protocols. This chapter presents an overview of routing on a NetScreen firewall. NetScreen firewalls have a very unique implementation of routing with the use of virtual routers. A virtual router is capable of splitting the routing domain into multiple virtual domains that allows one to securely use routing protocols in the network. Because a typical firewall only contains one routing table, it may be possible to send poisoned or illegitimate routes into your firewall possible creating outages. There are three routing protocols that can be used with a NetScreen firewall. The first protocol, Routing Information Protocol (RIP), is an older protocol, but it is the most commonly supported protocol. Open Shortest Path First (OSPF) is an extremely robust protocol. OSPF is an open standard protocol and is used by many organizations for their internal networks. Last is Border Gateway Protocol (BGP) that is used to run the routing architecture of the Internet. It is often the most misunderstood protocol due to its complexity.