One of the earliest tasks network administrators faced was how to cooperatively route traffic with networks that were out of their administrative control. RIP and OSPF seemed to work well for internal use, but did not offer the control features many engineers felt were needed to route traffic between separate organizations. The creation of BGP solved this problem by allowing engineers to determine how to route traffic not strictly on the shortest path, but on an agreed path. This may sound odd, but since the Internet is actually run mostly by companies (AT&T, Sprint, Verizon, and so on) these companies form agreements on how they can pass traffic, and in what volumes. BGP is also very scalable, which is obviously a key factor in any protocol that must be distributed across the entire world.

As traditional routing functionality has been incorporated into firewalls, the need for support for BGP within firewalls has also increased. BGP has been supported for quite some time in the Juniper firewalls, but the recent introduction of the SSG firewalls has made this feature even more attractive. Since most Internet connections are on WAN-type interfaces (T1s, DS3s) it makes even more sense to forego an Internet router altogether and just place an SSG firewall in its place to handle that task.

In this section, we will lightly cover the main concepts of BGP those pertinent to its application on the Juniper firewalls. We will begin with an overview of the functionality of the BGP...