Introduction

Routing is a fundamental part of any IP (Internet Protocol)-based infrastructure. Every device on an IP-based network uses routes to determine the next hop or location it needs to access the desired host. In many cases, firewalls are just glorified routers. They provide firewall features, but are still a core routing component in many organizations' networks. Routers themselves are usually capable of providing a stateful firewall.

Juniper's NetScreen firewalls are capable of providing routing services above and beyond the average router. NetScreen firewalls can provide the capability to split a normal single routing table into multiple virtual routers. A virtual router is a logical router that can perform all of the tasks a normal routing engine can do. It can contain all of the static routes including the default route. Virtual routers are also capable of supporting dynamic routing protocols.

Most firewall products are very limited in supporting dynamic routing. It is often argued that firewalls should not be integrated into a dynamic routing environment. However, this is often difficult, as firewalls are at the core of most networks. Juniper helps mitigate this risk with virtual routers by allowing you to split your routing domain into multiple virtual routers.

One virtual router can contain all of your outward routes toward the Internet or other untrusted area. A second virtual router can contain all of your internal routes. These routes are contained separate from each other and by default are unknown between each virtual router.

There are three routing protocols...