You’ve been hearing about SD-WAN for years and probably have a pretty good idea about what it is, so I won’t bore you with historical details that are easily found with a quick Internet search. Instead, let’s get right to the point of this blog: Juniper’s SD-WAN solution.
Juniper has built a rock-solid multi-tenant SD-WAN solution that supports features such as Deep Packet Inspection (DPI), dynamic path selection, analytics, centralized policy management, and a rich user interface. At the heart of Juniper’s SD-WAN, lies Contrail Services Orchestration (CSO), which you have probably come across when announced in customer win stories, 3rd party technical evaluation reports, or industry interoperability testing articles.
For the universal CPE (uCPE), Juniper’s SD-WAN solution offers the carrier-grade NFX250 Network Services Platform, which runs vSRX Virtual Firewall with all of its advanced security and routing features. NFX250 supports multiple Juniper and 3rd party VNFs.
SRX Services Gateways can also be used as physical on-premises CPEs. With DPI support, Juniper’s SD-WAN recognizes thousands of applications with easy-to-create policies for dynamically selecting traffic paths and managing switchover between links.
Now that we’ve described Juniper’s SD-WAN solution, let’s take a closer look at a demo setup (using CSO 3.1 release on a single x86 server) that offers detailed insight into how it all works.
Running an End-to-End SD-WAN Demo
This simulation features a customer called Prime, headquartered in Sunnyvale, CA, with branch offices in Westford, MA and Dallas, TX. We created a hub using an SRX345 Services Gateway in the main office with two spokes: an SRX340 in Westford and an NFX250 in Dallas. The sites are connected through both Internet and MPLS links (created MPLS Cloud using MX routers).
Figure 1: CSO Snapshot of Prime Inc. Network
Deployment of the equipment was painless using zero-touch provisioning (ZTP); the rollout was easy to monitor using real-time logs found under the Monitor tab. The next step was to define and deploy some firewall and NAT security policies via CSO’s easy-to-use interface and real-time monitoring capabilities. A NAT policy allowed traffic from the two branch sites to travel over the Internet. A firewall policy was also created to allow certain traffic types to reach the sites.
Figure 2: Creating Firewall Policy in CSO.
SD-WAN Policies and SLA Profiles
Once reachability was confirmed, I created SD-WAN policies that allowed me to control and monitor applications, define application priorities, WAN links to use, and other options that gave me complete control over and visibility into the network. SLAs were configured and assigned based on application priority and traffic type—for instance, voice vs. best-effort Internet traffic. As shown in Figure 3, customers can define performance thresholds as part of an SLA profile; metrics include throughput, latency, packet loss, jitter, and delay.
Figure 3: Creating SLA Profile in CSO.
Once the SD-WAN policies are deployed, CSO offers a comprehensive overview of applications running in the network. I started three Internet sessions on one site and was amazed to see activity from various different applications, all silently running in the background, start to appear.
Figure 4: Monitoring Applications using CSO.
Link Switchover as Per SLA Definition
One of the main benefits of SD-WAN is the ability to seamlessly move traffic to available WAN links if the primary link is not meeting SLA thresholds. By creating an SLA with a strict latency target, I was able to see traffic move from one link to another without disrupting the impacted application’s performance. Figure 5 shows the switchover event in the site traffic diagram, with details explaining why the event occurred and where the traffic was redirected.
Figure 5: Link Switchover event in CSO.
Running Juniper’s SD-WAN demo in the lab will reinforce anyone’s understanding of the technology and help them recognize the various features available. The solution is agile and fully automated, which facilitates rapid installation and deployment, real-time monitoring with centralized troubleshooting tools, and supports smooth integration of various equipment and software components. Additionally, full-featured and robust routing and switching Junos capabilities, along with complete security suite (SRX/vSRX on carrier-grade x86 NFX250) combined with support for true multitenancy, makes Juniper’s SD-WAN offering a stand out among the industry’s offerings.