AI-driven SD-WAN Accelerates Digital Transformation with an Agile, Efficient, and Resilient Network Solution Brief

Service-Centric Networking Solution Delivers Breakthrough Economics and Simplicity

Download Solution Brief

Challenge

The cloud transforms enterprise traffic flows and the way applications and services are delivered. This presents a variety of performance, security, and availability challenges for enterprise network architects.

 

Solution

AI-driven SD-WAN is an advanced, service-centric solution that takes software-defined routing to a new level. Ideal for today’s digital businesses, it delivers a flexible, application-aware network fabric that meets stringent enterprise performance, security, and availability requirements.

 

Benefits

- Delivers proactive AI-driven operations and support including zero-touch provisioning (ZTP)

- Optimized for user experience: tunnel free, application aware and service centric

- Uses fine-grained QoS controls to efficiently shape and prioritize traffic and enforce different SLAs for different data flows

- Next-gen firewall, IDS/IPS, URL filtering, and zero-trust security

- Scales to 10,000+ nodes with continuous connectivity

- Supports a variety of session optimization and intelligent routing features, including sub- second failovers

- Open and programmable for flexibility, simplicity, and breakthrough economics (lowers CapEx and OpEx)

Businesses are adopting cloud-based applications and services to avoid infrastructure cost and complexity, increase IT agility,

and accelerate digital transformation. According to a 2021 global industry survey, 92 percent of enterprises have a multi-cloud strategy and 80 percent have a hybrid cloud strategy.1

The cloud fundamentally reshapes enterprise traffic flows, introducing a variety of performance, security, and service quality challenges for network planners. Legacy WANs, designed to support traditional enterprise applications and services, aren’t well suited for the cloud-centric world of IT. A modern enterprise requires a modern network—one that is adaptable, application- aware, and designed from the ground up to handle today’s diverse workloads and dynamic data flows.

Juniper® AI-driven SD-WAN is a state-of-the art, service-centric networking solution that eliminates the inherent inefficiencies and cost constraints of traditional WAN products and legacy SD-WAN solutions. The fully software-based solution provides agile, secure, and reliable WAN connectivity with breakthrough economics and simplicity.

Focusing on the user experience, AI-driven SD-WAN is an integral part of Juniper’s AI-driven enterprise, providing client-to-cloud automation with insights and self- driving actions across a full stack of wired, wireless, WAN, and data center (Figure 1).

Security is assured at every point and the network is inherently zero trust. By integrating AI-driven SD-WAN into the Mist AI Cloud, Juniper unifies design, provisioning, and configuration tasks from client to cloud and across all network domains.

 

Figure 1: The AI-driven Enterprise

Figure 1: The AI-driven Enterprise

Figure 2. Traditional vs. Cloud-centric Model

Figure 2. Traditional vs. Cloud-centric Model

The Challenge

The cloud transforms the way businesses deliver applications and services, and fundamentally affects enterprise traffic flows. Historically, most enterprises have hosted applications in corporate data centers. They connected geographically distributed sites over MPLS networks or private WANs, over which they had deep visibility and tight control. Most business- critical application traffic was confined to the enterprise network, where external traffic was typically backhauled and securely handed off to the Internet.

Today, businesses deploy applications and services in public and private clouds (as well as in corporate data centers). And most application traffic is no longer confined to the enterprise. Instead, high volumes of business-critical traffic often flow over best-effort public Internet connections over which the enterprise has minimal visibility and control (Figure 2).

Legacy hub-and-spoke networks, designed to support conventional enterprise applications and traffic flows, can’t accommodate the dynamic workloads and diverse data flows that dominate the modern enterprise. The cloud- centric model of IT introduces a variety of performance, security, and availability requirements for today’s enterprise network architects.

 

Performance

Today’s businesses are powered by a variety of cloud-based applications and services with distinct characteristics and  quality of service (QoS) requirements. Some applications, such as video collaboration solutions, are bandwidth-intensive and delay-sensitive. Other applications, like CRM solutions, are more tolerant of packet loss and latency. Network architects must find ways to prioritize, shape, and efficiently route traffic to deliver the right service-level agreement (SLA) for the right application at the right time.

 

Security

Bad actors can exploit public and private data networks to steal confidential data or disrupt critical IT systems and services. Network planners must introduce strong security systems and practices to protect data privacy, and to defend both enterprise and cloud infrastructure against denial-of-service (DoS) attacks and other threats.

 

Availability

WAN connectivity failures can disrupt critical business applications, impair worker productivity, and impact the bottom line. Planners must ensure continuous access to mission-critical applications and services in the event of link failures or ISP outages.

 

Legacy WAN Solutions Are Inherently Costly and Complex

Conventional networking and security products and legacy SD- WAN solutions are inherently expensive and complicated, and can’t meet the increased price-performance and agility demands of the digital era.

Middlebox Sprawl Is Unmanageable

Many enterprises rely on a collection of independent, special- purpose networking and security products (routers, firewalls, IPS/IDS devices, VPN appliances, etc.). These middleboxes create a variety of operational and logistical issues, including:

  • Long, drawn-out rollouts. Each product is installed and configured individually—a resource-intensive proposition that often requires onsite expertise.
  • Ineffective swivel-chair management. Each device has a unique administrative interface and APIs. Rolling out new applications, expanding network capacity, or troubleshooting problems can be a manually intensive, error-prone proposition involving multiple distinct CLIs or element management systems.
  • Complex logistics. IT teams are often forced to engage multiple vendors for product procurement, support, and maintenance. Product interoperability issues often lead to vendor squabbles and finger-pointing.

 

Legacy SD-WAN Solutions Are Inefficient and Expensive

SD-WAN solutions can help reduce cost and complexity by virtualizing network functions onto common hardware and eliminating middlebox sprawl. But legacy SD-WAN products are still inherently expensive and inefficient. Limitations of legacy SD-WAN solutions include:

  • No service assurances for individual data flows. Legacy SD-WAN solutions tunnel traffic across public Internet connections to protect data privacy. Most place all data flows into a single overlay tunnel, which inhibits traffic classification and management. Since all flows are treated identically, network administrators cannot provide different service assurances for different applications.
  • No visibility into sessions or application data. Because all data flows are encapsulated into a single overlay tunnel, network administrators cannot monitor or troubleshoot individual applications or sessions.
  • Poor bandwidth utilization. Legacy SD-WAN solutions use inefficient, high overhead VPN tunneling protocols like IPsec that squander bandwidth and impair application performance. Tunneling is especially detrimental when data is transported over lower capacity or lossy WAN connections like satellite links.
  • Costly, inefficient redundancy mechanisms. Most SD- WAN products rely on hot-standby tunnels for failover. Backup tunnels are always nailed up, but rarely used—an expensive and wasteful approach.
  • Inefficient service chaining. Most SD-WAN solutions use service chaining to route traffic through multiple virtual network functions (firewall, IPS/IDS, WAN optimizer, etc.). Each virtual network element is instantiated as a unique virtualized network function (VNF), which increases memory and CPU consumption, and requires costly high- density, multicore systems.

 

Juniper AI-driven SD-WAN

AI-driven SD-WAN is an advanced, service-centric networking solution that takes software-defined routing to a new level.

Ideal for today’s digital businesses, it provides agile, secure, and resilient WAN connectivity with breakthrough economics and simplicity for today’s cloud-centric businesses. AI-driven SD- WAN eliminates the inherent inefficiencies and cost constraints of conventional networking products and legacy SD-WAN solutions, reducing bandwidth consumption by 30% or more compared to alternative networking platforms.

The solution delivers a flexible, application-aware network fabric that meets stringent enterprise performance, security, and availability requirements (Figure 3).

 

Figure 3. AI-driven SD-WAN

Figure 3. AI-driven SD-WAN

The Session Smart Routers (SSRs) in AI-driven SD-WAN support many use cases and modernization initiatives, including multi-cloud connectivity, IoT and Managed services. AI-driven SD-WAN forms a service centric fabric that stretches from the edge to the data center to the cloud and beyond. Public cloud support includes AWS, Microsoft Azure, and Google Cloud.

AI-driven SD-WAN optimizes for user experience, with guaranteed application performance, instant failover for all applications (including uninterrupted voice and video calls), and continual insights with recommended actions to assure the highest Service Level Experiences (SLEs). With a 100% deny-by-default approach to networking, AI-driven SD-WAN enforces user-based security policies and application Service Level Agreements (SLAs) applied in real-time.

 

Features and Benefits

Performance

AI-driven SD-WAN supports a variety of session optimization and intelligent routing features to ensure high performance and service quality for diverse applications and services. A highly responsive Session Smart fabric maintains end-to-end context for sessions, tenants and dynamic workloads. The solution scales to thousands of sites with the deployment of services in minutes.

Fine-grained QoS controls let network administrators shape and prioritize traffic to enforce relevant SLAs for all data flows.

Application-aware routing intelligently steers traffic based on administratively defined policies and real-time network conditions, automatically selecting the best network path (MPLS, 4G, Internet) for each application at the right time.

Server load-balancing capabilities automatically distribute workloads across cloud or data center resources to optimize application performance, and a unique lossless application delivery capability boosts WAN bandwidth utilization, helping improve performance over lower-capacity WAN connections.

 

Security

AI-driven SD-WAN provides a deny-by-default approach for zero-trust security. A next generation firewall protects applications and infrastructure against data loss and malicious attacks. Key capabilities include L3/L4 DoS/DDoS protection, adaptive payload encryption, Network Address Translation (NAT) and VPN functionality. A branch security pack includes intrusion detection and prevention (IDS/IPS) along with URL filtering.

The AI-driven SD-WAN’s pioneering Secure Vector Routing (SVR) approach provides strong data security without the overhead of traditional encryption protocols like IPsec (SVR reduces protocol overhead by over 30% when compared to IPsec). The tunnel-free architecture also gives network administrators full visibility into individual traffic flows, so they can efficiently monitor end-to-end sessions, evaluate service quality, and troubleshoot problems.

 

Availability

AI-driven SD-WAN provides continuous connectivity without requiring expensive hot-standby tunnels like alternative solutions. In the event of a link failure or network outage, the solution seamlessly redirects traffic over an alternative path without disrupting sessions or impairing application performance.

In addition, enterprises can use server load-balancing capabilities to distribute workloads across data centers or availability zones to provide business continuity and disaster recovery for mission-critical services.

 

Cost and Complexity

AI-driven SD-WAN is fully software-based for ultimate flexibility and economics. The software runs on any commercial off-the- shelf or white box server platform, eliminating middlebox sprawl. Unlike a traditional service function chaining approach, SSRs perform multiple logical network functions (router, stateful firewall, WAN optimizer, etc.) in a single VNF, significantly reducing CPU and memory requirements.

As a result, the AI-driven SD-WAN software can run on far less expensive servers than legacy SD-WAN solutions. Additionally, enterprises can take advantage of Juniper-branded options such as the SSR120 and SSR130, which provide small and medium branch platforms with multiple WAN link options including LTE.

Integration with Mist Cloud allows customers to onboard their SSR device centrally, by relying on “smart hands” in the field to plug in the device and cause it to automatically provision and come online. Thus, both hardware approaches (off the shelf and branded) support zero-touch provisioning (ZTP) for plug-and-play installation at remote sites with minimal or no IT expertise required.

The following table highlights the key differentiators of AI-driven SD-WAN.

Table 1. AI-driven SD-WAN Differentiators
Requirement Traditional WAN and Legacy SD-WAN AI-driven SD-WAN
Data privacy Tunnel overlays safeguard data privacy, but limit visibility and control. Secure Vector Routing protects data privacy, while enabling granular traffic management and visibility.
Application-specific service assurances Tunnel overlays inhibit traffic management and prevent application-specific SLAs. Fine-grained traffic management and application-aware routing enable application-specific, policy-based SLAs.
Continuous connectivity Idle hot-standby tunnels are costly and inefficient. Multipath session migration provides cost-effective protection against link failures and ISP outages. Server load balancing provides business continuity/disaster recovery for critical applications.
Optimal performance over low-speed links High overhead tunneling protocols squander bandwidth and impair the performance of delay-sensitive applications. Secure Vector Routing minimizes protocol overhead. Lossless application delivery optimizes bandwidth utilization and boosts application performance.
Low-cost remote site platform Special-purpose middleboxes add cost and overhead. Legacy SD-WANs require expensive servers to support multiple dedicated VNFs. Solution consolidates all network functions onto a single VNF that runs on inexpensive commercial off-the-shelf (COTS) or white box servers, or Juniper-branded hardware.
Easy turn-up and operations Each middlebox has distinct CLI/EMS/APIs. Adds/moves/ changes and troubleshooting are manual-intensive, time- consuming, and error-prone. Unified administration, auto-device discovery, and ZTP and upgrades, streamline deployment and management.

 

WAN Assurance

Juniper WAN Assurance is a cloud service that brings AI-powered automation and service levels to the Juniper AI-driven SD-WAN solution. Driven by the power of Mist AI, WAN Assurance simplifies day two operations with insights, proactive anomaly detection and remediation, and automated troubleshooting.

The resultant AIOps allows administrators to understand and improve their users’ experience across the SD-WAN (Figure 4).

With Juniper WAN Assurance:

  • Session Smart Routers, deployed as SD-WAN edge devices, provide rich streaming telemetry needed for WAN health metrics and anomaly detection.
  • Insights derived from telemetry data allows WAN Assurance to compute unique “user minutes” that indicate whether users are having a good experience.
  • This data is leveraged within the Mist Cloud AI engine, driving simpler operations, reducing mean time to repair (MTTR), and providing better visibility into end-user experiences.
  • The Marvis virtual network assistant for WAN allows administrators to ask direct questions such as, “Why is my Zoom call tiling?” or “Why can these users not connect to Teams?” Marvis provides complete insights, correlation, and actions.
  • Marvis actions may include corrections for issues such as application latency conditions, congested WAN circuits or negotiation mismatch, or problems with a host device.

For an example of WAN Assurance in action, see the short explainer video.

 

Figure 4: WAN Assurance Delivers Service Level Experiences for Users

Figure 4: WAN Assurance Delivers Service Level Experiences for Users

Summary: Simplified Service Delivery to Transform WAN Economics

Enterprises must modernize their WAN architectures to support today’s cloud-based applications and services. Traditional networking products and legacy SD-WAN solutions, designed to support conventional enterprise IT architectures and traffic flows, are too costly and complicated for the digital era.

Juniper’s AI-driven SD-WAN solution takes software-defined, distributed routing to the next level, satisfying demanding enterprise performance, resiliency, and security requirements. A tunnel-free architecture, combined with intelligent service- based routing and AIOps, provides end-to-end visibility and granular control over individual data flows, enabling application- specific SLAs with ultimate efficiency.

AI-driven SD-WAN ensures highly secure and reliable WAN connectivity without the cost or performance overhead of traditional VPN tunneling schemes. Integral bandwidth optimization capabilities improve the performance of lower quality WAN links. And persistent multipath routing ensures continuous connectivity in the event of link failures or service outages.

 

Next Steps

To learn how Juniper’s AI-driven SD-WAN solution can help your organization optimize WAN performance and accelerate digital transformation, contact your Juniper account representative or visit www.juniper.net/us/en/solutions/sd- wan.html.

 

About Juniper Networks

At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.

 

3510692 - 003 - EN DECEMBER 2022