Ensure Performance and Efficiency with AI-Native SD-WAN Solution Brief

SD-WANs have three primary components:

1. Application-based routing for prioritizing critical traffic

2. Multiple circuits with high availability and automatic failover

3. Centralized orchestration

These capabilities are generally implemented with IPsec tunnels, which present many limitations:

• They suffer from performance impact due to unnecessary overhead
• They often take too long to failover, causing further performance reduction
• They are complex to set up and maintain

Juniper^® SD-WAN, driven by Mist AI, is a state-of-the art, service-centric networking solution that eliminates the inherent inefficiencies and cost constraints of traditional WAN products and legacy SD-WAN solutions. This fully software-based solution enables reliable, high-performance connectivity, simplifies management with automation and AI-native insights, and is inherently “zero trust” secure (Figure 2).

Juniper Session Smart^™ Routing provides the basis for this unique SD-WAN solution—its tunnel-free architecture is built to deliver zero trust security and the highest performance in the market. The solution includes a deny-by-default access policy, which provides greater security than tunneling solutions, without the performance and scaling limitations.

Tunneling solutions add 30 to 50% additional bandwidth overhead per packet. Session Smart Routing uniquely routes sessions rather than packets, without the use of tunnels. Session Smart Routing also reduces costs and optimizes network traffic flows.⁴ (Read Session Intelligence in a Tunnel-Free SD-WAN and Why Session Awareness Matters for more details.)

Finally, AI-Native SD-WAN is centrally managed from the Juniper Mist^™ Cloud, which provides unmatched agility and visibility as well as automation for faster deployments and AI insights to speed troubleshooting.

Focusing on the user experience, AI-Native SD-WAN provides client-to-cloud automation with insights and self-driving actions across the full stack of wireless, wired, and WAN domains.

Key features and benefits of AI-Native SD-WAN include:

• Higher performance: Tunnel-free session-intelligent routing provides improved bandwidth efficiency and instant failover. Additional benefits are also realized for cloud connectivity, differentiated services, and fast failover.
• Greater operational efficiency: Day 0/1 operations include Zero-Touch Provisioning (ZTP), automation, and flexible templating for massive scale. Day 2/2+ operations include sophisticated AI-powered insights for faster troubleshooting.
• Full stack branch capabilities: When integrated with wired and wireless LANs, AI-Native SD-WAN provides an SD-Branch solution, with unified client-to-cloud management. Operators enjoy end-to-end visibility through a microservices-based cloud for maximum agility.
• Heightened security: Robust security features include Zero Trust, IDS/IPS, URL filtering, and SASE support.

AI-Native SD-WAN provides numerous unique benefits to distributed enterprises of all sizes and in all industries.

AI-Native SD-WAN provides huge throughput gains by removing the overhead of tunnel headers, and replacing them with a more effective and lightweight design for a major increase in user payload (goodput) transmission (Figure 3).

Depending on the application, there are big savings over IPsec and VXLAN-based networking schemes. Packet size is also a factor; for instance, for small voice packets, the savings can be much higher.

AI-Native SD-WAN ensures highly secure and reliable WAN connectivity without the cost or performance overhead of traditional VPN tunneling schemes. Integral bandwidth optimization capabilities improve the performance of lower quality WAN links. The largest scale deployment of Session Smart Routers in an SD-WAN installation is 10,000+ sites.

Finally, the QoS toolset in Session Smart Routing enables differentiated services along with features such as subsecond failover, prioritization, shaping, duplication, and error correction across the network. (Read Session Smart Networking: How it Works for more details.)

AI-Native SD-WAN provides automation and service levels to the SD-WAN solution. This improves operational efficiencies from Day 0/1 operations to Day 2 and beyond.

AI-Native SD-WAN supports ZTP for plug-and-play installation at remote sites with little or no IT expertise required. IT teams can onboard, configure, and deploy Session Smart Routers with ZTP and realize easy onboarding using claim codes.

This is accomplished with simple templating for rapid scale deployments. Established configurations can be applied to multiple sites—Session Smart Routers will then be onboarded and configured.

Juniper SSR Series Routers are purpose-built, high-performance platforms. Specifications are detailed in the following datasheets, which also identify the usual locations (branches, campuses, and data centers) where these routers would be installed:

• SSR 100 Line of Routers
• SSR 1000 Line of Routers

Juniper Mist WAN Assurance and the Marvis^™ Virtual Network Assistant ensure that customers can understand and improve their users’ experience throughout the distributed enterprise (Figure 4).

The analytics for WAN Assurance enable the lowest possible mean time to repair (MTTR) for any issues in the WAN. Marvis includes a conversational AI interface (with ChatGPT support) to solve issues anywhere in the network, providing insights and remediations for devices, users, and applications (Figure 5).

Marvis Actions (Figure 6) helps drive operational simplicity and transform IT from reactive troubleshooting to proactive remediation.

Marvis offers a high-level view that delivers visibility into network issues at an organizational level, so administrators know exactly what they need to prioritize. As sites get added, Marvis Actions scales with ease: no additional setup is required.

Marvis uses advanced natural language processing (NLP) to understand user intent and goals. It contextualizes inquiries to return specific results and takes automated actions to remediate errors. Deployments report an 85% reduction in operational costs.⁵

These AI-based efficiencies bring further benefits and cost savings by reducing truck rolls, and cloud-based management ensures that enterprises have less on-premises equipment, yielding considerable sustainability benefits.

With the benefits of WAN Assurance and Session Smart Routing, AI-Native SD-WAN intelligently connects all branch offices (including home microbranches) to locations where the most critical business assets are held, whether a corporate data center or a public cloud, multiple clouds, or cloud service applications (Figure 7).

Built on a common microservices cloud architecture, Mist AI provides real-time insights into user experiences and assured service levels into the WAN, wired, and wireless networking domains.

This full-stack solution comprises Juniper Networks SD-Branch, which includes AI-Native SD-WAN, switching, Wi-Fi, indoor location, and enhanced security—all delivered by the Juniper Mist Cloud.

Security is assured at every point and the network is inherently zero trust with AI-Native SD-WAN’s deny-by-default approach to session access. Security capabilities also include unique encryption and authentication keys, custom traffic engineering parameters, and tight access control at the individual session level.

AI-Native SD-WAN also offers a flexible way to segment and isolate traffic, allowing administrators to apply different profiles based on the application or service that the session contains. Further fine tuning of content access is provided by a Juniper Advanced Security Pack that includes Intrusion Detection and Prevention (IDP) and URL filtering. The full set of security features in AI-Native SD-WAN is shown in Figure 8.

When combined with cloud infrastructure via Secure Service Edge (SSE) functionality, Mist AI provides the basis for a full SASE solution. This includes SSE functionality such as Firewall as a Service (FWaaS), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and Secure Web Gateway (SWG).

Secure Edge Connectors enable seamless integrations from Juniper AI-Native SD-WAN to any SSE. They make it easy to offload traffic from a Session Smart Router to an SSE. Administrators simply input corresponding information (such as pre-shared key and hostname/IP address) in the Juniper Mist Cloud and in the SSE to create secure edge connections.

With this robust security, enterprises can seamlessly transition to a cloud-delivered, single-stack architecture, securing their workforce wherever they are and delivering optimal user experiences. For more information, see Session Smart Routing Security Capabilities at-a-Glance.

Traditional SD-WAN solutions support only baseline functionality for traffic prioritization, path selection, and management. This is inadequate to address modern WAN requirements such as multicloud and AI-based remediation.

AI-Native SD-WAN eclipses these solutions with a tunnel-free architecture, combined with intelligent service-based routing and AIOps. Network administrators and the ops team gain end-to-end visibility and granular control over individual data flows, and can create application-specific SLAs for maximum efficiency.

The solution provides industry-leading performance, high availability, and differentiated services. Key efficiencies are the function of ZTP for Day 0/1 operations and WAN Assurance for Day 2/2+ operations.

AI-Native SD-WAN is a major component of Juniper’s SD-Branch solution for full-stack support in the wired, wireless, and WAN domains, enabling a complete AI-native enterprise. Individual domains for an SD-Branch may be added at any time, with no change to existing deployments.

Security is built in from the ground up with AI-Native SD-WAN, beginning with deny-by-default access for a zero-trust environment. Advanced security features include IDS/IPS and URL filtering, while SSE Connectors enable SASE support.    

For implementation examples of AI-Native SD-WAN, see our case studies highlighting Seagate, Messho, and Granite Telecommunications.

To learn more about Juniper’s AI-Native SD-WAN, contact your Juniper account representative or visit Juniper.net/sd-wan. Juniper also provides a Weekly Mist AI Demo, allowing you to see the AI-Native SD-WAN (and AI-Native Enterprise) in action.

Finally, you can experience firsthand how to perform many of these tasks by setting up an account at manage.mist.com and following the tutorials. Ask your account representative to help you get started.

Juniper Networks believes that connectivity is not the same as experiencing a great connection. Juniper's AI-Native Networking Platform is built from the ground up to leverage AI to deliver the best and most secure user experiences from the edge to the data center and cloud. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on X (Twitter), LinkedIn, and Facebook.

• Mist AI and Cloud
• Session Smart Router

• Client to Cloud Assurance with an AI-Native Enterprise
• Session Intelligence in a Tunnel-Free SD-WAN
• AI-Native SD-WAN Secures Cloud-Era Networks

• (ESG) Bringing it All Together: Managing SD-WAN with Campus and Branch Networks

• AI-Native SD-WAN and Session Smart Networking Explainer
• Simplified: AI-Native SD-WAN with Session Smart

3510816 - 001 - EN MARCH 2024