Product
Juniper Session Smart Router
In the era of cloud and distributed applications, traditional routers and complex, tunnel-based SD-WANs (software-defined wide area networks) are a bottleneck. They add unnecessary overhead, increase latency, and create operational silos.
The Juniper Session Smart™ Router (SSR) revolutionizes the WAN by replacing this legacy approach with a simple, intelligent, and secure networking fabric built for the modern enterprise. Powering Juniper’s AI-native SD-WAN solution, the SSR is more than just a router—it’s the cornerstone of your AI-native network. Its unique, tunnel-free architecture is powered by Session Smart™ technology that builds on a Zero Trust foundation. Instead of using inefficient tunnels to route packets, the SSR establishes a secure, session-based fabric that understands every application and user. This fundamental difference delivers breakthrough economics and a superior experience conventional solutions simply can’t match.
The Juniper SSR delivers breakthrough benefits by fundamentally changing how the network operates. Its unique tunnel-free architecture provides a direct path for sessions, which not only enhances application performance and reduces latency, but also simplifies network operations by eliminating the complexity of managing IPsec tunnels. This agile, session-based routing fabric is built on a deny-by-default Zero Trust model that ensures unwavering security from within while AI-native management streamlines everything from deployment to day-to-day operations. Ultimately, the SSR leads to significant cost savings and a lower total cost of ownership.
Seagate to Leverage Juniper Networks' AI-Native Enterprise Solutions
Seagate Technology® has selected Juniper’s full stack AI-native enterprise portfolio to support its evolving business needs. The Juniper solution, driven by Marvis AI and the cloud, offers Seagate proactive automation and unique client-to-cloud insight, as well as optimized performance and cost savings in key areas of their IT infrastructure.
The Case for AI in SD-WAN
Why “goodput” matters
Resource center
Technical Documentation
Webinars
Analyst Reports
Videos
White Papers
Solution Briefs
Additional Resources
Juniper Session Smart Router FAQs
What is the Session Smart Router?
The Juniper Session Smart Router (SSR) is a software-based networking solution that serves as the foundation of Juniper's AI-native SD-WAN. Unlike traditional routers that simply forward packets based on IP addresses, the SSR is session-aware and application-aware. It understands the context of an entire session—like a video conference or a cloud application—and makes intelligent routing decisions to ensure optimal performance, security, and reliability.
The SSR's primary differentiator is its patented, tunnel-free architecture that replaces the complexity and overhead of traditional tunnels with a simplified, intelligent routing fabric. This approach eliminates latency, improves bandwidth efficiency, and significantly reduces the need for manual configuration. As a result, the SSR enables a high-performing, secure, and cost-effective network that is managed centrally from the Juniper Mist cloud.
What are the benefits of Session Smart Routing?
Session Smart Routing provides a variety of benefits by fundamentally changing how traffic is routed and managed. Unlike traditional networking that relies on complex, inefficient tunnels, Session Smart Routing is designed to be agile, secure, and user-centric.
Key benefits of Session Smart Routing
- Breakthrough economics: The tunnel-free architecture significantly reduces overhead, leading to a 30-50% reduction in bandwidth consumption and up to a 75% reduction in headend infrastructure costs
- Superior user experience: By eliminating tunnels and understanding the context of an application, Session Smart Routing ensures low latency and high performance for critical applications like voice and video, resulting in a better experience for end users
- Inherent Zero Trust security: Security is built into the fabric of the network. The router operates on a deny-by-default, Zero Trust model, where all traffic is authenticated and encrypted at the session layer, eliminating security vulnerabilities common in other solutions
- Operational simplicity: The software-defined, tunnel-free architecture and centralized management simplify network design, deployment, and daily operations, freeing up IT teams from managing complex tunnels and configurations
- Proactive visibility and control: The solution provides deep, session-based insights that are far richer than traditional packet-based solutions, providing visibility that allows administrators to proactively manage and optimize application performance based on real-time network conditions
What is a session-aware network?
A session-aware network is a network that can recognize, understand, and manage the full context of a network "session" rather than treating each packet as an isolated piece of data. While traditional routers operate on a packet-by-packet basis, a session-aware network views traffic as a continuous, end-to-end stream of information.
This approach provides a more intelligent and dynamic way to route traffic. Instead of simply forwarding packets based on IP addresses, a session-aware router, like Juniper's SSR, understands the specific application, the user's identity, and the security policies associated with the session.
What are the benefits of a session-aware network?
A session-aware network is able to:
- Make smarter decisions: It can apply different routing policies, prioritize critical applications (like video conferencing), and optimize paths based on real-time network conditions
- Enhance security: Because the router understands the session's context, it can enforce a Zero Trust security model by ensuring only authorized sessions are allowed to use specific paths or resources
- Improve performance: By treating all packets of a session as a single unit and routing them along the same path, it eliminates issues like out-of-order packet delivery and reduces latency
- Simplify management: This intelligence enables centralized, policy-driven automation, eliminating the need for complex, manual configurations for every device and application
What are the limitations of tunneling protocols like IPsec?
Tunneling protocols’ core function of encapsulating and encrypting every packet creates significant performance overhead. This is due to the additional data (headers and trailers) added to each packet, which can be up to 60 bytes or more. This overhead reduces the usable bandwidth, making the network less efficient. This can lead to packet fragmentation if the packet size exceeds the network's maximum transmission unit (MTU), which further increases latency and degrades performance (see: “badput”).
IPsec is notoriously complex to configure and manage, especially in large, distributed networks. It requires meticulous manual configuration of Security Associations (SAs) and the negotiation of numerous cryptographic parameters, including keys, algorithms, and protocols. Mismatched settings between two endpoints can prevent a tunnel from forming, leading to difficult and time-consuming troubleshooting. This complexity is often a major barrier to scalability and automation.
Tunnels are typically configured on a point-to-point basis. For a hub-and-spoke network with many branches, this requires the head-end router to maintain thousands of individual tunnels, each with its own state and keys. This "spaghetti" of tunnels creates a management nightmare and strains the processing power of the central gateway. Furthermore, adding new locations or creating a full mesh of tunnels requires a significant amount of manual effort and can be operationally unfeasible as the network grows.
Tunnels operate at the network layer and are unaware of the applications running over the tunnel. It treats all traffic equally and simply encrypts and forwards packets without understanding their context. This lack of application awareness prevents intelligent traffic steering or prioritization, which is crucial for ensuring a high-quality user experience for real-time applications like voice and video.
What are the benefits of tunnel-free routing?
Tunnel-free routing provides a modern, more efficient approach to networking by eliminating the complexity and overhead of traditional tunnels. This results in superior application performance, lower latency, and a reduction in both bandwidth consumption and infrastructure costs. By building security directly into the routing fabric, it also simplifies operations and enables a robust Zero Trust model.
Does the Session Smart Router encrypt traffic?
Yes, the Session Smart Router encrypts traffic. Additionally, it offers an adaptive encryption feature that avoids “double encrypting” already encrypted traffic. By some estimates, up to 95% of network traffic is already encrypted, and double encrypting traffic, which often occurs in tunneled environments, is costly and can hinder network performance.
What security features does the Session Smart Router have?
Juniper’s tunnel-free Session Smart Routing is inherently Zero Trust secure with deny-by-default access policies. Session Smart Routing has built-in NGFW functionality, such as intrusion detection and prevention (IDP), URL filtering, and antivirus. It is also FIPS 140-2 certified and PCI and HIPAA compliant.
What are the deployment options for the Session Smart Router?
The SSR is a software-based solution that can run on dedicated Juniper hardware (SSR series), customer premises equipment (CPE), data center network servers, or in the public cloud, providing ultimate deployment flexibility. See the Session Smart Router datasheet to learn more.
Who should use the Juniper Session Smart Router?
Small- and medium-sized businesses, enterprises, telecommunications providers, and managed service provides looking to modernize their network infrastructure and improve IT and end user experiences should all consider using the Juniper Session Smart Router.
What are the use cases for the Session Smart Router?
The Session Smart™ Router (SSR) is a highly versatile and flexible solution with a wide range of use cases that go beyond traditional routing. Its unique architecture makes it a powerful tool for organizations looking to modernize their networks.
Key use cases for the Session Smart Router include:
- SD-WAN deployment: The SSR is the core of Juniper's AI-native SD-WAN solution. Its tunnel-free design and application-aware routing are ideal for enterprises with a distributed network of branch offices, allowing them to optimize performance for applications, simplify management, and reduce costs
- Cloud connectivity and migration: The SSR simplifies connecting to multicloud environments like AWS, Azure, and Google Cloud. It can be deployed as a virtual network function (VNF) in the cloud, streamlining cloud migrations and ensuring consistent, secure connectivity between on-premises locations and the cloud
- Secure, software-defined branch (SD-Branch): As part of a "Branch-in-a-Box" solution, the SSR consolidates and secures all branch networking functions. This use case is particularly valuable for retail, healthcare, and other industries with many distributed locations that need a simple, secure, and unified platform
- Network security: The SSR's built-in Zero Trust security model and deny-by-default policy make it a powerful tool for enhancing network security. It is used to create secure, policy-based network segmentation and protect against the lateral movement of threats
- Network modernization: The SSR is an excellent choice for a complete router refresh. It allows organizations to replace outdated, complex, and inefficient legacy routers with a modern, software-based solution that is more scalable, agile, and cost-effective
Where can I get help with the Session Smart Router?
For help with the Session Smart Router, view our Session Smart Router documentation, take a training course, or join our SD-WAN community. We also offer deployment services. Read the SD-WAN Deployment Services datasheet for deployment information.