Juniper Session Smart Router

The Juniper Session Smart Router (SSR) is a software-based networking solution that serves as the foundation of Juniper's AI-native SD-WAN. Unlike traditional routers that simply forward packets based on IP addresses, the SSR is session-aware and application-aware. It understands the context of an entire session—like a video conference or a cloud application—and makes intelligent routing decisions to ensure optimal performance, security, and reliability.

The SSR's primary differentiator is its patented, tunnel-free architecture that replaces the complexity and overhead of traditional tunnels with a simplified, intelligent routing fabric. This approach eliminates latency, improves bandwidth efficiency, and significantly reduces the need for manual configuration. As a result, the SSR enables a high-performing, secure, and cost-effective network that is managed centrally from the Juniper Mist cloud.

Session Smart Routing provides a variety of benefits by fundamentally changing how traffic is routed and managed. Unlike traditional networking that relies on complex, inefficient tunnels, Session Smart Routing is designed to be agile, secure, and user-centric.

Key benefits of Session Smart Routing

• Breakthrough economics: The tunnel-free architecture significantly reduces overhead, leading to a 30-50% reduction in bandwidth consumption and up to a 75% reduction in headend infrastructure costs
• Superior user experience: By eliminating tunnels and understanding the context of an application, Session Smart Routing ensures low latency and high performance for critical applications like voice and video, resulting in a better experience for end users
• Inherent Zero Trust security: Security is built into the fabric of the network. The router operates on a deny-by-default, Zero Trust model, where all traffic is authenticated and encrypted at the session layer, eliminating security vulnerabilities common in other solutions
• Operational simplicity: The software-defined, tunnel-free architecture and centralized management simplify network design, deployment, and daily operations, freeing up IT teams from managing complex tunnels and configurations
• Proactive visibility and control: The solution provides deep, session-based insights that are far richer than traditional packet-based solutions, providing visibility that allows administrators to proactively manage and optimize application performance based on real-time network conditions

A session-aware network is a network that can recognize, understand, and manage the full context of a network "session" rather than treating each packet as an isolated piece of data. While traditional routers operate on a packet-by-packet basis, a session-aware network views traffic as a continuous, end-to-end stream of information.

This approach provides a more intelligent and dynamic way to route traffic. Instead of simply forwarding packets based on IP addresses, a session-aware router, like Juniper's SSR, understands the specific application, the user's identity, and the security policies associated with the session.

A session-aware network is able to: 

• Make smarter decisions: It can apply different routing policies, prioritize critical applications (like video conferencing), and optimize paths based on real-time network conditions
• Enhance security: Because the router understands the session's context, it can enforce a Zero Trust security model by ensuring only authorized sessions are allowed to use specific paths or resources
• Improve performance: By treating all packets of a session as a single unit and routing them along the same path, it eliminates issues like out-of-order packet delivery and reduces latency
• Simplify management: This intelligence enables centralized, policy-driven automation, eliminating the need for complex, manual configurations for every device and application

Tunneling protocols’ core function of encapsulating and encrypting every packet creates significant performance overhead. This is due to the additional data (headers and trailers) added to each packet, which can be up to 60 bytes or more. This overhead reduces the usable bandwidth, making the network less efficient. This can lead to packet fragmentation if the packet size exceeds the network's maximum transmission unit (MTU), which further increases latency and degrades performance (see: “badput”).

IPsec is notoriously complex to configure and manage, especially in large, distributed networks. It requires meticulous manual configuration of Security Associations (SAs) and the negotiation of numerous cryptographic parameters, including keys, algorithms, and protocols. Mismatched settings between two endpoints can prevent a tunnel from forming, leading to difficult and time-consuming troubleshooting. This complexity is often a major barrier to scalability and automation.

Tunnels are typically configured on a point-to-point basis. For a hub-and-spoke network with many branches, this requires the head-end router to maintain thousands of individual tunnels, each with its own state and keys. This "spaghetti" of tunnels creates a management nightmare and strains the processing power of the central gateway. Furthermore, adding new locations or creating a full mesh of tunnels requires a significant amount of manual effort and can be operationally unfeasible as the network grows.

Tunnels operate at the network layer and are unaware of the applications running over the tunnel. It treats all traffic equally and simply encrypts and forwards packets without understanding their context. This lack of application awareness prevents intelligent traffic steering or prioritization, which is crucial for ensuring a high-quality user experience for real-time applications like voice and video.

Tunnel-free routing provides a modern, more efficient approach to networking by eliminating the complexity and overhead of traditional tunnels. This results in superior application performance, lower latency, and a reduction in both bandwidth consumption and infrastructure costs. By building security directly into the routing fabric, it also simplifies operations and enables a robust Zero Trust model.

Yes, the Session Smart Router encrypts traffic. Additionally, it offers an adaptive encryption feature that avoids “double encrypting” already encrypted traffic. By some estimates, up to 95% of network traffic is already encrypted, and double encrypting traffic, which often occurs in tunneled environments, is costly and can hinder network performance.

Juniper’s tunnel-free Session Smart Routing is inherently Zero Trust secure with deny-by-default access policies. Session Smart Routing has built-in NGFW functionality, such as intrusion detection and prevention (IDP), URL filtering, and antivirus. It is also FIPS 140-2 certified and PCI and HIPAA compliant.

The SSR is a software-based solution that can run on dedicated Juniper hardware (SSR series), customer premises equipment (CPE), data center network servers, or in the public cloud, providing ultimate deployment flexibility. See the Session Smart Router datasheet to learn more.

Small- and medium-sized businesses, enterprises, telecommunications providers, and managed service provides looking to modernize their network infrastructure and improve IT and end user experiences should all consider using the Juniper Session Smart Router.

The Session Smart™ Router (SSR) is a highly versatile and flexible solution with a wide range of use cases that go beyond traditional routing. Its unique architecture makes it a powerful tool for organizations looking to modernize their networks.

Key use cases for the Session Smart Router include:

• SD-WAN deployment: The SSR is the core of Juniper's AI-native SD-WAN solution. Its tunnel-free design and application-aware routing are ideal for enterprises with a distributed network of branch offices, allowing them to optimize performance for applications, simplify management, and reduce costs
• Cloud connectivity and migration: The SSR simplifies connecting to multicloud environments like AWS, Azure, and Google Cloud. It can be deployed as a virtual network function (VNF) in the cloud, streamlining cloud migrations and ensuring consistent, secure connectivity between on-premises locations and the cloud
• Secure, software-defined branch (SD-Branch): As part of a "Branch-in-a-Box" solution, the SSR consolidates and secures all branch networking functions. This use case is particularly valuable for retail, healthcare, and other industries with many distributed locations that need a simple, secure, and unified platform
• Network security: The SSR's built-in Zero Trust security model and deny-by-default policy make it a powerful tool for enhancing network security. It is used to create secure, policy-based network segmentation and protect against the lateral movement of threats
• Network modernization: The SSR is an excellent choice for a complete router refresh. It allows organizations to replace outdated, complex, and inefficient legacy routers with a modern, software-based solution that is more scalable, agile, and cost-effective

For help with the Session Smart Router, view our Session Smart Router documentation, take a training course, or join our SD-WAN community. We also offer deployment services. Read the SD-WAN Deployment Services datasheet for deployment information.