Transcription
TOP-TO-BOTTOM BRANCHAND WAN MANAGEMENTWITH CONTRAIL SD-WANNov 13th, 2019Tony Sarathchandra – Product Management, Director 2019 Juniper NetworksJuniper Business Use Only
CONFIDENTIALITY AND LEGAL NOTICEThis material contains information that is confidential and proprietary to Juniper Networks, Inc. Recipient may notdistribute, copy, or repeat information in the document without a signed non-disclosure agreement (NDA).Any statements of product direction contained in this presentation sets forth Juniper Networks’ current intention and issubject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any featureor functionality depicted in this presentation.Copyright 2019 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, Junos,and NXTWORK are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All othertrademarks, service marks, registered marks, or registered service marks are the property of their respective owners.Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right tochange, modify, transfer, or otherwise revise this publication without notice. 2019 Juniper NetworksJuniper Business Use Only
AGENDA 2018 Juniper Networks SD-WAN Market Trends AI-Driven Enterprise Contrail SD-WAN Overview Customers & Use Cases Q&AJuniper Business Use Only
Key Enterprise Customer triggers for SD-WAN 2018 Juniper NetworksJuniper Business Use Only4
SD-WAN Market Trends 2018 Juniper NetworksJuniper Business Use Only5
AI-Driven EnterpriseSingle architecture with presentation layer by market segmentAI FoundationDataDataScienceOpen APIsArtificialIntelligenceMarvis DomainExpertiseCloudManagementOpen APIsJunos Extension ToolkitStreaming TelemetryCloud ServicesWired & Wi-FiAssuranceMarvisVirtual AssistantWi-Fi 2018 Juniper iper Business Use curity
Easy Out-of-The-Box ANCE Day 0 configuration Day 1 deploying Day 2-365 Operating Day 2-365 Operating Branch creation workflow Device phone home Topology view Network wide image Campus creation workflow Zero touch provisioning Router status Extensible day 2 Multi-factor authentication Switch status Security policy updates Easy factory reset AP status Config backup & restore Template based Contextual cross launchconfiguration changesusing templates.onboarding 2018 Juniper Networksupgrades SecurityJuniper Business Use Only7
Cloud Service Architecture HighlightsMicroservices Container based design Independently deployed &scaled Service level autoscaling/healing 2018 Juniper NetworksAuto-scaling Hierarchical servicesdesign Scales across multipleregionsOpen APIs REST API for 3rd partyOSS/BSS Flexible south boundAPIs includingNetconf/YANGJuniper Business Use OnlyMulti Tenant Ideal for MSPs or resellers On-premises or IaaSdeployment
Journey to the AI-Driven EnterpriseJuniper Vision for AI-Driven EnterpriseSD-Campus & -Branch - Wired & Wireless - WAN & LANCorporate HQSD-BranchEnterprise BranchHybrid-WAN & SD-WANEnterprise BranchMist Wi-Fi APsSecure RouterEnterprise BranchvSRX virtual endpointLTESRX Series secure CPEs 2018 Juniper NetworksEX Series Access SwitchesLTESRX Series secure CPEsLTENFX Series universal CPEJuniper Business Use OnlyMX and SRX Series Securegateways and hubsEX Series Agg/Core SwitchesAI engine(Marvis)
Contrail SD-WAN 2018 Juniper NetworksJuniper Business Use Only
Contrail SD-WAN for Enterprise Campus & BranchCloud-managed Contrail SD-WANLAN & WLAN devicesWAN Edge DevicesorContrail SD-WANContrail Service Orchestration (SDN)vSRXWANxLTEMist Wi-Fi APsNFX Series universal CPEWi-FiEX Series Ethernet SwitchesDedicated,MPLSJuniper or provider managed aaSLTESRX Series Services GatewaySecure CPEsBroadband,InternetSecure SD-LAN and SD-WANWireless,4G/LTEMX/SRX WAN Hubs for large topologiesEnterprise or SP hub gatewaysvSRX Virtual Firewallcloud-WAN endpointLegacy andxDSLCampus and BranchEnterprise SitesPrivate Clouds,Data CentersEnterprise Sites 2018 Juniper NetworksSaaS ApplicationsPrivate or SP’sWAN backboneJuniper Business Use OnlyIaaS, PaaS:VPCs for cloud-native appsPublic CloudSaaS FW passthrough
Contrail SD-WAN Cloud Service – Available NowSecurity & PrivacyCloud based mgmt/control withon-prem data plane separationSLAMulti-TenancyTwo-tier multi-tenancy for bothenterprises and MSP99.9% monthly uptime, JTAC24x7 availability monitoringWE BUILD ITWE RUN ITResiliency &RedundancyTier 1 global cloudinfrastructure provider w/multiple availability zones Disaster RecoveryComplianceOnline daily backupsSOC compliantAccessible anywhere by webMulti-tenant, HA, Scalable 2019 Juniper Networks ScaleHorizontal scale for 100s oftenants with 1000s ofendpoints per tenantSecure: data traffic stays on customernetworkJuniper Business Use Only Monthly software / features updatesLower Capex/Opex
Primary Use CasesContrail SD-WAN/SD-LANCSO ControllerBRANCH SITESStandalone NGFWEX2300/3400/43001SRX3XX/550M/1500/4X00Mist AP61/43/41/21Mist AP61/43/41/21SD-WAN CPEEX2300/3400/43002InternetHybrid WAN S1EX2300/3400/4300 2019 Juniper NetworksServers /ApplicationsHQ / Campus / POP3rd party CPE/FWStandalone Switch3EXMX240/480/960*NFX150/250Mist AP61/43/41/21SD-WAN HubJuniper Business Use Only
Contrail SD-WAN Features At A GlanceSD-WAN AND -BRANCHSECURITYINFRASTRUCTURE Dynamic Application PathSelection based on SLA L7 Firewall Redundancy at branch/CPE Static/Preferred ApplicationPath Selection Web Filtering Redundancy at Gateway/Hub Content Filtering Secure and Resilient OAM Antivirus Backup and Restore Antispam Redundancy at Orchestrator Flexible Internet Breakouts User Firewall Scale of endpoints/devices Hub and spoke topology Zone-based Firewall Site to Site VPN topology – Fullmesh / Partial mesh SSL Forward Proxy On-premise as well as Clouddelivery model Network Segmentation Integration with third-partycloud security e.g. Zscaler Application Quality ofExperience MPLS/Internet/LTE/xDSL links Backup link Default link IPS/IDS NAT – Static, Destination,SourceEnterprise critical featuresSP critical featuresUSEABILITY Open APIs for northboundintegration Zero touch provisioning ofdevices Reporting – email/recurrencefor SD-WAN and Security Custom Roles andobject-based RBAC Audit logs Multi-tenancy at orchestrator Alarms and Alerts Multi-tenancy at gateway/hub SLA Performance Monitoring Integration with existingIP/VPN infrastructure Security Events Monitoring Application Visibility Portal rebranding andcustomization SD-WAN CPE in public cloud Third-party VNF onboardingtools Third-party VNF service chain LAN/WLAN Integration Dashboard summary widgets Topology monitoring view 2019 Juniper NetworksJuniper Business Use Only
Flexible Dynamic Meshed SD-WANFEATURE SUPPORT Contrail SD-WAN/SD-LANCSO ControllerDynamic mesh for site-to-site linksUser-defined mesh tags on WAN linksMesh with different underlay typesToggle switch to enable full/partial meshDial for resource managementMonitoring and VisualizationEnterprise HUBCustomer Benefits: Support mesh between different underlaytypes Site-to-site tunnels based on link capacity Geo-based meshing Increased Dual CPE site availabilityDeptGatewayHQ SiteProvider HubPath APath APath AMultiple mesh tagsDeptDeptDeptSite 1Site 2Site 3tagtagKPI: Session close rate 2019 Juniper NetworksIP VPNDeptJuniper Business Use OnlyPath BTags: Gold, Silver, Bronze
Provider & Enterprise SD-WAN Hub SupportUSE CASEIP VPN Multi-tenant Provider Hub inPOPs/Colos Gateway/Peering to MPLSCloudHUBServiceProviderHUB Tenant Specific Enterprise Hubin DC/HQ Contrail SD-WAN/SD-LANCSO ControllerDeptsStatic Enterprise Hub MeshLAN side OSPF/BGP supportDefault route leak for DC AppsLifecycle Management of HubSRX4100/4200 cluster supportOSPFDeptsDeptsCloud HUBEnterpriseHubCloud HUBEnterpriseHub Multiple SP/Enterprise HubsupportCustomer Benefits: Built-in failover and HA Scale with multiple Hubs 2019 Juniper NetworksDeptDeptDeptDeptSite 1Site 2Site 3Site 4Juniper Business Use OnlyApplicationroutesEnterpriseDC
SD-WAN Meshing With Regional Enterprise HubsBranchInternetEnterprise Hub 1Fully MeshedSitesPartially MeshedSites withOn-demandSite-to-siteINTERNETMPLSEnterprise Hub 2MPLS 2019 Juniper NetworksEnterprise Hub 3Enterprise Hub 4Region/PoP 2Region/PoP 1Juniper Business Use Only
Comprehensive Application Based SD-WANApp ID Contrail SD-WANsupports more than4200 applicationsignatures includingLync, Skype,WebEx and MSTeams The signatures areregularly updated CSO offers easy UIbutton to installlatest signatures onto the devices Supports userdefined customsignatures 2019 Juniper NetworksJuniper Business Use Only19
Real Time Optimized Mode Performance MetricsApp QOEReal-time Optimized mode Performance Metrics include: Two way latency (RTT)Ingress jitterEgress jitterTwo way jitterPacket loss %Metrics are measured at both application level and path levelApplication traffic to be probed is determined by Applicationselection in SLA Profile Application sessions are chosen (based on sampling percentage config)for passive probingActive probes are performed on all candidate links The probes try to mimic traffic behavior for the application (bycarrying similar DSCP value, packet sizes, burst count, etc) 2019 Juniper NetworksJuniper Business Use Only
Flexible SD-WAN Application Breakout OptionsBREAKOUT FEATURESIP VPNBreakout capability, failover, redundancy Intuitive Intent-based Breakout policySite Local Internet BreakoutDept Local Internet BreakoutApplication Local Internet breakoutZscaler Internet BreakoutCentral Breakout on HubCentral Zscaler Breakout3. Hub Breakout Internet IPVPNDeptsServiceCloud HUBProvider HUBPath ACustomer Benefits: Granular control of trafficSite level control of breakoutsRedundant breakout path for link failure 2019 Juniper Networks2. Central Internet Breakout Application Department InternetDeptsEnterpriseHub1. Local Breakout Application Department Internet ZscalerPath BPath BPath BEnterpriseDCPath APath APath ADeptDeptDeptSite 1Site 2Site 3Juniper Business Use OnlyLocal BreakoutZscaler BreakoutLocal BreakoutZscaler BreakoutInternet BreakoutZBO
Network Segmentation And DepartmentsBREAKOUT FEATURES Isolate departmental traffic with NetworkSegmentationLAN side OSPF on Enterprise HubAutomatically leak DC routes to all Spokes 25 Network Segments Separate policy controls on eachsegment Special DC Department on HubLAN 2019 Juniper NetworksDeptContrail SD-WAN/SD-LANCSO ControllerP-HubDepartment 1 VRFDepartment 1 VRFDepartment 2 VRF Department 2 VRF Department 25 VRFDepartment 25 VRFData Center VRFSpokeEnterpriseHubBranchHQJuniper Business Use OnlyOSPF/BGPEnterpriseDC
User Application Firewall ControlsContrail SD-WAN/SD-LANCSO ControllerEnterpriseAD Server P2P apps blockedFinance YouTube allowed Anti-virus appliedSales P2P, YouTube blockedInternet /Intranet Anti-virus appliedSD-WAN CPE or GatewayCEO No apps blocked Anti-virus appliedAllows different users to have different application policies based on their role and group 2019 Juniper NetworksJuniper Business Use Only
Unified Threat Management With SD-WANANTI-VIRUS Protection from top-tierAV partner Reputation-enhancedcapabilities 2019 Juniper NetworksANTI-SPAMWEB FILTERING Multilayered spamprotection Block malicious URLs Protection against APTs Prevent lostproductivityJuniper Business Use OnlyCONTENT FILTERING Filter out extraneous ormalicious content Maintain bandwidth foressential traffic
Contrail SD-WAN With AWSCloud-managed Contrail SDWANVPCYour campus and branch officesYour remote OfficesContrail automated setup of spoke site: Choose AWS region Choose AWS VPC Choose or create AWS subnet Download and run CloudFormationtemplate which does the work Activate spoke site 2019 Juniper NetworksJuniper Business Use OnlyVPCYour AWS regions and AZsVPCVPCYour future AWS Outposts
Multi-tenancy & Multi-departments With SD-WANLevel 0 – SP AdminService Provider(Available for on-prem deployment only)Level 1 – Operating CompanyOperating Company B (MSP 2)Operating Company (MSP 1)Level 2 – TenantTenant BTenant ATenant DTenant CLevel 3 – XXDept200Dept201Dept2XXVRF 2VRF NVRF 1VRF 2VRF Ni.e. Corp Intranet /Guest WifiVRF 1VRF 2VRF NVRF 1LAN 1 LAN 2LAN 3LAN NLAN 1 LAN 2 LAN 12LAN NMultiple departments per CPE with per department security policies 2019 Juniper NetworksSite 3 / CPE 3Site 2 / CPE 2Site 1 / CPE 1Juniper Business Use OnlyLAN 1 LAN 2LAN 3LAN N
WAN Edge Portfolio: 10 SRX Models, 3 NFX Models,vSRXSRX SERIESSRX300s, SRX550M, SRX1500, SRX4x00sBroad SRX portfolio from 100Mbps to 95Gbps#1NFX150, NFX250, NFX350Industry-leader in universal CPE market shareIndustry First: Active-active clustering of 2 NFX devices for double the reliability and connectionLTEvSRXGlobal coverage Dual-SIM LTE with active-passive auto-failover 2019 Juniper NetworksNFX SERIESJuniper Business Use OnlyAutomated lifecycle management and policy for AWSAzure and GCP compatible
From SD-BRANCH to SD-ENTERPRISEBranchCampusVNFsEXSeriesEX AccessAccess SeriesLTEContrail ServiceOrchestration (CSO)EVPN-VXLANCoreNFX Series Universal X Series CPEESI-LAGAccessSRX Series CPEEX Access Series3PP Secure RouterEnterprise BranchRetailK12 SchoolEnterpriseHQUniversityGovernmentCloud Delivered and On-Premise 2018 Juniper NetworksJuniper Business Use Only28
SD-LAN DifferentiationPre-provision or Auto-provisionSwitch Operations and MonitoringVirtual ChassisNetwork Access ControlMist Wireless Systems Integration 2018 Juniper NetworksJuniper Business Use Only29
SD-LAN Product PortfolioCSO 5.0.1 (Now)EX2300EX2300 MPEX3400EX4600EX4650EX4300EX4300 MPAccessFixed PowerMultigigabit 2018 Juniper NetworksModular PowerMultigigabit / PoE EX9250EX9200Distribution / Core10/40GbE10/25/100GbEJuniper Business Use Only100/40/10GbE100/40/10GbEModularPlatform
Operations and MonitoringNew in5.0.2Feature Support Switchoperationaldashboard Visual monitoringof device, ports,VLAN, users,system health,port utilizationNew in5.0.2Customer Benefit Single paneworkflow forswitch operationsand monitoring 2018 Juniper NetworksJuniper Business Use Only31
SD-LAN for Branch/Campus EvolutionUse CaseKey RequirementTechnology/ArchitectureMedium EnterpriseUp to 2000 users / 5000portsUp to 150 accessswitchesCollapsed Fabric, Access layer,EX4600/EX4650 Dist/Agg / ESILAG – Tier 2SD-WANSRXxxxCustomer BenefitsIP Fabric for CampusCampus builder Automation w/ CSOEX46xxEX46xx1Programmable and open2 standard-based 3OPERATEDay w/2 –controlConfigplane-basedONBOARDL2/L3 connectivitylearningMAINTAINESI-LAG, IPUpgrade,Fabric/EVPNRMA,Scalable basedon eshootNetwork segmentationinside and across multiple campusesDay 1 - ZTPESI- LAG(10GE)ESI- LAG(10GE) MAC address mobility 2018 Juniper NetworksJuniper Business Use Only33
CSO/Mist Integrated WI-FI AP MonitoringFeature Support Mist AP device inventoryview in CSO Automatic AP to sitemapping Seamless cross-launchof Mist AP WLANmonitoring via CSOCustomer Benefit Best of fixed andwireless workflows 2018 Juniper NetworksJuniper Business Use Only34
Federated ManagementSingle data pipeline and engine for AIMarvisAI engineContrailService OrchestrationMist CloudAPI FederatedSD-WAN EdgeWired LANContrail LAN fabric managementWireless Access EdgeWired LAN management and assuranceUI portal-to-portal contextual pass throughWAN and Wi-Fi ambidextrous management intercepts the LAN in the middle. 2019 Juniper NetworksJuniper Business Use Only
Customers & Use Cases 2019 Juniper NetworksJuniper Business Use Only
Contrail SD-WAN Customers & PartnersJuniper’s cloud-managed Contrail SD-WAN has been a gamechanger. As Australasia’s largest end-to-end bakery-ingredients supplier, we neededa solution that could bridge boundaries across over 1300 employees and more than 20 manufacturing sites, mills, offices and distributioncenters, all while also simplifying operations. Contrail offered that strong value proposition, and more. With Contrail, we can now manage allour branch offices, private and public clouds from a single platform – while also being able to seamlessly manage advanced functionality suchas zero-touch provisioning, security policies, or even service-level agreements at a granular application level.John Khoury , CIO, Allied Pinnacle 2019 Juniper NetworksJuniper Business Use Only
IBM Cloud Managed Network SD-WAN Service 2019 Juniper NetworksJuniper Business Use Only
Key Elements of IBM’s Network SD-WAN service2Cloud based, multi-tenancyOrchestration and Management, SDWAN ControllerSD-WAN Cloud Gateways3Virtualized Network Function CPE14Extensive set of managed VNF’s15Network Service Operations Center15Orchestration andmanagement toolsIBM Global Technology Services (GTS) networking service operationcenter (NOC)CSO 4.01Enterprisedata centerSecure Overlaymanagement423VNFService Provider NetworksvSRX Routing,firewall and SD WAN,WAN /345Or NFX150,NFX2501WAN2SRX SD WANGatewayWAN1Amazon, Google,IBM Bluemix,Office 365, SalesforceHubHub1 Virtualized functions are optional and not included as part of base offering 2019 Juniper NetworksSRX SD WANGatewayJuniper Business Use OnlyCloud servicesInternet,Internet ofthigs (IoT)
VODAFONE SD-WAN DEPLOYMENTOn-demand network, combining SD-WAN with integrated multi-vendor functions Efficiency: hybrid networks, reducedhardware, on-demand, MPLS interworkingCombining our networks with SDN/NFVPolicy Basedcontrol Reliability: app policy based, E2E SLAs andvisibility, range of site topologies, vCPE within-built 4G and vFW as standard Agility: self-adjust speeds and settings,HQ/Large SiteCloudConnectVPN SD-WAN NFVCloud Providers‘best of breed’ cloud providers and VNFsInternetMPLSInternet4G4G Global coverage: 75 country direct, 182indirect. Local and global product variants.MPLS4GMedium siteBranch/Small siteRemote sitesCentrally automated, application aware, Ready Network 2019 Juniper NetworksJuniper Business Use Only
VODAFONE SD-WAN :THE FUTURE-READY SOFTWARE-DEFINED ed-connectivity/ready-network/sd-wanScan me 2019 Juniper NetworksJuniper Business Use Only
Financials ServicesNational GovernmentsDefense and MilitaryOver 1,000,000 Branch SRXs DeployedRetail Chains 2019 Juniper NetworksManaged Service ProvidersJuniper Business Use OnlyDistributed Enterprises42
DEMOS ONLINE15 FEATURES IN 15 MINUTES:juniper.net/sdwan-playlistmore at juniper.net/sd-wan 2019 Juniper NetworksJuniper Business Use Only
FREE TRIAL AND TOURSD-WANmore at juniper.net/sd-wan or juniper.net/try 2019 Juniper NetworksJuniper Business Use Only
Q & A? 2019 Juniper NetworksJuniper Business Use Only
THANK YOU 2019 Juniper NetworksJuniper Business Use Only
NFX Series universal CPE LTE vSRX WANx Mist Wi-Fi APs EX Series Ethernet Switches LAN & WLAN devices WAN Edge Devices Contrail Service Orchestration (SDN) SaaS FW passthrough MX/SRX WAN Hubs for large topologies Enterprise or SP hub gateways Wi-Fi Dedicated, MPLS Broadband, Internet Wireless, 4G/LTE Legacy and xDSL
