The Juniper Session Smart Router (SSR) powers Juniper’s AI-driven SD-WAN solution that is designed to provide users with exceptional experiences. Built on an application-aware and zero-trust secure network fabric, the SSR meets the most stringent enterprise performance, security, and availability requirements.
The SSR overcomes inherent inefficiencies of conventional solutions with a tunnel-free architecture that enables improved performance, fast deployments, and cost savings. The solution can run on customer premises equipment (CPE), data center network servers, and in the cloud for flexible deployments.
The Session Smart Router can be managed by either the Juniper Session Smart Conductor or the Juniper Mist Cloud. Together, these platforms create a single logical control plane that is highly distributed, and a data plane that is truly session aware. SSR supports a wide range of use cases, including SD-WAN, SD-Branch, Multi-cloud and IoT and can scale from a small branch office to a high-capacity edge router to a hyper-scale, software-defined data center (Figure 1).
The Session Smart Router is a base component that can be paired with either the Juniper Session Smart Conductor or the Juniper Mist cloud. Together, they form a single logical control plane that is highly distributed and a data plane that is truly session aware. They support a range of use cases, including SD-WAN, which can scale from a small branch office to a high-capacity edge router to a hyper-scale, software-defined data center.
Session Smart Router
The Session Smart Router combines a service-centric control plane and a session-aware data plane to offer IP routing, feature-rich policy management, improved visibility, and proactive analytics.
The Session Smart Router also provides native zero-trust security, leveraging hypersegmentation. It also includes several security features:
- Service-centric, tenant-based security architecture: The unique design enables the Session Smart Router to understand sessions and perform vital business operations.
- Zero trust security: The Session Smart Router follows the principle of “deny-by-default,” which uses a series of checkpoints to validate legitimate network traffic.
- Firewall capabilities: The Session Smart Router provides Layer 3/ Layer 4 network firewall functionality.
- IDS/IPS and URL filtering: Intrusion Detection System/Intrusion Prevention System (IDS/IPS) and URL filtering capabilities are available through the Advanced Security Pack.
- Security at its core: The advanced design of the Session Smart Router replaces the traditional routing plane with one built for security from the ground up.
Table 1 details the key features of the Session Smart Router.
|System and Network Services||SNAT/DNAT, Destination NAPT, Shared NAT pool, IPv4/IPv6, DHCP client, DHCP relay, DHCP server, DHCP server extensions, DHCPv6 PD, DNS client, PPPoE, Proxy ARP, NAT traversal, BFD, Inline flow performance monitoring, Extended firewall Pinhole, Path MTU discovery, MSS auto adjust, DSCP based service identification for IPsec|
|Advanced Services||Secure Vector Routing (SVR), Multipoint SVR, IPv6 SVR, Overlapping IP service segmentation, Ethernet over SVR, Application identification|
|Routing||Service based routing, Static routing, BGPv4, BGP Route Reflector, BGP Graceful Restart, BGP over SVR, BGP route map, BGP prefix list, OSPFv2, BGP VRF, OSPF VRF, Services and Topology Exchange Protocol (STEP)|
|Traffic Engineering||Traffic scheduling and shaping, Flow Policing and Shaping, Packet marking (DiffServ), Service rate limiting|
|Network Firewall||Distributed stateful firewall, Distributed and automated access control, Fine-grained segmentation/tenancy, ICSA network firewall certified, ICMP blackhole|
|Application Identification||HTTP/S domain based identification, O365 identification, DNS based identification, Application categorization|
|Analytics||Session metrics, network metrics, LTE metrics, peer path SLA, MOS score, session analytics, SSL/TLS metrics, session IPFIX records|
|Session Encryption||Session Payload Encryption (AES-256, AES-128), Session/Route Authentication (HMAC-SHA1, HMAC-SHA256, HMAC-SHA-256-128), Adaptive encryption, Rekeying, FIPS 140-2 Validated, Enhanced Replay Attack protection, Transport-based encryption|
|Session Management||Path selection, (SLA, MoS, average latency), Load balancing using proportional and hunt, session migration, session duplication, session duplication for non-SVR, session duplication for inter-node links, MOS for VoIP, Path of last resort, session optimization, session reliability, service health learning, service route redundancy|
|Monitoring||Monitoring agent, SNMPv2, Syslog, audit logs|
|Management and Remote access||GUI, CLI, REST, Remote access over SVR (LTE), Upgrade rollback, Zero Touch Provisioning, Remote service packet capture, User-defined configuration templates, Role based access control|
|AAA||Local registry, LDAP|
|Interface options||Ethernet, LTE Support including Dual LTE and Dual SIM, T1|
|Platforms||Bare metal x86 server, KVM, VMWare ESXi, OpenStack, AWS, Azure, Google Cloud|
Session Smart Conductor
The Session Smart Conductor is a centralized management and policy engine that provides orchestration, administration, zero-touch provisioning (ZTP), monitoring, and analytics for distributed Session Smart Routers—while maintaining a network-wide, multi-tenant service, and policy data model. Session Smart Conductor features multiple, flexible deployment models, from on-premises to private or public cloud.
Juniper Mist™ WAN Assurance and AI-Driven Operations
Alternatively, Session Smart Routers can be operated and orchestrated through the Juniper Mist Cloud. Mist AI delivers unprecedented automation using a combination of artificial intelligence, machine learning algorithms, and data sciences techniques to save time, maximize IT productivity, and deliver the best experience to digital users.
Juniper Mist WAN Assurance is built on the Mist AI Cloud and delivers full life cycle management and operations, including AI-driven insights, anomaly detection, and root cause identification that focuses on end users’ experience. For Day-0 and Day-1 operations, WAN Assurance also provides orchestration, administration, and ZTP for Session Smart Routers. See the WAN Assurance Datasheet for more information.
Platform Options for the Session Smart Router
SSR100 and SSR1000 Series Appliances
The SSR Series of appliances provide the hardware foundation for the Juniper AI-Driven SD-WAN solution:
- The SSR100 line includes small and medium branch platform to support SD-WAN in distributed locations
- The SSR1000 line includes platforms for large branch, and small, medium, large and x-large data center and campus deployments
Deployment Locations are shown in Table 2, along with links to the relevant datasheets for more information.
|Appliance||Suggested Location||Max Throughput (Unencrypted)||Relevant Datasheet|
|SSR120||Small Branch||1.5 Gbps||SSR100 Line of Routers|
|SSR130||Medium Branch||2 Gbps (Line rate on ports)|
|SSR1200||Large Branch or Small Data Center / Campus||10 Gbps||SSR1000 Line of Routers|
|SSR1300||Medium Data Center / Campus||20 Gbps (Max. throughput on NIC)|
|SSR1400||Large Data Center / Campus||40 Gbps|
|SSR1500||Extra Large Data Center / Campus||50 Gbps (Max. throughput on NIC)|
The hardware datasheets provide standard specifications such as interface options, number of interfaces, encrypted throughput, memory and hard drive capacity, etc.
Juniper Certified White Box Platforms
Juniper Networks publishes a list of platforms that are certified to run the Session Smart Router. Deployment options are shown in Table 3.
|Bare metal||1-2 Gbps||4C ATOM/8GB RAM|
|2-4 Gbps||8C ATOM/16GB RAM|
|10-20 Gbps||8C XEON/32GB RAM|
|10-20 Gbps||12C XEON/128GB RAM|
|80-100 Gbps||22C XEON/256GB RAM|
Additional information can be found at SSR Certified Hardware Documentation.
Juniper NFX Series Network Services Platforms
The Session Smart Router can run as a virtual network function (VNF) using VirtIO and SRIOV network virtualization technologies on the following NFX Series platforms (Table 4).
|NFX 150||4C VNF||VirtIO||1170 Mb/s||200 Mbps|
|4C VNF||SRIOV||1800 Mb/s||210 Mbps|
|NFX 250||4C VNF||SRIOV||4000 Mb/s||370 Mbps|
|NFX 350||4C VNF||SRIOV||4500 Mb/s||460 Mbps|
|8C VNF||SRIOV||4500 Mb/s||1710 Mbps|
Public Cloud Providers
The Session Smart Router can run as an instance on Amazon Web Services (AWS) and Microsoft Azure.
Platform Options for the Session Smart Conductor
Juniper Certified White-Box Platforms
The Session Smart Conductor can run on bare metal. The recommended hardware sizing depends on the number of Session Smart Routers managed by the Session Smart Conductor (Table 5).
|Deployment||Number of Managed Routers||Recommended hardware|
|Bare Metal||1-20||2C XEON/8GB RAM|
|20-50||4C XEON/8GB RAM|
|50-200||8C XEON/16GB RAM|
|200-1000||12C XEON/32GB RAM|
|1000-2000||16C XEON/64GB RAM|
Public Cloud Providers
The Session Smart Conductor can run on all major public cloud providers: AWS, Google Cloud, and Azure.
Juniper Service and Support
Juniper ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net.
About Juniper Networks
At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.
1000703 - 005 - EN APRIL 2023