Netmanias recently had an interview via email with Mr. Wayne Cheung, Product Marketing Director at Juniper Networks. We want to thank him for letting us have this amazing opportunity to hear Juniper Networks SD-WAN from him.
Netmanias: What do you think the differences - from the enterprise perspective - between operator's managed SD-WAN services and enterprise DIY (enterprise's building and managing the SD-WAN network itself) are? Wayne Cheung:
From the enterprise perspective:
Operator’s managed SD-WAN services
• OPEX mode
• Quick time to market
• Completely outsource the WAN, CPE and VNF services to SP. Require minimal resources from enterprise to manage the solution
• Framed service package from SP (relatively inflexible comparing with DIY approach)
• Suitable for SME and Medium enterprise
• Reduce risk, consistency of global deployment
• 24x7 support services, upgrades, long term planning
Enterprise DIY
• CAPEX mode (unless this was a SaaS offer, which this does not cover)
• Long time to market as it takes time to evaluate, test and implement the solution
• Need to subscribe IP VPN or Internet link from SP separately. The advantage is they will not be locked in by particular SP.
• Require trained staff to evaluate, operate and maintain the solution
• Suitable for large Enterprise who has strong technical team
• The solution could be built based on the enterprise’s need.
• Self integration for additional VNFs – can customize
Netmanias: Please let me know Juniper Networks SD-WAN architectures and components for enterprise and for operator (architecture diagram, component description, data path, control path).
Wayne Cheung: We have the same set of solution for SP and Enterprise. The major different is SP will prefer to have the Hub locate in their PoC and leverage the MPLS link backhaul to enterprise HQ. While enterprise DIY approach will be completely overlay.
The solution includes:
- Contrail Service Orchestration as ETSI MANO and VNF Manager
- NFX250 or SRX300 series as CPE
- vSRX as VNF running on x86 capable CPE
- MX or SRX as Hub for VPN termination, but since our IPSec is open, we can integrate to existing terminations
Netmanias: What are the key technical requirements that operators asked for SD-WAN?
Wayne Cheung:
- Open and flexible platform to evolve their solution based on local market need
- 3PP VNF support
- SP can onboard 3PP VNF and customize their service package
- Security based solution as security is very key in SD-WAN
- Application Visibility, Performance Monitoring/Reporting and Dynamic Path Selection
- Integrated security management
- Unified platform for virtual managed services beyond SD-WAN
- Full and robust routing stack
- Carrier grade universal CPE device
- Multi-tenant control
Netmanias: What are the key technical requirements that enterprises asked for SD-WAN?
Wayne Cheung: Similar to SP solution requirement (subset).
Netmanias: What makes Juniper SD-WAN solutions different from those from others like Velocloud, Viptela, Silver Peak, Nuage, etc?
Wayne Cheung:
• Juniper Cloud Services – SD-WAN solution provide completely open architecture. Our solution components include CSO as MANO and VNF Manager, NFX250 and SRX300 series as CPE, vSRX as security VNF (FW, UTM, etc) and Application Based Routing component and MX and QFX as underlay network infrastructure.
• Customer has choice to select E2E solution from Juniper or just pick what they need from us.
• The beauty of this approach is customer will not be locked in by particular vendor but have a choice to pick what they need based on the market response.
• Also, our solution is security based SD-WAN solution. Based on the market research, 70 – 80% of SD-WAN/Cloud CPE VNF requirement are focus on security (FW, NAT, UTM, etc.) Having a security based solution ensure you can fulfill most of the market requirement with our basic solution. On the other hand, customer can deploy the preintegrated 3PP VNF (e.g. SilverPeak WAN Op, Riverbed Steelhead WAN Op, etc.) to fit their market need. In addition, customer is able to onboard the 3PP VNF with our tools. Therefore, the innovation is unlimited.
Netmanias: It seems both “open” and “E2E” seems strong point to Juniper. What is the meaning of “Open”, “E2E” Juniper saying in detail? / What are adventages of “Open”, “E2E”?.
Wayne Cheung:
Open: Juniper offers a platform for integrations of 3rd party VNFs and into new/existing OSS/BSS systems. This is critical for adding new services or vendor choices that enterprise customers require and for operational integration into the SP environments. As a result the platform removes vendor lock-in giving the SP and their customers greater choices.
E2E: ensures deployment flexibility of the VNFs. With dynamic service chaining of uCPE VNFs with Cloud hosted VNFs, the services can be deployed E2E to ensure the best experiences for the customer. The complexisities of dynamic service chaining is hidden through centralized cloud orchestration to facilitated the life cycle managed of E2E service delivery.
Netmanias: Compare to SD-WAN specific competitors, Juniper can leverage various cutomer’s service chain could be possible on premise end (“Distributed Cloud CPE”) as well as “Telco Cloud : Centeral Office / Data Cetner” end as above. Could you please explain more on this or describe the image in detail?
Wayne Cheung: The differentiation is that Juniper’s SDWAN can run on either a Branch SRX or a uCPE NFX250 with vSRX. Both options combine security, full stack of routing and SD-WAN all into one. With our standards based IPSec approach, Juniper can integrated into the carrier’s existing gateways for IPSec. This removes the need to deploy additional infrastructure to handle IPSec for the SD-WAN data and handle multi-tenant data flows.
Netmanias: “Without propriety encapsulation” could be competitive point. Again, this is “Open” related. It should be strong point to Juniper. On the other hand, SD-WAN Competitors are doing Proprietary encap (proprietary tag: timestamp, sequence number,...).
Wayne Cheung: This is a key point combined with a full stack of routing capabilities that is proven. The key point is that insertion of SD-WAN is often into an existing environment, not a rip and replace. There are existing requirements and infrastructure. Having an open and proven routing stack and IPSec capability ensure ease of integration and reduce new elements to deploy SD-WAN.
Netmanias: In case of SD-WAN competitor usually says "Enterprise-Grade SD-WAN", on the other hand, Juniper seek for "Carrier-Grade SD-WAN". Could you please explain more on this?
Wayne Cheung: Key points on this are scalability options, high performance, integrated security, multi-tenancy (same platform to managed multiple clients), RBAC for levels of administrative rights, open, ease of deployment with zero touch and robust /proven routing stack for high availability. These are all key factors for a scalable and profitable SP SD-WAN service which are the key differentiation points from an Enterprise grade service.
Netmanias: We believe there can be many architectures of SD-WAN topologies. Let’s think of a simple SD-WAN solution for an enterprise which has branch offices and a HQ or enterprise datacenter. This will give us two options as seen below:
When an enterprise wants to build SD-WAN, which options are usually selected? Maybe option 1?
Wayne Cheung: Usually, it is option 1. The reason is when enterprise want to DIY their own SD-WAN, they prefer to build independent of particular SP.
Netmanias: What about when an ‘operator’ wants to build a Managed SD-WAN service network? Which option is usually used?
Wayne Cheung: On the other hand, SP prefer to architect the solution with option 2. The reason is SP still wants to leverage their MPLS network to provide value to enterprise customers. Also, it will increase stickness comparing with overlay approach.
Netmanias: What are the pros and cons of the two architectures presented in Figure 2?
Wayne Cheung:
Option 1
Overlay does not require integration with traditional network.
Enterprises have more control to customize.
Option 2
Traditionally enterprise are subscribing IP VPN services or managed CPE services from SP. This approach will enable enterprise to migrate to SDWAN easily. They can also have choice to keep certain sites/branches to use the traditional IP VPN and managed CPE services.
Netmanias: Some think SD-WAN solutions are complementary goods for MPLS, but others believe they are substitutional goods for MPLS. What’s Juniper Networks’ stance on that?
Wayne Cheung: While we can support both, the integration with MPLS/IPSec VPN is the model we see customers adopting more.
Netmanias: Please explain Juniper SD-WAN deployment scenario or use case.
Wayne Cheung: This is a KEY point in that real world deployment of SD-WAN has use cases and a vendors solution to fit into the real world scenarios shows flexibility and increased solutions for the customer.
SDWAN with IP/MPLS – this model fits into SP with existing MPLS services to the enterprise. This formulates the Hybrid based model so Enterprises can choose which traffic rides over MPLS and which over the Internet.
SD-WAN branch with single internet is the case where the company may have MPLS services, but some hub sites may only be on the internet. This model allows those remote offices to merge into the MPLS network using an IPSec SD-WAN solution to merge on.
Dual is similar, but using multiple connections – one path merges into MPLS, the other has direct routes to a cloud based service over the Internet – without the need to merge into the MPLS traffic. The appl policies of SD-WAN allow for these decision points.
|