SD-WAN

Denis Zotov
Senior Manager, Global SDN/NFV Go-to-market
Recent growth of
SD-WAN
IP-VPN Revenue Declines while SD-WAN Grows exponentially

MPLS IP VPN Revenue Trend SD-WAN Market Size

-5%
$10B Global Revenue for
Business MPLS IPVPN

Global SD-WAN Revenue

$8B
is projected to decline
MPLS Revenue

$6B
-12% Decline in Europe starts
$4B by 2016, with North
$2B America following suit by
2018
$0B
2012 2014 2016 2018 2020 2012 2014 2016 2018 2020
By 2020, SD-WAN
Source: OVUM: IP VPN Services Market Forecast Source: IDC: Cloud and Drive for WAN Efficiencies Power market size is projected
Move to SD-WAN, doc # US41101416, May 2016
to grow to $6B with a
IP VPN Revenue US CAGR of 93%
IP VPN Revenue Western Europe
SD-WAN Market Western Europe
Over 70% of IP VPN capacity is used for Internet Traffic in
average, Ray Mota, CEO ACG Research, November 2016
 Reasons for IPVPN MPLS Revenue decline
Analysts forecast IPVPN revenue decline and SD-WAN growth

Competition Migration to Cloud Growth of SD-WAN

Highly mature market Cloud users leverage 6 Cost savings using
Highly Saturated clouds on average multiple WAN
31% of Enterprises run technologies
IP VPN Prices Fall as
customers demand more over 1k VMs in public Easier with SD-WAN
capacity (*) cloud (**) SD-WAN market will hit
Cloud drives less $6B by 2020 (***)
dependency to IPVPN

* TeleGeograpy Enterprise Network Pricing Service 2015

** RightScale Scale of the Cloud Report 2014
*** IDC: Cloud and Drive for WAN Efficiencies Power Move to SD-WAN, doc # US41101416, May 2016
SD-WAN catalyzes entry of new players into the traditional WAN Value Chain
Value from Networking companies is shared by venture funded SD-WAN startups and by security, virtualization, etc. providers
MSOs are able to enter the value chain by offering enterprise customers a good enough: secure, reliable transport network

Technology Providers Service Providers Enterprises

Networking (Layers 2 & 3):

Complementary Technologies:

Technology Cloud Service Multiple-System

SD-WAN Point
Partners Providers Operator
Solutions

Legend:

Traditional WAN Value Chain

New players in value chain

Implications to Service Providers

Threats Opportunities
SD-WAN Strategies for Service Providers
Do not adopt SD-WAN
Drive efficiency through MPLS automation
Digitalize IP-VPN Service experience
Expect ARPU decline
Options
Integrate SD-WAN with IPVPN MPLS
Integrated IPVPN and SD-WAN platform
Show SP Value with a combined offer De-risk
Incremental number of Services
Sources:
PWC SD-WAN Research for Juniper
Re-sell 3rd party SDWAN
Quick Implementation Short term win
Drive Efficiency through MPLS Automation
Show SP value over vendor
SD-WAN service to grow in enterprise
segments
No existing IPVPN Service
SD-WAN as a strategy to grow Enterprise business
 SPs can tap into new SD-WAN enabled revenue streams to more than offset the
projected decline in MPLS revenue and grow revenue base by $1.3B by 2020
MPLS revenue is
expected to
decline in North
Bundle Higher Value Add-Service Potential new America and
to increase stickiness (e.g. analytics) revenue Western Europe
Provide Cloud based NFV Enabled streams for SPs
Services (e.g. security) (Market Size of SD-WAN enables
Increase Out-of-Region Coverage $2.8B by 2020**)
Service Providers
Manage Interconnects with Cloud Providers to diversify their
Acquire New Customer Segments (e.g. SMB) revenue base and
Hybrid WAN enabled by SD-WAN offset the impact of
as an alternative to MPLS declining MPLS
MPLS
$17.5B revenue
(Developed Markets*)
MPLS $16.2B
Successful SD-
WAN adoption will
enable SPs to
grow net revenue
base by $1.3B
even after
2015 2020 accounting for
Sources:
*OVUM MPLS Global Revenue Forecast projected decline in
(MPLS forecast includes revenue forecast for North America and Western Europe)
**IDC: Communication Service Provider Adoption of SD-WAN
MPLS revenue
Technology and Its Impact to MPLS VPN Services
Juniper SD-WAN Vision and Strategy
Help Service Providers evolve their Managed Services/VPN offering with
Software

Help Service Providers

Augment current Service
enable new revenue
Provider infrastructure
streams
Strategy

Increase operational Increase customer

efficiency retention
JUNIPER SOLUTION
Service Simplicity with Cloud CPE
Application Aware (L7) Security
Local
Branch Application Aware (L7) Routing
Juniper Sky ATP &
Spotlight Secure Service
Centralized Policy Control
SRX Series
Centralized Cloud CPE Secure and Managed VPN
Distributed Cloud CPE
NFX Series

Service Orchestrator/
Controller
Regional
Centralized Management Branch Managed
Campus Automated Service Delivery
Ent.
App

vSRX
OTT
vSRX

VNFs
VPN & POS
Unmanaged
IT and Telco Cloud
Consistency
Juniper Cloud CPE Solution Components
Service Orchestration
Contrail Service Orchestration

Service Orchestration (MANO)

Infrastructure Orchestration Infrastructure Orchestration (VIM & VNF Managers)

Contrail Networking + OpenStack = Contrail Cloud

Telco Cloud
Virtual Network Functions
vSRX and vMX and Third Party VNFs VNFs VNFs VNFs VNFs VNFs

Branch Branch

Universal CPE/CPE Devices

NFX 250 SRX

Internet
Physical Telco-Cloud Infrastructure
QFX Series Switches and MX Series Routers
Centralized Cloud CPE
Self-Service Portal
Contrail Service Orchestration Admin Portal

Contrail Cloud Platform (Infrastructure Orchestration)

Branch

HQ / Campus
VNFs VNFs VNFs
Branch

HQ / Campus
Branch

Internet
Distributed Cloud CPE
Self-Care Portal
Contrail Service Orchestration Admin Portal
Network Service Controller

Contrail Cloud Platform (Infrastructure Orchestration)

Branch

VNFs

HQ / Campus
VNFs VNFs VNFs
Branch

VNFs

HQ / Campus
Branch

VNFs
Internet
 Cloud CPE with SDWAN (MPLS VPN as transit)
SD-WAN framework allows implementation of more intelligence/logic in
software rather than in hardware, enabling increased flexibility and automation
Intelligent Branch

Orch + Controller: Policy-based routing defines how network traffic is prioritized and routed
Analytics and Deep
Application Inspection Analytics provide
visibility into WAN
performance & informs
routing improvements

Application-based
Cloud-based applications
SLAs
Branch Office
MPLS
Telco Services
Centralized Policy
Management Remote Office

INTERNET Enterprise
Cloud Services Data Center
Secure and Managed Non-critical applications
VPN
Campus/Corp Office
SD-WAN Augmenting MPLS and Telco Cloud
SD-WAN Full Overlay SD-WAN Augmenting MPLS

SD-WAN SD-WAN Telco Cloud Data Center

Controller Controller
Customer Portal Customer Portal

MPLS Firewall SD-WAN

VNF VNF
MPLS
Telco Services

LTE
HQ NFX Series SRX Series
INTERNET
Dumb Underlay
Cloud Services
INTERNET
Branch
Open Standards based SD-WAN
Standardize data models for
Device management
VPN management
Overlay Routing
Policy Based Routing SD-WAN Telco Cloud Data Center
SLA measurement Controller
Telemetry/Analytics

Firewall SD-WAN Netconf /

VNF VNF Openconfig for
configuration
MPLS
Telco Services

Standardized
Overlay with P2P, NFX Series SRX Series
Hub/Spoke IpSec, INTERNET BGP for Overlay
Auto VPN, AD-VPN Cloud Services Routing

Standardized
probes: TWAMP
SD-WAN with Application Routing
Single CPE, PE & GW Scenario
Network Service Controller (NSC)

App Route Flow based

Policy ECMP Enabled
For BE

MPLS VPN
GRE
LAN A Backbone LAN B

BE
Existing PE SD-VPN GW

Can be collapsed
Public Network into a single MX
based PE
Customer Premises SP Network

1. Enable iBGP over IPsec and GRE tunnels (Default towards GRE)
2. NSC enables flow based ECMP on SD-VPN GW config template
3. LAN A is advertised as reachable via SD-VPN GW
4. NSC pushes Application Routing policy for BE as chosen by customer to CPE Customer selection via NB SCP API
No propriety data path encapsulation used between CPE and SD-VPN GW
BE Return traffic is automatically matches by SD-VPN GW to IPsec tunnel with flow based ECMP enabled
PE and SD-VPN GW functionality can be collapsed into a single network element on the Juniper MX platform
 SD-WAN - R2.1
Application Routing with vSRX/SRX/NFX
APBR Enhancements Self Care Network
Contrail Service Orchestration Admin Portal
Portal Controller
APBR supports DPI and pattern-matching capabilities
of AppID to identify application traffic or a user
session within an application
Benefits:
APBR allows you to define the routing behavior
based on applications
APBR provides flexible traffic-handling
capabilities with granular control for
forwarding packets based on application
attributes VNFs Managed
Supports 3K+ application signatures Access
Enables exception path routing for SD-WAN GRE MPLS
Application groups for easy policy selections (Web, Core
Gaming, Multimedia etc) NFX/SRX Internet Edge Router SD-VPN
Supported from Junos Release 15.1X49-D60 onwards Branch / (IPsec) (Existing PE device) GW
on SRX/vSRX/NFX Campus Telco POP/ Infrastructure

Distributed Cloud CPE

 Unified Edge Gateway
Whats different? Self Care
Contrail Service Orchestration Admin Portal
Portal
Network
Fully multi-tenant unified SP gateway Controller
for termination of SD-WAN based
services

Scalable hardware based encryption for

high tunnel termination capacity
Managed
VNF
Support flow based symmetrical Access

scalable routing without propriety MPLS

NFX Core
encapsulation mechanisms
Internet
Branch / (IPsec) Unified Edge Gateway
Can easily integrate into existing MPLS Campus POP
(PE)
VPN services with full PE functionality
Distributed Cloud CPE
SIMPLIFY
 Service Delivery Agility: CSO
Contrail Service Orchestration Contrail Service Orchestration

Service Orchestration

Customer Portal Designer Portal Admin Portal

HQ

Branch
Service Delivery Agility: CSO

Network Service Designer Administration Portal Customer Portal

Define services Manage End-to-End Solution Customer Self Care Portal

Enable VNF onboarding Monitor and Troubleshoot Select deployment model
Create service chain template Tenant, Site and Services Self-select Network Services
Manage Workflow, Tenant, Site
Create device profiles Provision and Monitor Services

Network Service Orchestration Network Service Controller Service Infrastructure Monitor

Provide Service Catalog Download and manage Image Monitoring plugin

Manage VNF Lifecycle Configure and manage Device Generate Logs
Create Service Chain Automatically activate device Generate Alarms and Events
and service to Rightful Owner
Configure and customize VNF Trace and Correlate
CSO Service Workflow Automation
End User Portal
3 Authenticate
User Policy
Topology
Customization
Designer NS Instantiate Monitoring
VNF Placement
VNF Onboard
VNF Flavor
VNF Descriptor
NS Design
Admin Portal
Service Graph 1 REST API 2
NS Descriptor Tenant Mgmt
Site Mgmt
Service Config
CATALOG
Contrail Service
Service Template Service Mgmt
Orchestration
Share Resources Catalog Mgmt
Access Control Monitoring
Orchestration Resource Mgmt
4 VM Lifecycle
Service Chain
VNF Lifecycle
VNF VNF

VR VNF VR VNF

VNFs VNF VNF

CPE PE Gateway Internet
VR VNF VR VNF
Public Cloud

Branch, POP or DC
Application Aware SD-WAN

High priority video

MPLS

Internet

Low priority update

(encrypted)
SECURE
 Secure SD-WAN Out of the Box
SD-WAN Building Blocks
Full Application Awareness (L7)

Full User Awareness

Overlays VPNs with IPSec/GRE SD-WAN VNF

3rd Party
Application Performance Monitoring and
Analytics
MPLS
Application Based Policy Routing (L7
encrypted/unencrypted)

Full LAN/WAN Routing and Security NFX Series

Stack (NG-FW, UTM etc.) Internet
Cloud delivered SKY ATP

* = Future
Secure Cloud CPE Platform: NFX/SRX
NFX Series SRX Series

(NFX250 Shown) (SRX1500 Shown)

Router + switch + server providing robust foundation Multipurpose security focused appliances,
to simultaneously deliver virtual services right sized for the need

Automated provisioning and pre-integrated 3rd party

services and applications

SD-WAN | Security | Services | Applications SD-WAN | Security

CPU: Intel Multi-Core Xeon D

System Memory: up to 32 GB DDR4 RAM
SRX T-Put: 500Mbps 10Gbps
System Drive: up to 400 GB SSD
(SRX300 SRX1500 Series)
Service T-Put: 20Gbps
Switch T-Put 88Gbps
Secure Branch
Without Local Breakout With Local Breakout

Non-optimized backhauled traffic

MPLS MPLS

HQ HQ

Branch Branch

Internet Internet

Optimized local break-out traffic

SD-WAN Layered L7 Security

External Internal
Internet Threats Threats

Block access to unapproved sites

Enhanced Web Filtering Real time threat score for each URL
Stops viruses, file-based trojans or spread
Antivirus of spyware, adware, keyloggers
IDP detects/stops Worms, Trojans,
IPS
exploits, shellcode, Scans

SSL Proxy Inspect encrypted traffic

Application level visibility and classification

AppSecure Application security policies tied to user roles
Firewall, VPN, NAT, UserID tied to FW policies
Core Security with User Role FW Allows UserID to apply to all L7 Security
OPEN
 Juniper Cloud CPE ETSI Reference
Multi Service
Solution Components OSS/BSS Monitoring
Orchestration

ETSI/MANO compliant, Os-Ma Automated

Contrail Service
NFV Orchestrator Monitoring
multi-vendor Service, VNF, &
Orchestration System
Infrastructure Description Se-Ma
Interoperable architecture Network Service
Orchestrator Service
CSP CSP EMS 3
Monitoring
Full MANO orchestrator Network Service
Controller
VNF Managers
with Multi-VIM support vSRX vMX VNF 3
Ve-Vnfm VNF
VNFManagers
Manager
(Openstack, Vmware)
NFVI
Modular Cloud Services Virtual Virtual Virtual
platform for 3rd party Computing Storage Network VIM VIM
Infrastructure Orchestrator Monitoring
Integration Virtualisation Layer Contrail SDN Controller JDM/Contrail
Nf-Vi
Vi-Ha

Computing Storage NFV Management and Orchestration

NFX
Hardware Hardware MANO

Juniper Partner
Open End-to-End Architecture
Self Care
Contrail Service Orchestration (Domain Specific) Service Management
Portal

Virtual
Network Services OpenStack VIM Infrastructure
Controller (SD-WAN) Managers (VIM)
CPE VIM / PNE Manager
Contrail Networking Controllers

Open APIs/Protocols
Servers

VNF
Managed
VNF Access

MPLS
Core Internet
NFX250 CPE
Internet MX PE/GW Switches

Branch /Campus Telco Cloud: Central Office / Data Center

Distributed Cloud CPE Centralized Cloud CPE

Third Party Ecosystem

OSS / BSS

IP Table
vSRX
vSRX

vMX

Cisco 1000v

TBA
ROUTING SECURITY THIN CLIENTS
PNF Plugins
Plugins for

3rd Party
Plugins
Other

TBA
THIRD PARTY PNF MANAGEMENT WAN OPTIMIZATION WIRELESS
Juniper Cloud CPE w SD-WAN Why Its Different?

1 Integrated Security Full security suite with Firewall, UTM, Sky ATP etc.

2 Unified SDN Control Full control plane integration with WAN +

Cloud infrastructure

Adherence to open standards not a book-ended solution, easily

3 interoperable with existing SP/Enterprise infrastructure

Full routing/MPLS stack support for BGP/OSPF/IS-IS/MPLS/VRRP, etc.

4 on WAN/LAN

Carrier grade appliance Innovative branch device (NFX) with service chaining
5 support for 3rd party VNFs

E2E management/orchestration Feature rich, fully multi-tenant, horizontally scalable,

6 easy to use orchestration platform
Juniper Cloud CPE Solution
Agile Service Delivery Platform

Simplify

Secure

Open
Thank you