Juniper® Validated Design
JVD Test Report Brief: WAN Edge with the Session Smart Router
Introduction
This test report brief contains qualification test report data for the WAN Edge for SSR Juniper Validated Design (JVD). Juniper Mist WAN Assurance is a cloud-managed solution designed to optimize and simplify Wide Area Network (WAN) operations. It is part of Juniper Mist's AI-Native networking platform, providing high performance tunnel-free forwarding, enhanced AI operations, and automation for WAN management. The network links providing site to datacenter, cloud, and public connectivity paths are joined by WAN edge devices to form the fabric of the WAN. The WAN edges are transformed with Juniper's AI-driven SD-WAN solution and act as distributed policy enforcement points managed centrally from the cloud. Juniper Mist WAN Assurance solves many of the legacy SD-WAN solutions' security, monitoring, and troubleshooting challenges. Integrate Juniper Mist Wired Assurance, Juniper Mist Wireless Assurance, and now Juniper Mist WAN Assurance into a unified Mist AI dashboard to streamline deployment, monitoring, and troubleshooting across your network. Juniper Mist WAN Assurance securely connects branch offices with Juniper® Session Smart™™™ Routers as WAN edges.
Test Topology
Figure 1 depicts the Juniper Mist WAN Assurance Test Topology, illustrating a low-level network setup. The topology includes various Juniper devices such as EX4400-48MXP, SSR130-b, SSR120-b, SSR1500-d, SSR1500-b, SSR1500-a, and qfx5100, connected to different spokes (Spoke 1, Spoke 2, Spoke 3) and hubs (Hub 1, Hub 2). The setup also incorporates wireless clients/testers, IXIA testers, and connections to the Internet and Mist Cloud, with Juniper Secure Edge also indicated.
Performance Data
Tables 1-4 present performance data for platforms tested during initial qualification. For detailed information on supported platforms and OS versions, refer to the Validated Platforms and Software section in the JVD document.
Table 1: SSR120 Performance - CPS Method
| Test Case | Platform | Parameter | CPS | Throughput | CPU | Memory |
| LBO HTTP Performance | SSR120 | HTTP 44KB | 900 CPS | 326 Mbps | 26% | |
| LBO HTTP Performance w/ security features (IDP) | SSR120 | HTTP 44KB | 70 CPS | 25.361 Mbps | 40% | |
| Overlay HTTP Performance | SSR120 | HTTP 44KB | 1000 CPS | 362.3 Mbps | 25% | 57% |
| Overlay HTTP Performance w/ security features (IDP) | SSR120 | HTTP 44KB | Feature disabled |
Table 2: SSR130 Performance - CPS Method
| Test Case | Platform | Parameter | CPS | Throughput | CPU | Memory |
| LBO HTTP Performance | SSR130 | HTTP 44KB | 650 CPS | 235 Mbps | 40% | |
| LBO HTTP Performance w/ security features (IDP) | SSR130 | HTTP 44KB | 70 CPS | 25.229 Mbps | 40% | 87% |
| Overlay HTTP Performance | SSR130 | HTTP 44KB | 1000 CPS | 361.004 Mbps | 10% | |
| Overlay HTTP Performance w/ security features (IDP) | SSR130 | HTTP 44KB | Feature disabled |
Table 3: SSR120 Performance - Web-Server/Client VM Single Flow
| Test Case | Platform | Parameter | Throughput |
| LBO HTTP Performance | SSR120 | HTTP 1 GB file | 840 Mbps |
| LBO HTTP Performance w/ security features (IDP) | SSR120 | HTTP 1 GB file | 795 Mbps |
| Overlay HTTP Performance | SSR120 | HTTP 1 GB file | 473 Mbps |
Table 4: SSR130 Performance - Web-Server/Client VM Single Flow
| Test Case | Platform | Parameter | Throughput |
| LBO HTTP Performance | SSR130 | HTTP 1 GB file | 896 Mbps |
| LBO HTTP Performance w/ security features (IDP) | SSR130 | HTTP 1 GB file | 808 Mbps |
| Overlay HTTP Performance | SSR130 | HTTP 1 GB file | 474 Mbps |
NOTE:
- HTTP44KB[GET+PUT] CPS Method is used for test the performance numbers.
- SSR is in SA mode.
- Spoke and Hub are managed/configured from Juniper Mist.
- Ixia IxLoad is used for Traffic generator.
Single flow performance testing was conducted by downloading a 1G file via a simple web server and Linux- based client and server VMs.
Version Qualification History
This JVD has been qualified in Junos OS Release Junos 23.2R2 and SSR Firmware 6.3.3-40.r2.
High Level Features Tested
General options and features include BGP, IPv4, LLDP, LACP, LAG, VLAN (802.1q), ARP, DNS, NTP, DHCP-Server/Proxy, L2-Switches, Virtual Chassis, and access point. WAN configuration & management covers Smart Session Routing, SD-WAN, HA-Cluster, Mist Cloud-based Management, and IPsec NAT-T for Cloud offload.
Tests Executed:
- Testing was performed and passed on all five major topologies:
- Base SD-WAN topology with 3 Spokes and 2 Hubs
- Extended topology with hub overlay and BGP peering (also with DC to DC BGP Peering)
- High-availability hub-and-spoke using SSR chassis cluster pairs topology
- Full-stack topology with Juniper EX Switch and Juniper Mist AP
- Extended full-stack topology with Juniper EX Switch as Virtual Chassis and SSR HA cluster
- WAN link-related features:
- Multiple WAN links
- MTU
- Auto-negotiation
- Interface static IP
- Interface DHCP IP
- WAN source-NAT interface
- WAN SLES
- Failover when WAN link interface was lost
- LAN link-related features:
- VLAN tagging
- DHCP server
- DHCP relay
- Multiple LANs on same interface (trunk)
- IEEE 802.3ad LAG with active LACP
- Using force-up option on one interface for EX Series Switch behind zero-touch provisioning (ZTP).
- VPN overlay features:
- Spoke-to-hub overlay
- Hub-to-spoke overlay
- Spoke-to-spoke overlay (through hub)
- Hub-to-hub overlays
- Traffic steering and forwarding features:
- Central breakout at hub
- Local breakout at spoke
- Static route at spoke
- BGP route at hub
- Failover when remote peer is unavailable (SVR internal BFD to remote)
- Failover when WAN links no longer meet SLA (latency, jitter, and packet loss)
- Secure Edge Connector-JSE
- Application policy features:
- Source-attached LAN
- Source non-attached user
- Various applications as defined in the next section
- IDP-enabled
- Imported organization application policies
- Applications are defined using the following parameters:
- Applications defined by IP prefixes
- Applications defined by protocol and port
- Applications defined by DNS-FQDN
- Applications defined by predefined app
- Applications defined by app categories
- Redundancy and high availability options:
- Two or more independent hubs with failover at spoke
- Chassis clustered hub
- Chassis clustered spoke
- Hub redundancy using hub overlay
- Interface redundancy (VRRP)
- Security features:
- Application Tracking (AppTrack)
- Web filtering
- URL Subcategory
- IDP engine service chaining
- Secure Edge Connector
- General options and features:
- EX Series Switch behind a Session Smart Router as WAN router
- Juniper AP behind EX Series Switch
- Site variables
- Application path visibility
- WAN edge insights
Traffic Profile
- Traffic test between clients attached to LAN-Interface of Spoke 1-3 and clients attached to LAN-Interface Of Hub1 and Hub2
- Traffic test between clients attached to LAN-Interface of Hub1 and Hub2 and clients attached to LAN-Interface Of Spoke 1-3
- Traffic test between clients attached to LAN-Interface of Spoke 1-3 and clients attached to LAN-Interface of other two spokes
- Traffic test between clients attached to LAN-Interface of Hub1 and Hub2 and Internet
- Traffic test between clients attached to LAN-Interface of Spoke 1-3 and Internet
Known Limitations
On SSR devices, LLDP neighbor messages may not be sent on bundled links. Inconsistency might be observed with neighbor discovery on bundled links. IDP for overlay or VPN traffic with Juniper Mist-managed SSR is a non-goal for this solution.
Contact Information
Corporate and Sales Headquarters
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737) or +1.408.745.2000
Fax: +1.408.745.2100
www.juniper.net
APAC and EMEA Headquarters
Juniper Networks International B.V.
Boeing Avenue 240
1119 PZ Schiphol-Rijk
Amsterdam, The Netherlands
Phone: +31.207.125.700
Fax: +31.207.125.701
Copyright 2024 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, Junos, and other trademarks are registered trademarks of Juniper Networks, Inc. and/or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Send feedback to: design-center-comments@juniper.net
