View Only
last person joined: 2 days ago 

Ask questions and share experiences with Contrail Networking, Junos Space, Contrail Service Orchestration, NFX Series, Network Automation, Network Management, and all things related to cloud operations.

Feature Friday: SSR in the Cloud

  • 1.  Feature Friday: SSR in the Cloud

    Posted 12-16-2022 09:00

    Hello everyone!

    I apologize for not being around the last couple of weeks. I was out there traveling on the conference scene. First I was over in Paris for SD-WAN and SASE 2022. I had a lot of fun on this trip and got to speak with a TON of people about SD-WAN, AI/ML, Security, SASE, etc. Someday I’ll need to do a post about SASE.

    Then, in the States, we celebrated Thanksgiving. For those that don’t know Thanksgiving, it’s a holiday where you get together with your loved ones, talk about the things you are thankful for, and eat a lot of Turkey. It’s a really nice holiday. I am thankful for my family, my health, and, no lie, my career at Juniper. (Rami, please make the check out to “CASH.” I’ve got some Christmas shopping to do!). Thanksgiving is followed by Black Friday, where you get to see how well you have been working out over the year as you survive hordes of people on your way to find the best deals. 

    The following week, I was back on the road headed to Las Vegas for AWS re:invent. This was a really cool event where I got to discuss how the Session Smart Router can be deployed in the Cloud and used to help improve your Cloud experience. You know what, while my head is still in the clouds, let’s make this Feature Friday about Clouds.

    Deploying Session Smart Routers in the Cloud

    First off, let’s start with: Did you know that you can deploy your Session Smart Routers (SSRs) in the Cloud? We talk a lot about deploying the SSRs on-prem in your Branches and Datacenters, but you can also deploy them up in the Cloud. This is one of the benefits of the Session Smart Router being a software-based Router. Just like you might deploy your SSR on a hypervisor on one of your servers, you can deploy your SSR in public and private clouds. You will find the Session Smart Router in several of the major cloud Marketplaces such as AWS, Azure, Google Cloud, and others!

    Here’s some information on the Cloud Platforms that the SSR is supported on:

    Benefits of Session Smart Routing for Cloud Connectivity  

    Ok, just because you can deploy something on the Cloud doesn’t mean you NEED to deploy something on the Cloud. So why might one deploy an SSR in the Cloud? To me, it mainly comes down to Secure Vector Routing. You might remember that with Secure Vector Routing (SVR), when 1 SSR sends traffic to another SSR, you get all the benefits of IPSec and/or GRE without the additional bandwidth overhead. It is tunnel-less. The SSRs come with zero-trust security, only routing traffic from endpoints that you trust. The packets are encrypted for confidentiality and hashed for authenticity. This tunnel-less architecture also makes it easier to troubleshoot and maintain your networks than if all traffic is sent via tunnels. Check out this board book I narrated for some of the other benefits of SVR. 

    Anyway, the big benefit of SVR regarding cloud deployments is the bandwidth savings that you have. When it comes to clouds, you are now talking about metered connections. You have to pay when you download from the cloud, if your traffic traverses from one cloud to another, and if your traffic traverses from one region to another. As you can imagine, if you use tunnels, then these connections can be expensive. This may hinder your cloud migration as you may want to have more things hosted in your data center as to not have huge cloud bills. 

    Another benefit of having the Session Smart Router in the Cloud is that that is where a lot of applications are currently hosted or will be hosted in the near future. So you can have all the benefits of the Session Smart Router that you love (zero-trust, sub-second failover, SVR, SLA enforcement, traffic engineering, etc.) close to your applications. This is great for cloud migration and hybrid approaches because you can use the SSR to perform your SD-WAN duties sending some traffic to your Cloud SSRs and others to your Datacenter and you don’t have to worry about that traffic being insecure or not treated correctly. 

    You can also deploy your Session Smart Conductor in the Cloud. For many people, this is the best approach and it is our most recommended Conductor Design pattern. With this approach, the Conductor is reachable on a public IPv4 address and all managed nodes (SSRs) have direct access to it via one or more WAN connections. This is definitely the easiest way to deploy your Conductor, giving you the least amount of configuration to do. You could also put a NAT in front of your Conductor, but in that case you will want to open ports 930/TCP and 4505-4506/TCP (used for salt) to allow a conductor to communicate to managed routers. Open 443/TCP for the web UI, and 22/TCP for remote SSH.

    Cloud Migration Case Study – Tim Brazil

    Here’s the story of TIM Brazil, who decided to migrate all of their data centers to a multicloud environment. TIM Brazil wanted to move all of its Microsoft Office and Oracle-based applications, data, and business processes from legacy technologies to the Cloud. They had a very short timeline (only a few months) to implement and deploy a solution to migrate 7,000 servers, 35,000 cores, 1,200 databases, and 15 petabytes of storage from private infrastructure to a mix of public cloud services. The Session Smart Router-based SD-WAN platform allowed the team to shift applications while maintaining its current IP addressing scheme, accelerating the migration of more than 180 VLANs and 7000 servers.

    Anyway, enough of me talking about Clouds. It’s time for me to come back down to Earth. I do recommend you try deploying your Session Smart Routers in the Cloud though. Here’s some documentation we have on it:

    Now I want to hear from you:

    • Have you tried deploying your SSRs in the Cloud?
    • How has your experience been?
    • Do you have 1 preferred Cloud vendor or do you take a multicloud approach?
    • What are you thankful for?

    One other thing I am thankful for is YOU! Thank you again for taking your time to read my little rants. I hope you are having a great end of the year and I look forward to talking with (and hopefully meeting you soon)!

    #FeatureFridays #SSR #SessionSmartRouter #Cloud #SVR #SecureVectorRouting


    Justin Melloni