A Guide to Juniper Contrail SD-WAN

A Guide to Juniper Contrail SD-WAN

Integrating SD-WAN into your organization allows you to leverage transport services for seamless connection to applications. Various technologies facilitate this process by routing traffic between different sites. However, Juniper Network’s Contrail SD-WAN offers enhanced routing, intelligent traffic steering, zero-touch provisioning, and other features that build on the capabilities of traditional SD-WAN architecture. Learn more about Contrail SD-WAN below. 

What is Juniper Contrail SD-WAN?

Traditional SD-WAN architecture routes traffic via a controller, multiple sites, several overlay tunnels, and different connections between sites comprising the underlay network. Juniper Contrail SD-WAN reference architecture has a controller that serves as an orchestration layer, making it different from conventional setups. It allows you to manage devices directly at sites.

The Contrail SD-WAN architecture, based on the Hybrid WAN model, utilizes a hub-and-spoke topology that locates customer premises equipment (CPE) devices at branch sites. Juniper explains how this process works on its website:

“On the local side of the site, the CPE devices connect to LAN segments and participate in dynamic routing protocols with other LAN devices. On the WAN side, the CPE devices connect across two or more links to a provider hub device.”

Due to its hub-and-spoke topology, Contrail SD-WAN directs traffic from one site to another through a provider hub. Internet traffic also travels through this hub. Juniper’s Contrail Service Orchestration (CSO) software

utilizes SLA policies and other guidelines to direct the flow of traffic across different available paths. It also implements the SD-WAN controller and orchestrator functions. 

Understanding SDN

It’s impossible to talk about SD-WAN without mentioning software-defined networking (SDN). SDN is a networking approach that uses APIs or software-based controllers to exchange information with hardware infrastructure. It also directs traffic on networks. 

One important distinction about SDN is that it differs from traditional networking approaches. Instead of relying on routers, switches, and other hardware devices to manage traffic, SDN creates a virtual network through software and controls traditional hardware using that software. 

The Importance of SDN

SDN provides more flexibility than traditional networking. It eliminates the need for manual programming of hardware devices and allows you to control traffic flows over networks through a software-based controller. This can save time and resources in your organization. 

SDN also generates a single source of truth about your networks, helping you identify security threats that might jeopardize your business. For example, you can create separate “zones” for hardware that require different security requirements. 


While SDN and SD-WAN are closely related, they serve different functions. SDN facilitates internal functions within a Local Area Network (LAN) or the core network of your software provider. On the other hand, SD-WAN provides software-defined application routing to a Wide Area Network (WAN) and centralizes your different data centers, branch offices, and other locations.

Contrail SD-WAN brings SDN-like abilities to your business. It offers automation, agility, and fast automated recovery from any failed WAN links you might encounter. It also helps control WAN costs. Juniper explains on its website:

“You can add connectivity options such as broadband or cellular Internet connections to your existing IP/MPLS VPN services, allowing you to prioritize critical traffic across the connections, as well as move traffic proactively to a backup link if the primary link’s quality degrades enough to put a service–level agreement (SLA) at risk.”

Key Features of Contrail SD-WAN

Contrail SD-WAN features include zero-touch provisioning, routing, and connectivity. Here is a more detailed explanation of these features:

Zero-touch provisioning 

Contrail SD-WAN allows you to plug and play spoke devices through autoinstallation or zero-touch provisioning (ZTP). Juniper’s CSO software implements ZTP using an internet-located redirect server. However, for “true ZTP,” the company recommends using a redirect server. CSO 4.1 and later releases reduce the required bandwidth for zero-touch provisioning to 2 Mbps.


Contrail SD-WAN uses intelligent traffic steering to determine the best path for routing traffic between sites. It takes into account factors such as latency, bandwidth, and other considerations for traffic routing, and can quickly adjust its processes when conditions change. Because of this, Contrail SD-WAN can be more effective for routing traffic than traditional SD-WAN architecture. 


Contrail SD-WAN’s intelligent traffic steering makes it easier to connect to applications. The technology also connects locations, such as data centers and branch offices, by deploying VPNs on top of your WAN architecture. This process, known as site-to-site connectivity, isn’t unique to Contrail SD-WAN. However, it can improve your workflows and make it simple to leverage transport services.  

Benefits of Using Contrail SD-WAN

Benefits of Juniper Contrail SD-WAN include:

  • Enhanced security: Contrail SD-WAN provides access to a comprehensive security suite, including next-generation firewalls (NGFWs) and unified threat management (UTM)
  • Compliance with open standards: Contrail SD-WAN supports third-party CPEs and enterprise infrastructure through open protocols and APIs
  • Full routing support: The architecture supports BGP, IS-IS, MPLS, OSPF, and other routing protocols
  • Scalability: Contrail SD-WAN scales horizontally, allowing your architecture to expand as your business grows


Juniper’s Contrail SD-WAN offers more functionality and features than traditional SD-WAN architecture, helping you connect to business applications. Features such as enhanced routing, intelligent traffic steering, and zero-touch provisioning allow you to route traffic between different sites and improve network management in your organization. 

Contrail and LogicMonitor

While LogicMonitor doesn’t currently have a native integration for Juniper Contrail SD-WAN, we are constantly updating our integrations offerings. If you are interested in learning more about creating a custom HTTP integration, check out our blog post: https://www.logicmonitor.com/blog/the-flexibility-to-meet-you-where-you-work-creating-custom-http-alert-integrations. For more information about our Juniper Mist integration, visit: https://www.logicmonitor.com/integrations/juniper-mist