I've worked with several SD-WAN solutions over the past few years, and the product felt more like an automated provisioning tool. Unlike solutions from Palo Alto or other SD-WANs orchestrated by a SaaS solution, Juniper Contrail SD-WAN already had the files and built their SaaS to orchestrate the configuration. Initially, you didn't do much, but then it started adding some routing capabilities.
The automation features do help with network operations. Manually configuring SD-WAN is complicated, so the automation simplifies that. However, the initial SD-WAN solution had many limitations, particularly regarding its features. At some point, the tool began looking for other solutions and bought the 128T, which led to implementing a different SD-WAN approach. It also acquired another company for its session smart router, and then it began to develop the exact SD-WAN solution on the Mist Cloud.
Implementing new branches or changing existing ones in Juniper Contrail SD-WAN wasn't as straightforward as with other solutions like Meraki SD-WAN, which is almost plug-and-play with its zero-touch provisioning. In Juniper Contrail SD-WAN, it was more challenging.
This difficulty stemmed from the orchestrator not handling the entire process. Sometimes, provisioning would depend heavily on devices, leading to issues and getting stuck. If something went wrong, you often had to reset the entire configuration. While I'm not sure if it's more stable now, making changes was quite hard during the time I was working with it.
The Juniper Contrail SD-WAN was highly scalable, especially because it was designed for service providers. From the beginning, they focused on scalability and availability, making it multi-tenant. However, the main issue was with the feature set, which lagged compared to competitors like Fortinet.
There were also challenges with scaling security features. It's unclear if the tool has since developed a faster solution to address this. Additionally, there may have been ongoing processes regarding security features, but the acquisition by HPE might have halted these efforts. With HPE having its own SD-WAN solutions
The return on investment with Juniper Contrail SD-WAN wasn't very good, mainly due to provisioning issues. Modern SD-WAN solutions provide users with abstraction, making it easier to implement new links with different service providers or make changes to the network. However, with Juniper Contrail SD-WAN, making such changes required involvement from Juniper engineers and wasn't as straightforward.
The product was Juniper's first foray into the SD-WAN market. Initially, it was developed as a SaaS solution, though an on-premises option was also available, particularly for certain service providers.
I wouldn't recommend this product today due to its lack of features and stability issues, especially considering that it doesn't seem to be evolving towards more advanced solutions. I rate the overall product a five out of ten.