Monitor Session Smart Router Deployed as WAN Edge
In monitoring Juniper® Session Smart™ Routers deployed as WAN edge device, you’ll explore the most efficient ways to monitor your WAN edge device in the Juniper Mist™ portal following your initial deployment phase.
WAN Edges
In the Juniper Mist Portal, select WAN Edges > WAN Edges to view basic device monitoring. Notice the Organization name at the top of the GUI, AI-DRIVEN SDWAN AND SASE FULL STACK. This is the largest container and represents your entire organization. Beneath the organization name, you can see your site devices in either a List format or a graphical Topology format. Here, you see Dallas-FullStack is your site, and lab1-dallas is your WAN edge device.
The List view outlines the following information:
- Config Success—Percentage of online WAN edges with successful configuration
- Version Compliance—Percentage of WAN edges that have the same software version per model.
- WAN Edge Uptime—Percentage of time a WAN edge was up during the past seven days, averaged across all EAN edges.
Beneath, you'll find WAN edge device details as shown in Table 1.
Fields | Description |
Name | Name |
Status | Connected or disconnected |
MAC | MAC address |
IP Address | IP address |
Model | Juniper® Session Smart™ Routers or Juniper Networks® SRX Series Firewalls |
Version | SSR Software Version |
Topology | Hub or Spoke |
Errors | Error state |
The Topology format presents the same information as the List view. For example, if you hover over the node0.lab1-dallas device, you'll see the same information as that displayed in the List view as you’ll see in the figure below.
On both the List and Topology view, selecting your WAN edge device (lab1-dallas in this example) brings you to its Device Information page. The Device Information page provides different categories of monitoring information for your WAN edge device.
The first thing you’ll notice on the Device Information Page is details about the WAN edge device you selected, (lab1-dallas in our figure). The information includes a graphical front view of the device ports and baseline status information such as CPU and memory utilization.
For each Gigabit Ethernet interface you’ll find link information.
Fields | Description |
Configured | True or false |
Speed | Rated speed |
PoE | Enabled or disbaled |
Power Draw | Measured PoE power draw |
Duplex | Full or half |
STP | True or false |
BPS | Bits/second |
Untagged VLAN | - |
When hovering over Wired Clients, you’ll get similar information with additional information.
Fields | Description |
Hostname | Name of the device |
Username | User name |
MAC | MAC address of the device |
IP Address | IP address of the device |
Manufacturer | Type of device- SSR / SRX |
The CPU and Memory status icon indicates how your device behaves. Hover over each interface icon for deeper insights.
Advanced Security information is listed below the device ports with a checkmark or an X, indicating whether URL filtering or intrusion detection and prevention (IDP) is active on this device. Here, both URL filtering and IDP are active with the green checkmark.
Below our port information and security section, you’ll find generalized data for your WAN edge device, including:
Properties contains generalized platform-related information.
Field | Description |
Insights | Provides a direct link to WAN Edge Insights. |
Location | Provides floorplan information |
MAC Address | MAC Address for the SSR device |
Model | Indicates if model type is SSR or SRX |
Version | Version of the Session Smart Software |
Hardware Model | Lists the Whitebox or Juniper Networks device model name and number. |
Template | The applied WAN edge template to the device. |
Hub Profile | The applied Hub Profile to the device. |
Statistics displays action information about your platform.
Field | Description |
Status | Connected /Disconnected |
Errors | Any commit errors |
Uptime | Day/Hour/Min uptime information |
Last Seen | Last login |
Last Config | Last Commit |
WAN Edge Photos | Photos of the WAN edge device |
If you configured DHCP servers on the WAN router itself, there will also be a DHCP Statistics pane with information about the leased IPs.
-
DHCP Statistics presents IP information related to dynamic distributed IP addresses.
Field | Description |
Usage | The total figure presented as a percentage of Leased and Available IPs |
Pool Name | The name for given pool of addresses |
Leased IPs | Number of used IP addresses in each pool. |
Total IPs | Total number available of IP addresses in each pool. |
As you scroll down the device information page, you’ll find Secure Vector Routing (SVR)-based Paths between devices that provide information about connectivity through WAN interfaces to the hubs. Here, you can review your WAN edge device configuration. Usually, WAN edges inherit templates or profiles. However, you can make individual changes to the configuration to be pushed to the device.
Topology Details displays Peer Path information. Remember that a Session Smart SD-WAN network overlay is generated through Secure Vector Routing Peer connections between Session Smart devices.
Field | Description |
Interface Name | Lists the name of the interface |
Neighborhood | The shared layer 3 connection between Peers |
Topology Type | Indicates Hub/Spoke |
Status | Indicates up/down |
Peer Name | Peer SVR device |
Uptime | Time up and live |
Latency | Measured in Milliseconds |
Loss | Packet loss |
Jitter | Measured in Milliseconds |
MTU | Max Transmission Unit |
Hop Count | Number of Hops |
Secure Edge Connector Details include tunnel information from your WAN edge connection to the Secure Edge cloud.
Fields | Description |
Tunnel Name | Name |
Peer Host | Peer Host IP Address |
Peer IP | Peer IP |
Status | Connected/Disconnected |
Node | Standalone/HA |
RX Bytes | Volume of data, in bytes, received by the interface. |
TX Bytes | Volume of data, in bytes, transmitted by the interface. |
RX Packets | Packets received by the interface. |
TX Packets | Packets transmitted by the interface. |
Last Event | System events |
Protocol | Protocol |
Uptime | time live |
Last Seen | Last login |
Scrolling down the device information page, you’ll find configuration information for your WAN edge. First, it’ll indicate hub or spoke with relevant information about your WAN Edge Configuration.
Field | Description |
Info | Name |
IP Configuration | Override Template Settings, node1 DHCP/Static, VLAN ID, node 2 DHCP/Static, VLAN ID |
NTP | Time Servers IP/Hostnames |
DNS | Override Template Settings, DNS Servers, (SRX only DNS suffix info) |
Secure Edge Connector | Provider for the Secure Edge Connector. |
Scrolling past the configuration, you’ll find information for your connected WANs and LANs.
Field | Description |
Name | Selected WAN Interface Name |
Interface | Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0. |
WAN Type | Ethernet, DSL (SRX Only) LTE |
IP Configuration | DHCP, Static, or PPPoE |
Overlay Hub Endpoints | SVR Peer connections to the Hub |
Field | Description |
Network | Selected LAN name. |
Interface | Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0. |
Untagged | Untagged VLAN (SRX only) |
VLAN ID | DHCP, Static, or PPPoE |
IP Configuration | SVR Peer connections to the Hub |
DHCP | Relay, Server, none. |
The Traffic Steering and Application Policy sections show how you use the Session Smart Secure Vector Routing process to create rules for path choice and routing behavior. Note that on the SRX Series deployed as a WAN edge, the Application Policy and Traffic Steering path determine destination zones and must be assigned. The Session Smart router is first and foremost, a router and will use the closest match for the address.
Field | Description |
Name | Selected Traffic Steering name. |
Strategy | Ordered, weighted, ECMP |
Paths | Untagged VLAN (SRX only) |
Application Policies are the heart of Juniper’s AI-Driven SD-WAN. Remember that Application Policies are security policies in Juniper WAN Assurance design, where you define which network and users can access which applications, and according to which traffic steering policy. You must create Networks, Applications, and establish Traffic Steering profiles to define an Application Policy. These elements become matching criteria to allow access to or block access from applications or destinations.
In the Juniper Mist™ cloud portal, the Networks or Users setting determines the source zone. The Applications and Traffic Steering settings determine the destination zone. Traffic Steering paths determine the destination zone in Juniper Networks® SRX Series Firewalls, so ensure that you assign Traffic Steering profiles to the Application Policies.
Field | Description |
Number | Ordered Policy Number |
Name | Selected name |
Org Imported | Indicates if the policy was pushed down from the Organization level to the Site. |
Network/User (Matching Any) | The “source” of your traffic |
Action | Allow/Block |
Application/Destination (Matching Any) | The “destination” for your traffic. |
IDP | Indicates IDP/URL filtering (requires separate license) |
Traffic Steering | Indicate path for traffic |
The bottom of the Device Information page has tables for routing properties such as BGP and static routes connected to your WAN edge device. You can also manually add a BGP Group here.
Field | Description |
Name | BGP Name |
Type | Type of BGP Route |
Local AS | Autonomous System Number |
Export | Exported Route |
Import | Imported Route |
Neighbors | Neighbor Route |
Neighbor AS | Autonomous System Number for Neighbor Route |
Static Routes display name and gateway information.
Monitoring: Device Information, WAN Edge Insights, Peer Path Statistics
WAN Edge Insights
The Properties pane for your selected WAN edge links to WAN Edge Insights. Click WAN Edge Insights for the next level of information about your WAN edge device.
Next to the selected WAN edge (lab1-dallas) on the Insights page, you can select a timeframe for selected information. The default view is Today, but this can be set to a customized date or range of dates. Below this, you find (when the site location information is configured) where this WAN edge is configured via a street map.
With your timeframe selected, WAN Edge Events displays a timeline of the traffic through the WAN edge during your specified time, and a list of events in the same window.
Select a specific event in the listed WAN Edge Events for greater detail of the Good, Neutral, and Bad events.
Your selection expands and displays detailed information about the selected time.
For a detailed portion of time, select a window of time with the mouse cursor. By doing this, you’re able to adjust the window of events and isolate specific Good, Neutral, and Bad things that happened on your network. With a smaller section you’ll get a more detailed view of that period.
Drill down the WAN Edge Events page for deeper insights within your selected period.
We can continue that way: You can narrow down on the type of event by selecting a modifier in the Event Type drop-down menu. You can also filter your search by limiting the event types to a specific port
On the WAN Edge Events page, you can also view reports on applications on the Applications pane. On this pane:
- You can use categorized applications to monitor and troubleshoot specific application behavior.
- You can expand the categories to see more details.
- You can view a client's use of a particular application by clicking the Clients tab.
Ensure you’ve had a few hours for these metrics to be populated following initial deployment.
Click the Clients tab to see which client is using how much bandwidth.
Click the Apps tab, then in the Number of Clients column, you can click on the number of clients to see more information such as the Client name, MAC Address, IP Address, Device Type, and Bytes being used.
For Session Smart Router devices running a DHCP server, clients using that application will display a HostName in the Client column if available. Otherwise, the MAC address will be displayed. Device Type and MAC Address columns will be populated as well.
The Application Path Insights (BETA) section shows you which applications are using the most bandwidth according to the selected Application Policy and Network. You can also change the Data Type to Sessions to see the number of sessions occurring per application. Hover over a section of the graph to view the bandwidth or sessions per application as well as jitter, loss, and latency.
Have you ever been on an important Zoom or Teams call and experienced jitter or latency? This is a bad experience for anyone, but if you're the network operator, it's even worse. You don't want the CEO yelling at you because their shareholder meeting went bad. With Juniper's WAN Assurance Application Insights dashboard, you could do something about it.
This dashboard shows you which applications are using bandwidth at any given time. Given those insights, you can easily set policies to remediate issues, such as prioritizing some applications, blocking others, or working with your ISP to gain more bandwidth. Application Insights dashboard also lets you verify that your policies were configured correctly, and you can easily see the top 10 applications by bandwidth utilized, quickly adding and removing applications from this list.
And that's the power of WAN Assurance App Insights in 60 seconds.
The path state bar shows path state information over a timeline, and path state events are indicated by segments highlighted in different colors. For example, Path Up events are shown in green and Path Down events are shown in red.
If you see an orange triangle below the path state bar, this indicates that a Service Path Update event occurred. You can hover over the triangle to see the details.
The Application Path Insights section also includes a summary view on the lefthand side that displays recent path state events.
You can also hover over the highlighted portions of the path state bar to view a summary of the path state event.
If you click on the bar, you will get a pop-up window where you can view more detailed information about the path state events. The list of events displays on the left, and when you select an event, the reason for the event displays on the right.
Path state events include:
-
Path Add
-
Path Remove
-
Path Update
-
Port Down
-
Path Up
-
Path Down
Path Down Reasons include:
- Probe Down
- Peer Path Down
- ARP Unresolved
- DHCP Failure
WAN Edge Device charts include Control Plane CPU, Data Plane CPU, and Memory Utilization.
Control Plane CPU shows CPU utilization for both max and average. The Data Plane CPU chart displays the CPU utilization for both max and average.
Memory Utilization displays the max and average memory utilization.
WAN Edge Ports charts
The WAN Edge Ports charts include Bandwidth, Max Bandwidth, Applications TX + RX Bytes, and Port Errors. From the drop down list at the top, you can select All ports to see utilization metrics in the charts for all interfaces, or you can select an interface to see the utilization metrics for that particular interface.
In the Bandwidth chart, you will see the bandwidth utilization metrics in megabits per second (Mbps) for that particular interface.
The Max Bandwidth chart displays insights into the highest point of link utilization recorded for received power signal (RX) and transmitted power signal (TX) packets on each port during the day. The data is shown in Mbps.
In the last two WAN Edge Ports charts, you’ll find Applications TX + RX Bytes and Port Errors. Hover over the charts to find out more information.
The Applications TX + RX Bytes chart outlines transmit and receive data information, which can be isolated at an application level by clicking on the application name at the bottom of the chart to see Client, MAC address, IP address, device type, and bytes for bandwidth utilization.
The Port Errors chart displays port errors for receive and transmit packets throughout the day.
Peer Path Statistics
The Session Smart WAN edge devices deployed in Juniper Mist™ WAN Assurance provide insights for liveness and path quality through Session Smart, Secure Vector Routing. The Session Smart use of the Bidirectional Forwarding Detection (BFD) signal on port 1280 checks with the downstream Session Smart Routers for liveness and monitors jitter, latency, loss, and mean opinion score (MOS). This insight works only with our Session Smart devices.
We return to WAN Edge Insights to find the Session Smart Peering metrics on your Mist dashboard. These graphs are at the bottom of the page, with a default view showing the worst three peer connections: jitter, latency, loss, and MOS. Drill down into the data here, using the same time ranges for the WAN Edge Charts. This also means that the graphs are interrelated and cross referenced.
You can also drill down and select a specific peer path to view statistics.
The final information on your WAN Edge Insights page is Current WAN Edge Properties. Time range selections do not impact information in the Current Values pane.
Alerts for Interfaces Status
In Juniper Mist, alerts present network and device issues that are ongoing. You can view alerts on Juniper Mist portal by selecting Monitor > Alerts.
You can set up alerts and email updates for when certain ports on a WAN Edge device go online or offline. To configure alerts for specific ports, you need to label these ports in LAN or WAN settings of WAN Edge device.
To configure the alerts and notifications for specific port, you must:
- Change the WAN or LAN settings to label the specified ports in WAN Edge template
or at device-level configuration page.
- In the Juniper Mist cloud portal, select Organization >
WAN > WAN Edge Templates and select the WAN or LAN
configuration that you want to update. (Or add a new configuration.)
To configure at the device-level, select WAN Edges on the left-navigation bar and select WAN or LAN configuration of the selected device.
- Under Interface, enter the port or ports, and then select
Enable “Up/Down Port” Alert Type check-box.
Figure 41: Marking LAN Port or WAN Interface as Critical Interface
Repeat these steps for all critical ports.
- In the Juniper Mist cloud portal, select Organization >
WAN > WAN Edge Templates and select the WAN or LAN
configuration that you want to update. (Or add a new configuration.)
- Configure alerts and e-mail notifications for the specified ports in Alerts
page.
- Go to Monitor > Alerts > Alerts
Configuration and use the following check-boxes to
enable alerts for the selected port:
Critical WAN Edge Port Up
Critical WAN Edge Port Down
Figure 42: Alerts Configuration for Critical PortsSee Alert Configuration for details.
When you enable alerts and notifications:
- You'll receive an e-mail notification whenever a port transitions from one state to another.
- You can view the status in Monitor > Alerts page. Figure 43
shows an example of the critical port status on Juniper Mist
Alerts dashboard.Figure 43: Critical WAN Edge Port Status
- Go to Monitor > Alerts > Alerts
Configuration and use the following check-boxes to
enable alerts for the selected port: