Monitor Session Smart Router Deployed as WAN Edge
In monitoring Juniper® Session Smart™ Routers deployed as WAN edge device, you’ll explore the most efficient ways to monitor your WAN edge device in the Juniper Mist™ portal following your initial deployment phase.
WAN Edges
In the Juniper Mist Portal, select WAN Edges > WAN Edges to view basic device monitoring. Notice the Organization name at the top of the GUI, AI-DRIVEN SDWAN AND SASE FULL STACK. This is the largest container and represents your entire organization. Beneath the organization name, you can see your site devices in either a List format or a graphical Topology format. Here, you see Dallas-FullStack is your site, and lab1-dallas is your WAN edge device.
The List view outlines the following information:
- Config Success—Percentage of online WAN edges with successful configuration
- Version Compliance—Percentage of WAN edges that have the same software version per model.
- WAN Edge Uptime—Percentage of time a WAN edge was up during the past seven days, averaged across all EAN edges.
Beneath, you'll find WAN edge device details as shown in Table 1.
| Fields | Description |
| Name | Name |
| Status | Connected or disconnected |
| MAC | MAC address |
| IP Address | IP address |
| Model | Juniper® Session Smart™ Routers or Juniper Networks® SRX Series Firewalls |
| Version | SSR Software Version |
| Topology | Hub or Spoke |
| Errors | Error state |
The Topology format presents the same information as the List view. For example, if you hover over the node0.lab1-dallas device, you'll see the same information as that displayed in the List view as you’ll see in the figure below.
On both the List and Topology view, selecting your WAN edge device (lab1-dallas in this example) brings you to its Device Information page. The Device Information page provides different categories of monitoring information for your WAN edge device.
The first thing you’ll notice on the Device Information Page is details about the WAN edge device you selected, (lab1-dallas in our figure). The information includes a graphical front view of the device ports and baseline status information such as CPU and memory utilization.
For each Gigabit Ethernet interface you’ll find link information.
| Fields | Description |
| Configured | True or false |
| Speed | Rated speed |
| PoE | Enabled or disbaled |
| Power Draw | Measured PoE power draw |
| Duplex | Full or half |
| STP | True or false |
| BPS | Bits/second |
| Untagged VLAN | - |
When hovering over Wired Clients, you’ll get similar information with additional information.
| Fields | Description |
| Hostname | Name of the device |
| Username | User name |
| MAC | MAC address of the device |
| IP Address | IP address of the device |
| Manufacturer | Type of device- SSR / SRX |
The CPU and Memory status icon indicates how your device behaves. Hover over each interface icon for deeper insights.
Advanced Security information is listed below the device ports with a checkmark or an X, indicating whether URL filtering or intrusion detection and prevention (IDP) is active on this device. Here, both URL filtering and IDP are active with the green checkmark.
Below our port information and security section, you’ll find generalized data for your WAN edge device, including:
Properties contains generalized platform-related information.
| Field | Description |
| Insights | Provides a direct link to WAN Edge Insights. |
| Location | Provides floorplan information |
| MAC Address | MAC Address for the SSR device |
| Model | Indicates if model type is SSR or SRX |
| Version | Version of the Session Smart Software |
| Hardware Model | Lists the Whitebox or Juniper Networks device model name and number. |
| Template | The applied WAN edge template to the device. |
| Hub Profile | The applied Hub Profile to the device. |
Statistics displays action information about your platform.
| Field | Description |
| Status | Connected /Disconnected |
| Errors | Any commit errors |
| Uptime | Day/Hour/Min uptime information |
| Last Seen | Last login |
| Last Config | Last Commit |
| WAN Edge Photos | Photos of the WAN edge device |
If you configured DHCP servers on the WAN router itself, there will also be a DHCP Statistics pane with information about the leased IPs.
-
DHCP Statistics presents IP information related to dynamic distributed IP addresses.
| Field | Description |
| Usage | The total figure presented as a percentage of Leased and Available IPs |
| Pool Name | The name for given pool of addresses |
| Leased IPs | Number of used IP addresses in each pool. |
| Total IPs | Total number available of IP addresses in each pool. |
As you scroll down the device information page, you’ll find Secure Vector Routing (SVR)-based Paths between devices that provide information about connectivity through WAN interfaces to the hubs. Here, you can review your WAN edge device configuration. Usually, WAN edges inherit templates or profiles. However, you can make individual changes to the configuration to be pushed to the device.
Topology Details displays Peer Path information. Remember that a Session Smart SD-WAN network overlay is generated through Secure Vector Routing Peer connections between Session Smart devices.
| Field | Description |
| Interface Name | Lists the name of the interface |
| Neighborhood | The shared layer 3 connection between Peers |
| Topology Type | Indicates Hub/Spoke |
| Status | Indicates up/down |
| Peer Name | Peer SVR device |
| Uptime | Time up and live |
| Latency | Measured in Milliseconds |
| Loss | Packet loss |
| Jitter | Measured in Milliseconds |
| MTU | Max Transmission Unit |
| Hop Count | Number of Hops |
Secure Edge Connector Details include tunnel information from your WAN edge connection to the Secure Edge cloud.
| Fields | Description |
| Tunnel Name | Name |
| Peer Host | Peer Host IP Address |
| Peer IP | Peer IP |
| Status | Connected/Disconnected |
| Node | Standalone/HA |
| RX Bytes | Volume of data, in bytes, received by the interface. |
| TX Bytes | Volume of data, in bytes, transmitted by the interface. |
| RX Packets | Packets received by the interface. |
| TX Packets | Packets transmitted by the interface. |
| Last Event | System events |
| Protocol | Protocol |
| Uptime | time live |
| Last Seen | Last login |
Scrolling down the device information page, you’ll find configuration information for your WAN edge. First, it’ll indicate hub or spoke with relevant information about your WAN Edge Configuration.
| Field | Description |
| Info | Name |
| IP Configuration | Override Template Settings, node1 DHCP/Static, VLAN ID, node 2 DHCP/Static, VLAN ID |
| NTP | Time Servers IP/Hostnames |
| DNS | Override Template Settings, DNS Servers, (SRX only DNS suffix info) |
| Secure Edge Connector | Provider for the Secure Edge Connector. |
Scrolling past the configuration, you’ll find information for your connected WANs and LANs.
| Field | Description |
| Name | Selected WAN Interface Name |
| Interface | Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0. |
| WAN Type | Ethernet, DSL (SRX Only) LTE |
| IP Configuration | DHCP, Static, or PPPoE |
| Overlay Hub Endpoints | SVR Peer connections to the Hub |
| Field | Description |
| Network | Selected LAN name. |
| Interface | Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0. |
| Untagged | Untagged VLAN (SRX only) |
| VLAN ID | DHCP, Static, or PPPoE |
| IP Configuration | SVR Peer connections to the Hub |
| DHCP | Relay, Server, none. |
The Traffic Steering and Application Policy sections show how you use the Session Smart Secure Vector Routing process to create rules for path choice and routing behavior. Note that on the SRX Series deployed as a WAN edge, the Application Policy and Traffic Steering path determine destination zones and must be assigned. The Session Smart router is first and foremost, a router and will use the closest match for the address.
| Field | Description |
| Name | Selected Traffic Steering name. |
| Strategy | Ordered, weighted, ECMP |
| Paths | Untagged VLAN (SRX only) |
Application Policies are the heart of Juniper’s AI-Driven SD-WAN. Remember that Application Policies are security policies in Juniper WAN Assurance design, where you define which network and users can access which applications, and according to which traffic steering policy. You must create Networks, Applications, and establish Traffic Steering profiles to define an Application Policy. These elements become matching criteria to allow access to or block access from applications or destinations.
In the Juniper Mist™ cloud portal, the Networks or Users setting determines the source zone. The Applications and Traffic Steering settings determine the destination zone. Traffic Steering paths determine the destination zone in Juniper Networks® SRX Series Firewalls, so ensure that you assign Traffic Steering profiles to the Application Policies.
| Field | Description |
| Number | Ordered Policy Number |
| Name | Selected name |
| Org Imported | Indicates if the policy was pushed down from the Organization level to the Site. |
| Network/User (Matching Any) | The “source” of your traffic |
| Action | Allow/Block |
| Application/Destination (Matching Any) | The “destination” for your traffic. |
| IDP | Indicates IDP/URL filtering (requires separate license) |
| Traffic Steering | Indicate path for traffic |
The bottom of the Device Information page has tables for routing properties such as BGP and static routes connected to your WAN edge device. You can also manually add a BGP Group here.
| Field | Description |
| Name | BGP Name |
| Type | Type of BGP Route |
| Local AS | Autonomous System Number |
| Export | Exported Route |
| Import | Imported Route |
| Neighbors | Neighbor Route |
| Neighbor AS | Autonomous System Number for Neighbor Route |
Static Routes display name and gateway information.
Monitoring: Device Information, WAN Edge Insights, Peer Path Statistics
WAN Edge Insights
The Properties pane for your selected WAN edge links to WAN Edge Insights. Click WAN Edge Insights for the next level of information about your WAN edge device.
Next to the selected WAN edge (lab1-dallas) on the Insights page, you can select a timeframe for selected information. The default view is Today, but this can be set to a customized date or range of dates. Below this, you find (when the site location information is configured) where this WAN edge is configured via a street map.
With your timeframe selected, WAN Edge Events displays a timeline of the traffic through the WAN edge during your specified time, and a list of events in the same window.
Select a specific event in the listed WAN Edge Events for greater detail of the Good, Neutral, and Bad events.
Your selection expands and displays detailed information about the selected time.
For a detailed portion of time, select a window of time with the mouse cursor. By doing this, you’re able to adjust the window of events and isolate specific Good, Neutral, and Bad things that happened on your network. With a smaller section you’ll get a more detailed view of that period.
Drill down the WAN Edge Events page for deeper insights within your selected period.
We can continue that way: You can narrow down on the type of event by selecting a modifier in the Event Type drop-down menu. You can also filter your search by limiting the event types to a specific port
On the WAN Edge Events page, you can also view reports on applications on the Applications pane. On this pane:
- You can use categorized applications to monitor and troubleshoot specific application behavior.
- You can expand the categories to see more details.
- You can view a client's use of a particular application by clicking the Clients tab.
Ensure you’ve had a few hours for these metrics to be populated following initial deployment.
Click the Clients tab to see which client is using how much bandwidth. You can then select a specific client to see the applications that the client is using.
In the Number of Clients column, you can click on the number of clients to see more information such as the Client name, MAC Address, IP Address, Device Type, and Bytes being used.
For Session Smart Router devices running a DHCP server, clients using that application will display a HostName in the Client column if available. Otherwise, the MAC address will be displayed. Device Type and MAC Address columns will be populated as well. The same applies to SRX Series Firewalls.
WAN Edge Charts include: Control Plane CPU, which shows CPU utilization for both max and average.
Data Plane CPU, which shows CPU utilization for both max and average
Memory Utilization, which shows memory utilization for both max and average
WAN Bandwidth, here you can see when you isolate per interface you’ll see the application an bandwidth utilization metrics.
Application TX and RX Bytes outline transmit and receive data information, which can be isolated at an application level to see the MAC/IP address and device type for bandwidth utilization.
In the last four WAN Edge Charts, you’ll find Port Errors, LTE RSSI (Received Signal Strength Indicator), LTE RSRP (Reference Signal Received Power), and LTE SNR (Signal to Noise Ratio).
Peer Path Statistics
The Session Smart WAN edge devices deployed in Juniper Mist™ WAN Assurance provide insights for liveness and path quality through Session Smart, Secure Vector Routing. The Session Smart use of the Bidirectional Forwarding Detection (BFD) signal on port 1280 checks with the downstream Session Smart Routers for liveness and monitors jitter, latency, loss, and mean opinion score (MOS). This insight works only with our Session Smart devices.
We return to WAN Edge Insights to find the Session Smart Peering metrics on your Mist dashboard. These graphs are at the bottom of the page, with a default view showing the worst three peer connections: jitter, latency, loss, and MOS. Drill down into the data here, using the same time ranges for the WAN Edge Charts. This also means that the graphs are interrelated and cross referenced.
You can also drill down and select a specific peer path to view statistics.
The final information on your WAN Edge Insights page is Current WAN Edge Properties. Time range selections do not impact information in the Current Values pane.
Alerts for Interfaces Status
In Juniper Mist, alerts present network and device issues that are ongoing. You can view alerts on Juniper Mist portal by selecting Monitor > Alerts.
You can set up alerts and email updates for when certain ports on a WAN Edge device go online or offline. To configure alerts for specific ports, you need to label these ports in LAN or WAN settings of WAN Edge device.
To configure the alerts and notifications for specific port, you must:
- Change the WAN or LAN settings to label the specified ports in WAN Edge template
or at device-level configuration page.
- In the Juniper Mist cloud portal, select Organization >
WAN > WAN Edge Templates and select the WAN or LAN
configuration that you want to update. (Or add a new configuration.)
To configure at the device-level, select WAN Edges on the left-navigation bar and select WAN or LAN configuration of the selected device.
- Under Interface, enter the port or ports, and then select
Enable “Up/Down Port” Alert Type check-box.
Figure 40: Marking LAN Port or WAN Interface as Critical Interface
Repeat these steps for all critical ports.
- In the Juniper Mist cloud portal, select Organization >
WAN > WAN Edge Templates and select the WAN or LAN
configuration that you want to update. (Or add a new configuration.)
- Configure alerts and e-mail notifications for the specified ports in Alerts
page.
- Go to Monitor > Alerts > Alerts
Configuration and use the following check-boxes to
enable alerts for the selected port:
Critical WAN Edge Port Up
Critical WAN Edge Port Down
Figure 41: Alerts Configuration for Critical Ports
See Alert Configuration for details.
When you enable alerts and notifications:
- You'll receive an e-mail notification whenever a port transitions from one state to another.
- You can view the status in Monitor > Alerts page. Figure 42
shows an example of the critical port status on Juniper Mist
Alerts dashboard.Figure 42: Critical WAN Edge Port Status
- Go to Monitor > Alerts > Alerts
Configuration and use the following check-boxes to
enable alerts for the selected port: