Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitor Session Smart Router Deployed as WAN Edge

In monitoring Juniper® Session Smart™ Routers deployed as WAN edge device, you’ll explore the most efficient ways to monitor your WAN edge device in the Juniper Mist™ portal following your initial deployment phase.

WAN Edges

In the Juniper Mist Portal, select WAN Edges > WAN Edges to view basic device monitoring. Notice the Organization name at the top of the GUI, AI-DRIVEN SDWAN AND SASE FULL STACK. This is the largest container and represents your entire organization. Beneath the organization name, you can see your site devices in either a List format or a graphical Topology format. Here, you see Dallas-FullStack is your site, and lab1-dallas is your WAN edge device.

Figure 1: Accessing WAN Edges Page Accessing WAN Edges Page

The List view outlines the following information:

  • Config Success—Percentage of online WAN edges with successful configuration
  • Version Compliance—Percentage of WAN edges that have the same software version per model.
  • WAN Edge Uptime—Percentage of time a WAN edge was up during the past seven days, averaged across all EAN edges.
Figure 2: WAN Edges List View WAN Edges List View

Beneath, you'll find WAN edge device details as shown in Table 1.

Table 1: WAN Edge Device Details
Fields Description
Name Name
Status Connected or disconnected
MAC MAC address
IP Address IP address
Model Juniper® Session Smart™ Routers or Juniper Networks® SRX Series Firewalls
Version SSR Software Version
Topology Hub or Spoke
Errors Error state

The Topology format presents the same information as the List view. For example, if you hover over the node0.lab1-dallas device, you'll see the same information as that displayed in the List view as you’ll see in the figure below.

Figure 3: WAN Edges Topology View WAN Edges Topology View

On both the List and Topology view, selecting your WAN edge device (lab1-dallas in this example) brings you to its Device Information page. The Device Information page provides different categories of monitoring information for your WAN edge device.

Figure 4: WAN Edges Device Information Page WAN Edges Device Information Page

The first thing you’ll notice on the Device Information Page is details about the WAN edge device you selected, (lab1-dallas in our figure). The information includes a graphical front view of the device ports and baseline status information such as CPU and memory utilization.

Figure 5: WAN Edges Device Information - Interfaces WAN Edges Device Information - Interfaces

For each Gigabit Ethernet interface you’ll find link information.

Figure 6: WAN Edge Device Information Page- Details WAN Edge Device Information Page- Details
Table 2: Link Information for Gigabit Ethernet Interface
Fields Description
Configured True or false
Speed Rated speed
PoE Enabled or disbaled
Power Draw Measured PoE power draw
Duplex Full or half
STP True or false
BPS Bits/second
Untagged VLAN -

When hovering over Wired Clients, you’ll get similar information with additional information.

Table 3: Wired Clients Details
Fields Description
Hostname Name of the device
Username User name
MAC MAC address of the device
IP Address IP address of the device
Manufacturer Type of device- SSR / SRX

The CPU and Memory status icon indicates how your device behaves. Hover over each interface icon for deeper insights.

Figure 7: WAN Edges - CPU and Memory Status WAN Edges - CPU and Memory Status

Advanced Security information is listed below the device ports with a checkmark or an X, indicating whether URL filtering or intrusion detection and prevention (IDP) is active on this device. Here, both URL filtering and IDP are active with the green checkmark.

Figure 8: Advanced Security Details Advanced Security Details

Below our port information and security section, you’ll find generalized data for your WAN edge device, including:

Figure 9: WAN Edge Device Properties WAN Edge Device Properties

Properties contains generalized platform-related information.

Table 4: WAN Edge Platform-Related Details
Field Description
Insights Provides a direct link to WAN Edge Insights.
Location Provides floorplan information
MAC Address MAC Address for the SSR device
Model Indicates if model type is SSR or SRX
Version Version of the Session Smart Software
Hardware Model Lists the Whitebox or Juniper Networks device model name and number.
Template The applied WAN edge template to the device.
Hub Profile The applied Hub Profile to the device.

Statistics displays action information about your platform.

Figure 10: WAN Edge Device Statistics WAN Edge Device Statistics
Table 5: WAN Edge Device Statistics
Field Description
Status Connected /Disconnected
Errors Any commit errors
Uptime Day/Hour/Min uptime information
Last Seen Last login
Last Config Last Commit
WAN Edge Photos Photos of the WAN edge device

If you configured DHCP servers on the WAN router itself, there will also be a DHCP Statistics pane with information about the leased IPs.

  • DHCP Statistics presents IP information related to dynamic distributed IP addresses.

Figure 11: WAN Edge Device DHCP Statistics WAN Edge Device DHCP Statistics
Table 6: WAN Edge Device DHCP Statistics
Field Description
Usage The total figure presented as a percentage of Leased and Available IPs
Pool Name The name for given pool of addresses
Leased IPs Number of used IP addresses in each pool.
Total IPs Total number available of IP addresses in each pool.

As you scroll down the device information page, you’ll find Secure Vector Routing (SVR)-based Paths between devices that provide information about connectivity through WAN interfaces to the hubs. Here, you can review your WAN edge device configuration. Usually, WAN edges inherit templates or profiles. However, you can make individual changes to the configuration to be pushed to the device.

Topology Details displays Peer Path information. Remember that a Session Smart SD-WAN network overlay is generated through Secure Vector Routing Peer connections between Session Smart devices.

Figure 12: Topology Details Topology Details
Table 7: Topology Details
Field Description
Interface Name Lists the name of the interface
Neighborhood The shared layer 3 connection between Peers
Topology Type Indicates Hub/Spoke
Status Indicates up/down
Peer Name Peer SVR device
Uptime Time up and live
Latency Measured in Milliseconds
Loss Packet loss
Jitter Measured in Milliseconds
MTU Max Transmission Unit
Hop Count Number of Hops

Secure Edge Connector Details include tunnel information from your WAN edge connection to the Secure Edge cloud.

Figure 13: Secure Edge Connector Details Secure Edge Connector Details
Table 8: Secure Edge Connector Details
Fields Description
Tunnel Name Name
Peer Host Peer Host IP Address
Peer IP Peer IP
Status Connected/Disconnected
Node Standalone/HA
RX Bytes Volume of data, in bytes, received by the interface.
TX Bytes Volume of data, in bytes, transmitted by the interface.
RX Packets Packets received by the interface.
TX Packets Packets transmitted by the interface.
Last Event System events
Protocol Protocol
Uptime time live
Last Seen Last login

Scrolling down the device information page, you’ll find configuration information for your WAN edge. First, it’ll indicate hub or spoke with relevant information about your WAN Edge Configuration.

Figure 14: WAN Edge Configuration: Spoke WAN Edge Configuration: Spoke
Table 9: WAN Edge Configuration: Spoke
Field Description
Info Name
IP Configuration Override Template Settings, node1 DHCP/Static, VLAN ID, node 2 DHCP/Static, VLAN ID
NTP Time Servers IP/Hostnames
DNS Override Template Settings, DNS Servers, (SRX only DNS suffix info)
Secure Edge Connector Provider for the Secure Edge Connector.

Scrolling past the configuration, you’ll find information for your connected WANs and LANs.

Figure 15: WAN Details WAN Details
Table 10: WAN Details
Field Description
Name Selected WAN Interface Name
Interface Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0.
WAN Type Ethernet, DSL (SRX Only) LTE
IP Configuration DHCP, Static, or PPPoE
Overlay Hub Endpoints SVR Peer connections to the Hub
Figure 16: LAN Details LAN Details
Table 11: LAN Details
Field Description
Network Selected LAN name.
Interface Supports one of these interfaces for aggregation: ge-0/0/1, ge-0/0/1-5, or reth0.
Untagged Untagged VLAN (SRX only)
VLAN ID DHCP, Static, or PPPoE
IP Configuration SVR Peer connections to the Hub
DHCP Relay, Server, none.

The Traffic Steering and Application Policy sections show how you use the Session Smart Secure Vector Routing process to create rules for path choice and routing behavior. Note that on the SRX Series deployed as a WAN edge, the Application Policy and Traffic Steering path determine destination zones and must be assigned. The Session Smart router is first and foremost, a router and will use the closest match for the address.

Figure 17: Traffic Steering Traffic Steering
Table 12: Traffic Steering
Field Description
Name Selected Traffic Steering name.
Strategy Ordered, weighted, ECMP
Paths Untagged VLAN (SRX only)

Application Policies are the heart of Juniper’s AI-Driven SD-WAN. Remember that Application Policies are security policies in Juniper WAN Assurance design, where you define which network and users can access which applications, and according to which traffic steering policy. You must create Networks, Applications, and establish Traffic Steering profiles to define an Application Policy. These elements become matching criteria to allow access to or block access from applications or destinations.

Figure 18: Application Policies Application Policies

In the Juniper Mist™ cloud portal, the Networks or Users setting determines the source zone. The Applications and Traffic Steering settings determine the destination zone. Traffic Steering paths determine the destination zone in Juniper Networks® SRX Series Firewalls, so ensure that you assign Traffic Steering profiles to the Application Policies.

Table 13: Application Policies Details
Field Description
Number Ordered Policy Number
Name Selected name
Org Imported Indicates if the policy was pushed down from the Organization level to the Site.
Network/User (Matching Any) The “source” of your traffic
Action Allow/Block
Application/Destination (Matching Any) The “destination” for your traffic.
IDP Indicates IDP/URL filtering (requires separate license)
Traffic Steering Indicate path for traffic

The bottom of the Device Information page has tables for routing properties such as BGP and static routes connected to your WAN edge device. You can also manually add a BGP Group here.

Figure 19: Routing Details Routing Details
Table 14: Routing Details
Field Description
Name BGP Name
Type Type of BGP Route
Local AS Autonomous System Number
Export Exported Route
Import Imported Route
Neighbors Neighbor Route
Neighbor AS Autonomous System Number for Neighbor Route
Figure 20: Static Routes Static Routes

Static Routes display name and gateway information.

Monitoring: Device Information, WAN Edge Insights, Peer Path Statistics

WAN Edge Insights

The Properties pane for your selected WAN edge links to WAN Edge Insights. Click WAN Edge Insights for the next level of information about your WAN edge device.

Figure 21: WAN Edge Insights WAN Edge Insights

Next to the selected WAN edge (lab1-dallas) on the Insights page, you can select a timeframe for selected information. The default view is Today, but this can be set to a customized date or range of dates. Below this, you find (when the site location information is configured) where this WAN edge is configured via a street map.

Figure 22: WAN Edge Insights-Select Time Duration WAN Edge Insights-Select Time Duration

With your timeframe selected, WAN Edge Events displays a timeline of the traffic through the WAN edge during your specified time, and a list of events in the same window.

Select a specific event in the listed WAN Edge Events for greater detail of the Good, Neutral, and Bad events.

Figure 23: WAN Edge Events Timeline WAN Edge Events Timeline

Your selection expands and displays detailed information about the selected time.

For a detailed portion of time, select a window of time with the mouse cursor. By doing this, you’re able to adjust the window of events and isolate specific Good, Neutral, and Bad things that happened on your network. With a smaller section you’ll get a more detailed view of that period.

Figure 24: WAN Edge Events Timeline Details View WAN Edge Events Timeline Details View

Drill down the WAN Edge Events page for deeper insights within your selected period.

Figure 25: WAN Edge Events page WAN Edge Events page

We can continue that way: You can narrow down on the type of event by selecting a modifier in the Event Type drop-down menu. You can also filter your search by limiting the event types to a specific port

Figure 26: WAN Edge Events Page WAN Edge Events Page

On the WAN Edge Events page, you can also view reports on applications on the Applications pane. On this pane:

  • You can use categorized applications to monitor and troubleshoot specific application behavior.
  • You can expand the categories to see more details.
  • You can view a client's use of a particular application by clicking the Clients tab.
Note:

Ensure you’ve had a few hours for these metrics to be populated following initial deployment.

Figure 27: Applications Applications

Click the Clients tab to see which client is using how much bandwidth.

Click the Apps tab, then in the Number of Clients column, you can click on the number of clients to see more information such as the Client name, MAC Address, IP Address, Device Type, and Bytes being used.

Note:

For Session Smart Router devices running a DHCP server, clients using that application will display a HostName in the Client column if available. Otherwise, the MAC address will be displayed. Device Type and MAC Address columns will be populated as well.

Figure 28: Clients Using Application Clients Using Application

The Application Path Insights (BETA) section shows you which applications are using the most bandwidth according to the selected Application Policy and Network. You can also change the Data Type to Sessions to see the number of sessions occurring per application. Hover over a section of the graph to view the bandwidth or sessions per application as well as jitter, loss, and latency.

Have you ever been on an important Zoom or Teams call and experienced jitter or latency? This is a bad experience for anyone, but if you're the network operator, it's even worse. You don't want the CEO yelling at you because their shareholder meeting went bad. With Juniper's WAN Assurance Application Insights dashboard, you could do something about it.

This dashboard shows you which applications are using bandwidth at any given time. Given those insights, you can easily set policies to remediate issues, such as prioritizing some applications, blocking others, or working with your ISP to gain more bandwidth. Application Insights dashboard also lets you verify that your policies were configured correctly, and you can easily see the top 10 applications by bandwidth utilized, quickly adding and removing applications from this list.

And that's the power of WAN Assurance App Insights in 60 seconds.

Figure 29: Application Path Insights (BETA) Application Path Insights (BETA)

The path state bar shows path state information over a timeline, and path state events are indicated by segments highlighted in different colors. For example, Path Up events are shown in green and Path Down events are shown in red.

If you see an orange triangle below the path state bar, this indicates that a Service Path Update event occurred. You can hover over the triangle to see the details.

Figure 30: Service Path Update Service Path Update

The Application Path Insights section also includes a summary view on the lefthand side that displays recent path state events.

You can also hover over the highlighted portions of the path state bar to view a summary of the path state event.

Figure 31: Application Path Insights (BETA) continued Application Path Insights (BETA) continued

If you click on the bar, you will get a pop-up window where you can view more detailed information about the path state events. The list of events displays on the left, and when you select an event, the reason for the event displays on the right.

Path state events include:

  • Path Add

  • Path Remove

  • Path Update

  • Port Down

  • Path Up

  • Path Down

    Path Down Reasons include:

    • Probe Down
    • Peer Path Down
    • ARP Unresolved
    • DHCP Failure
Figure 32: Path State Events and Reasons - Example 1 Path State Events and Reasons - Example 1
Figure 33: Path State Events and Reasons - Example 2 Path State Events and Reasons - Example 2

WAN Edge Device charts include Control Plane CPU, Data Plane CPU, and Memory Utilization.

Control Plane CPU shows CPU utilization for both max and average. The Data Plane CPU chart displays the CPU utilization for both max and average.

Figure 34: Control Plane CPU and Data Plane CPU Control Plane CPU and Data Plane CPU

Memory Utilization displays the max and average memory utilization.

Figure 35: Memory Utilization Memory Utilization

WAN Edge Ports charts

The WAN Edge Ports charts include Bandwidth, Max Bandwidth, Applications TX + RX Bytes, and Port Errors. From the drop down list at the top, you can select All ports to see utilization metrics in the charts for all interfaces, or you can select an interface to see the utilization metrics for that particular interface.

In the Bandwidth chart, you will see the bandwidth utilization metrics in megabits per second (Mbps) for that particular interface.

The Max Bandwidth chart displays insights into the highest point of link utilization recorded for received power signal (RX) and transmitted power signal (TX) packets on each port during the day. The data is shown in Mbps.

Figure 36: Bandwidth and Max Bandwidth Bandwidth and Max Bandwidth

In the last two WAN Edge Ports charts, you’ll find Applications TX + RX Bytes and Port Errors. Hover over the charts to find out more information.

The Applications TX + RX Bytes chart outlines transmit and receive data information, which can be isolated at an application level by clicking on the application name at the bottom of the chart to see Client, MAC address, IP address, device type, and bytes for bandwidth utilization.

The Port Errors chart displays port errors for receive and transmit packets throughout the day.

Figure 37: Applications TX + RX Bytes and Port Errors Applications TX + RX Bytes and Port Errors

Peer Path Statistics

The Session Smart WAN edge devices deployed in Juniper Mist™ WAN Assurance provide insights for liveness and path quality through Session Smart, Secure Vector Routing. The Session Smart use of the Bidirectional Forwarding Detection (BFD) signal on port 1280 checks with the downstream Session Smart Routers for liveness and monitors jitter, latency, loss, and mean opinion score (MOS). This insight works only with our Session Smart devices.

We return to WAN Edge Insights to find the Session Smart Peering metrics on your Mist dashboard. These graphs are at the bottom of the page, with a default view showing the worst three peer connections: jitter, latency, loss, and MOS. Drill down into the data here, using the same time ranges for the WAN Edge Charts. This also means that the graphs are interrelated and cross referenced.

Figure 38: Peer Path Statistics Peer Path Statistics

You can also drill down and select a specific peer path to view statistics.

Figure 39: Peer Path Statistics for Specific Peer Peer Path Statistics for Specific Peer

The final information on your WAN Edge Insights page is Current WAN Edge Properties. Time range selections do not impact information in the Current Values pane.

Figure 40: Current WAN Edge Properties Current WAN Edge Properties

Alerts for Interfaces Status

In Juniper Mist, alerts present network and device issues that are ongoing. You can view alerts on Juniper Mist portal by selecting Monitor > Alerts.

You can set up alerts and email updates for when certain ports on a WAN Edge device go online or offline. To configure alerts for specific ports, you need to label these ports in LAN or WAN settings of WAN Edge device.

To configure the alerts and notifications for specific port, you must:

  • Change the WAN or LAN settings to label the specified ports in WAN Edge template or at device-level configuration page.
    1. In the Juniper Mist cloud portal, select Organization > WAN > WAN Edge Templates and select the WAN or LAN configuration that you want to update. (Or add a new configuration.)

      To configure at the device-level, select WAN Edges on the left-navigation bar and select WAN or LAN configuration of the selected device.

    2. Under Interface, enter the port or ports, and then select Enable “Up/Down Port” Alert Type check-box.
      Figure 41: Marking LAN Port or WAN Interface as Critical Interface Marking LAN Port or WAN Interface as Critical Interface

      Repeat these steps for all critical ports.

  • Configure alerts and e-mail notifications for the specified ports in Alerts page.
    1. Go to Monitor > Alerts > Alerts Configuration and use the following check-boxes to enable alerts for the selected port:
      • Critical WAN Edge Port Up

      • Critical WAN Edge Port Down

      Figure 42: Alerts Configuration for Critical Ports Alerts Configuration for Critical Ports

      See Alert Configuration for details.

      When you enable alerts and notifications:

      • You'll receive an e-mail notification whenever a port transitions from one state to another.
      • You can view the status in Monitor > Alerts page. Figure 43 shows an example of the critical port status on Juniper Mist Alerts dashboard.
        Figure 43: Critical WAN Edge Port Status Critical WAN Edge Port Status