Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

WAN Assurance Monitoring, SLE, and Troubleshooting Overview

The Juniper® Mist™ WAN Assurance Monitoring, SLE, and Troubleshooting chapter is for system administrators and technical support who maintain enterprise SD-WAN networks. You should have completed the WAN Configuration for SRX Series Firewalls or WAN Configuration for Session Smart Routers before continuing with the WAN Edge Monitoring, SLE, and Troubleshooting.

Driven by Mist AI, the Juniper SD-WAN solution simplifies the monitoring and troubleshooting of the WAN edge. Juniper Mist WAN Assurance does this by consistently and proactively monitoring numerous variables that impact a user's network experience. Both the Juniper® Session Smart™ Router and Juniper® SRX Series Firewalls WAN Assurance platforms have unique solutions to the WAN edge and overlay that impact provisioning and deployment. Because of this, those monitoring and troubleshooting actions are platform-specific, and understanding your WAN Assurance platform is crucial.

You’ll find separate topics for the Juniper® Session Smart™ Router and Juniper® SRX Series Firewalls WAN edge Monitoring, SLE, and Troubleshooting.

WAN Edge Monitoring

In the WAN edge monitoring guides, you’ll explore the most efficient ways to monitor your WAN edge device in the Mist UI following your initial deployment phase. The Session Smart Secure Vector Routing WAN Assurance solution monitors liveness, jitter, latency, loss, and mean opinion score (MOS) to inform those user minutes. The SRX Series Firewall monitors the utilization of the IPsec tunnels that make up the overlay on the SRX Series WAN Assurance solution.

WAN Edge SLEs

The Juniper Mist WAN Assurance solution simplifies the entire network diagnosis process. WAN edge devices track metrics for WAN Edge Health, WAN Link Health, and Application Health to derive percentage ratings, which Juniper calls user minutes. User-minute metrics inform the basis for Mist monitoring, called service-level experiences (SLEs). Using critical metrics on application response times, WAN link status, gateway health, and other network conditions, both the SRX Series and Session Smart WAN edge devices gain insights into how these metrics impact end-user experiences and use them to identify the root causes of any service degradation. You can find an overview of all Mist SLEs here: https://www.juniper.net/documentation/us/en/software/mist/net-monitor/topics/concept/service-level-expectations.html. You’ll find SLEs specific to your WAN edge device deployed in Juniper Mist™ WAN Assurance.

WAN Assurance Monitoring, SLE, and Troubleshooting Overview

WAN Edge Troubleshooting

Juniper Mist WAN Assurance troubleshooting tools give system admins proactive insights alongside traditional tools for diagnosing WAN edge issues and identifying things on a per-application level down to granular interface and port metrics for both Session Smart Routers and SRX Series Firewall WAN edge devices. Users will see the most difference in their guides depending on their platform when WAN edge troubleshooting. The Session Smart Secure Vector Routing creates the overlay, while a unique implementation of Bidirectional Forwarding Detection between Session Smart devices helps troubleshooting. You’ll use Mist UI dashboard tools and leverage Juniper Mist Application Visibility, Application SLE, and Marvis to troubleshoot your Session Smart WAN edge.

For example, at times, within an overlay tunnel connecting a Hub to a spoke, not all the advertised routes may be visible on the overlay, which can lead to traffic being unable to traverse the tunnel. In such cases, we recommend following actions:

  • Ensure the overlay advertisement is enabled for the networks that need to be advertised. Go to Organization > WAN > Networks and check if Advertised via Overlay is enabled for the specific network.

  • Verify that the overlay tunnel is configured properly and that the correct routes are being advertised.

  • Check the configuration on both the hub and spoke devices and ensure that the overlay tunnel is properly configured, including the correct IP addresses and route advertisements.

  • Check the routing configuration on both the Hub and spoke devices. Verify that the routing tables on both devices include the necessary routes for the overlay tunnel, including routes to each other's network segments.

  • Check the firewall configuration on both the hub and spoke devices. Ensure that the firewall rules are properly configured to allow traffic to pass across the overlay tunnel.

  • Check the MTU (Maximum Transmission Unit) settings on both the hub and spoke devices. Verify that the MTU is set to the same value on both devices and that it is not set too high, which could cause fragmentation and slow down traffic.

  • Check the connectivity between the hub and spoke devices. Verify that there are no network connectivity issues between the two devices, including issues with firewalls or NAT (Network Address Translation) devices in between.

  • Check the logs on both the Hub and spoke devices for any error messages related to the overlay tunnel. Use the show log command to view the system logs and look for any errors related to the overlay tunnel.

  • Check the firewall filters to make sure that traffic is allowed to pass through the tunnel.

  • If you are still unable to resolve the issue, try restarting both the Hub and spoke devices

Troubleshooting gateways on your SRX Series Firewall uses the powerful and versatile Junos OS with the same Application Visibility, Application SLE, and Marvis to diagnose WAN edge connectivity.

Related Documentation