SD-WAN Monitoring Survival Guide: Be the Master of Your Network

SD-WAN technology is a hot topic in the networking world, with many businesses transitioning to SD-WAN networks for the promise of improved performance and reliability. However, after migrating, numerous companies find themselves lacking in SD-WAN network visibility. This makes it difficult to identify and address performance issues and determine whether their SD-WAN service is meeting expectations.

Are you tired of feeling like you're driving blindfolded when it comes to your company's network? Are you ready to take off that blindfold and gain some visibility into your network's performance? Keep reading to learn about the ins and outs of SD-WAN monitoring for businesses.

• What is SD-WAN?
• Why is SD-WAN Monitoring Important?
• Common SD-WAN Issues
• SD-WAN Monitoring Steps
• Step 1. Use an SD-WAN Network Monitoring Tool
• Step 2. Monitor your SD-WAN Migration
• Step 3. Understand the SD-WAN Network Design
• Step 4. SD-WAN Monitoring in All Network Locations
• Step 5. Monitor the SD-WAN Promise/ SLA
• Step 6. Detect SD-WAN Issues
• Step 7. Identify What the SD-WAN Issue Is
• Step 8. Pinpoint When the SD-WAN Issue Happened
• Step 9. Find A Root Cause for the SD-WAN Issue
• Step 10. Implement A Solution

SD-WAN stands for Software-Defined Wide Area Network. It is a technology that simplifies the management and operation of a Wide Area Network (WAN) by separating the networking hardware from its control mechanism. Large enterprises and network administrators use SD-WAN to manage their enterprise network, rather than relying on physical devices like routers and switches.

SD-WAN technology allows for centralized control and management of the WAN, regardless of where the network devices are physically located. It also enables organizations to use multiple types of connections, such as broadband and cellular, to connect remote locations and applications securely and efficiently. SD-WAN has become increasingly popular in recent years as more businesses seek to connect geographically dispersed locations, improve network performance, and reduce costs.

SD-WAN Monitoring Tool

Get control of your network. Monitor your SD-WAN network before, after & during migrations

Learn more

Too many businesses don’t have visibility over their SD-WAN networks. While it’s true that SD-WAN technology provides better performance than older network technology, like MPLS, they’re still prone to experiencing performance issues. SD-WAN monitoring is important for that, and so much more:

1. Ensure the success of your SD-WAN migration: Many businesses have no visibility when migrating to SD-WAN - but this is crucial. Implement SD-WAN monitoring before your migration to identify problems that may hinder the migration before and after.
2. See what Service Providers can’t: SD-WAN vendors sell you impeccable SLAs and big promises about the performance of SD-WAN. But, like any other network, SD-WAN networks are still prone to network issues that vendors and Service Providers can’t see. So you need SD-WAN monitoring to catch performance issues yourself.
3. Measure the SD-WAN promise: SD-WAN vendors make promises about the capacity of the SD-WAN device to seamlessly perform load balancing on multiple links, and the ability of the SD-WAN management platform to provide visibility on the network performance. It's up to you to monitor your SD-WN network to ensure that your vendor upholds the promises they made for your SD-WAN performance.
4. Identify all SD-WAN performance issues: Despite its capabilities, SD-WAN, like any network, is susceptible to network issues that can impact user experience. High bandwidth and CPU usage are common SD-WAN issues that are likely to occur at some point. It’s crucial to use SD-WAN monitoring to proactively identify and resolve these issues.
5. Go further than SD-WAN native monitoring feature: Despite SD-WAN vendors' claims about the monitoring capabilities of their SD-WAN solutions, they don’t provide the 360-degree visibility needed for monitoring every SD-WAN network location. Additionally, they can’t perform SD-WAN monitoring from the user's point-of-view, which is crucial to determining whether the SD-WAN service is delivering on its promised performance.
6. Facilitate SD-WAN troubleshooting: Troubleshooting issues with SD-WAN Edge devices and in IPSec Tunnels can be exceptionally challenging without the right tools. When you then add Firewall as a Service (FWaaS) in the equation, it then involves a Service Provider and creates additional communication paths to monitor and troubleshoot - which also require SD-WAN monitoring tools.
7. Decrease the ping-pong with Service Providers: When there are Service Providers involved, troubleshooting can become a long process. In instances of performance issues, there can be significant communication between customers and Service Providers, as no one has the necessary visibility to determine the source of the problem or the party responsible for resolving it. Having the right visibility helps you provide to Service Providers that there is an issue, and give them the information to escalate your support case.

Ready to take your network monitoring to the next level? Try Obkio's SD-WAN monitoring solution today and gain valuable insights into the performance of your network.

Don't let network challenges hold you back - sign up for Obkio's SD-WAN monitoring solution now.

• 14-day free trial of all premium features
• Deploy in just 10 minutes
• Monitor performance in all key network locations
• Measure real-time network metrics
• Identify and troubleshoot live network problems

One of the main use cases for SD-WAN monitoring is to identify and troubleshoot some of the most common SD-WAN issues. Trust us, it’s not about if these problems will happen, it’s about when. So you better be prepared when they do.

Let’s go over some of the most common issues you should be aware of:

1. High CPU Usage: High CPU usage is very common in SD-WAN Devices and usually affects all network sessions. This generally occurs when a network device does not have enough available resources to manage the throughput.
2. High Bandwidth Usage: When the bandwidth capacity of an SD-WAN network is exceeded, network performance can degrade, leading to issues like latency and packet loss and poor user experience that affects critical business applications.
3. Local Loop Issues: Issues with the local loop, such as cabling problems or faulty equipment, can result in intermittent connectivity, slow data transfer rates, and even complete network outages. These problems can be particularly challenging to diagnose and resolve because they occur outside of the customer's network.
4. DNS Issues: DNS issues, such as incorrect or outdated DNS records, can lead to slow or intermittent connectivity, as devices may struggle to connect to the correct resources. Additionally, DNS attacks, such as DNS spoofing or cache poisoning, can cause significant security issues on an SD-WAN network.
5. Defective Cables or Connectors: The physical components of an SD-WAN network are critical to its performance, and defective cables or connectors can cause a range of issues, from intermittent connectivity to complete network outages. This can result in poor user experience and can also impact critical business applications that rely on the network.

3 Most Common SD-WAN Issues

Many people rely on SD-WAN networks, but they’re still prone to network issues. Learn about the 3 most common SD-WAN issues and how to solve them.

Learn more

Now that you know why SD-WAN monitoring is important, and what performance issues you need to avoid when migrating to SD-WAN, let’s show you how to actually implement SD-WAN monitoring.

Traditional monitoring solutions that focus on your device won’t give you insight into your network’s performance, and SD-WAN native monitoring features can’t monitor from end to end. So your business needs a solution that monitors end-to-end SD-WAN performance to identify network problems before and after your SD-WAN migration.

Deploy an Agent-based solution, ​like Obkio Network Performance Monitoring software, with dedicated SD-WAN Monitoring capabilities that help you understand:

• If the SD-WAN service is performing as promised
• If it’s not, what problems are affecting their SD-WAN networks
• Where the problems happened (in their local network or Service Provider network)
• Who is responsible for troubleshooting the issue

Get started with Obkio’s Free Trial!

Deploying a monitoring solution before an SD-WAN migration is crucial to compare the network's performance both before and after the migration. This will enable you to track any changes in network performance and identify any issues that may arise during or after the migration process.

Obkio monitors network performance using synthetic UDP traffic from Monitoring Agents deployed in key network locations. To monitor an SD-WAN migration, we recommend deploying Monitoring Agents in:

• Your Local Network
• And between network locations: remote offices and your company’s headquarters, data centers or clouds

In the screenshot above, a branch office migrated from a dedicated low-bandwidth MPLS connection to an SD-WAN service with two broadband connections.

• The migration occurred in the middle of the graph (around 18:20).
• A few minutes later, around 19:00, the SD-WAN service switched from the primary ISP to the secondary ISP due to high packet loss for about 15 minutes.
• There is just a little bit of packet loss during the failover because it took a few seconds for the SD-WAN appliance to failover

Congrats! At this point, you would have migrated to your new SD-WAN service. Now you need to monitor it. To adequately deploy SD-WAN monitoring, you need to understand the design of your network so you can adapt that design to your monitoring setup to the network design.

The image below shows an SD-WAN network site communicating with either a Data Center, Head Office or IaaS.

In an SD-WAN Architecture, SD-WAN issues can come from many different places:

• The Internet
• Internet Local Loop
• Internet Provider’s Edge Router
• ISP Backbone
• ISP Peering Point
• Internet VPN IPSec between the site and ZScaler (Firewall As A Service)

• IPsec Tunnel from one site to another
• The LAN
• SD-WAN Edge
• Core & Distribution Switches
• Access Switches

• 80% of companies using SD-WAN experience performance issues on the last mile of the network. The last mile generally has the lowest speeds, the least route diversity and the most single points of failure.

• If your business also has Firewall As A Service (FWaaS), you’ll need to open a support ticket with your Service Provider if the problem.

To complete your deployment, you need to install Network Monitoring Agents in the customer LAN, behind the SD-WAN appliance, for SD-WAN monitoring from the end-user perspective.

This is the setup we recommend:

1. A Local Agent per network location (data centers, remote offices etc.)
2. Public Monitoring Agents to monitor the Internet

With this setup, you’ll also have visibility of:

• ISP #1 connection
• ISP #2 connection
• The End-User (load balanced between the connection using the SD-WAN algorithm)
• The SASE Service

Once deployed, the Agents create Monitoring Sessions and use synthetic UDP traffic to monitor every network path, measure performance metrics, identify issues and raise alerts.

One of the goals of SD-WAN monitoring is to monitor SD-WAN performance and the SLA or promise made by your vendors. To do so, monitor performance from the end-user perspective, as well as the underlay connections themself to compare the performance.

Here is an example of this setup with three monitoring sessions configured between:

• A local Monitoring Agent behind the SD-WAN appliance
• And three remote Monitoring Agents that are located at the same location (either cloud, data center or head office)

The three network monitoring sessions monitor the network performance between the two locations using different connections:

• The performance as seen by the end-user (load balanced between the connection using the SD-WAN algorithm) - top graph
• The performance of the ISP A connection - middle graph
• The performance of the ISP B connection - bottom graph

This setup is used by many of our customers using SD-WAN technologies. This way, they are able to confirm the real network performance of the end-users traffic and also monitor each ISP connection.

At this point, you’ll now have a continuous SD-WAN monitoring setup. Obkio’s solution will now begin measuring network metrics and identifying performance issues.

Your business’ users may be complaining about slow application performance or disconnection, and you need to detect the issues. Start with Obkio’s automatic alerts and Chord Diagram and look at what’s going on in your network right now.

Obkio’s Chord Diagram shows you exactly what is happening in your network right now. If you look a the screenshot below, you can see:

• The names of all the Monitoring Agents: All the Local Agents & Public Monitoring Agents you’ve deployed in your network.
• The performance between the Monitoring Agents: Represented by the lines and network sessions.
• The severity levels: These correspond to the severity level of the performance issues, red being the most severe.

You always want to troubleshoot the most severe issues affecting your SD-WAN network (the red sessions), in the most impacted network locations.

For example: In the screenshot below, we’ve isolated Branch 3 as the worst because all of its sessions are being affected by performance issues.

To get more information about what the exact problem is, when it started, and what the pattern is, switch to the Dashboard View to view all key network metrics towards that branch on a single page. Here you can also compare all the information from the Monitoring Agents.

In the screenshot below is a Dashboard for Branch 3 with various performance graphs.

• You can also change the selected time frame of the graphs.
• The selected view shows performance over the last 8 hours.

Column 1 shows the UDP monitoring session performance from the Branch 3 Monitoring Agent towards the SD-WAN user experience Monitoring Agents.

• The first graph shows the Internet SD-WAN user experience
• The 2 bottom graphs below show the experience of the Internet connections (ISP 1 & ISP 2)

Column 2 shows SNMP Polling (Device Monitoring) on the SD-WAN Edge Equipment. Obkio will perform SNMP Polling on the Monitoring Agent and, in the graphs under, show metrics for:

• CPU Usage
• Bandwidth Usage

Column 3 shows Zoom performance and Microsoft Teams performance, which Obkio also provides. It shows:

• HTTP Application Performance
• VoIP Quality

After analyzing the information above, we can see that:

• There is poor performance affecting all the traffic
• Both ISP 1 and ISP 2 are being affected

How can this happen? Well, for ISP 1 & 2 to be affected, this means that the network problem is happening on a network segment that is common to both ISPs. This could be in the LAN, or directly on the SD-WAN Edge Router.

This is caused by high CPU usage which leads to high packet loss. This is a very common issue which means that the device does not have enough available resources to manage the throughput.

Now you can Analyze the historical data on the dashboard to find a trigger, a pattern or a deviation from your baseline to pinpoint:

• When the problem first happened
• Is the problem continuous or intermittent?
• Is the problem flapping?

In the screenshot above, there is a pattern. The issue is an intermittent network problem (happens on and off) and doesn’t follow a specific pattern but the high CPU usage is very clear.

Wink, wink. Why don't you follow along while using Obkio's free trial.

The magic of SD-WAN monitoring doesn’t stop here. You can drill down even deeper to find the root cause of your issue.

To do this, we’ll be using Obkio Vision, Obkio’s free Visual Traceroute tool that runs continuously to interpret Traceroute results to identify network problems in your WAN and over the Internet.

Obkio Vision Quality Matrix

Note: If the network problem is happening on your end, you don’t need to do this step. It’ll just confirm that conclusion.

By using Traceroutes, the Network Map, and the Quality Matrix you’ll be able to identify if:

1. The problem is happening specifically towards a specific location over the Internet. So only one specific site is being affected.
2. The problem is on your ISP’s side and you need to open a support case with all the information you can collect.

Obkio Vision Traceroutes

You’re almost in the clear! Now you know what the problem is, where and when it happened, and who is responsible for solving it, you need to resolve it.

• Contact your ISP to get technical support using the screenshots of Monitoring Sessions, Dashboards or Traceroutes in Vision.
• Use Live Monitoring mode for real-time updates and share results of Live Traceroutes with your ISP using a public link.
• If your ISP wants to analyze your data further, you can create a temporary Read-Only User in your Obkio account for them.

If you find CPU or Bandwidth issues, this likely means that the problem is in your company’s network and you need to troubleshoot internally. Here are a few suggestions:

1. Upgrade your Internet connection bandwidth with your ISP if you’re running out of bandwidth or resources.
2. Analyze network devices to determine why they’re experiencing high CPU usage and missing resources. This could be due to software problems, outdated firmware, or a lack of resources on the device. In some cases, upgrading to a larger device may be necessary to address the problem effectively.
3. Look into what network traffic is being used. Examine the firewall logs to determine whether the network traffic is legitimate or not. Illegitimate traffic may indicate a security breach, such as data exfiltration or unauthorized access, or it could be due to large data backups occurring during business hours instead of during off-peak hours.
4. Manage priorities in your Firewall to mitigate the impact of congestion on critical applications. Prioritizing certain traffic can reduce the impact of congestion on affected applications and ensure that critical applications continue to function as expected.

So, there you have it - a crash course on SD-WAN monitoring! Don't let your network turn into a wild, uncharted jungle.

With the right monitoring tools and practices, you can navigate through any network challenge that comes your way. Remember to stay proactive, monitor your network constantly, and be prepared to troubleshoot any issues that arise.

With SD-WAN monitoring, you'll have all the power you need to tame your network and take your business to the next level. So go forth, tech warriors, and may the packets be ever in your favour!

Get started with Obkio’s Free Trial!