In this blog I will try to highlight how the data present in Versa Analytics framework can be used  to identify underlay issues which could result in poor users experience.

Telemetry offers visibility and awareness of network events at any given time in order to make better business decisions, help analyze customer trends and satisfaction, which can lead to improved users experience and network services.

Versa Analytics

Versa Network SD-WAN solution includes an Analytics/Telemetry framework which holds historical data on branches activity, like WAN circuits utilisation and performance, end users usage, application discovery and performance, network security information etc. and presents it in a user friendly manner using dashboards with graphs and charts.

Versa Network SD-WAN solution uses a push model to gather data from the network, branches use IPFIX over UDP or TCP for analytics related data.

Analytics Dashboards

Dashboard views provides an aggregate view of various parameters in the network. These are computed over any date range or time interval which can be changed by Network Administrator.  ​From the aggregate view which summarize an Organization wide performcance users can drill down into very specific and detailed information.

The one I am going to concentrate on is the SD-WAN Dashboard, it contains SD-WAN related data such as, SD-WAN Top Sites by Bandwidth, SD-WAN Top Access Circuits by Bandwidth, SD-WAN Site Map,SLA Measurements, SLA Violations, path utilization etc.

 

Events and Alarms Logs

The logs display individual alarms and events as soon as it happens in the network in realtime manner unlike information in the Dashboards which are statistics over time.

Logs view is similar to standard message logging (syslog) that you are all familiar with, data from different SD-WAN services are sent to the Versa Analytics for consolidation.

 

The Logs section also contains summary graphs in order to assist Network Administrator to identify Top Appliances with alarms, Top Alarms Severity, Top Alarms Type and Top Alarms Event Type

A major characteristics of logs is that they are rule based, therefore it is only populated when a rule is configured with a logging and there is a hit on the rule. ​

Versa Analytics provides a powerful search and filtering capability for logs. Logs may be search using a complex combination of parameters. Logs are also stored historically and may be searched. ​

As seen above many categories can be displayed, Alarms, DHCP, NGFW etc. I will concentrate on SD-WAN logs.

Few Use case examples

I am going to illustrate few use cases how Versa Analytics can be used to identify overlay issues, following topology will be used. 2 Branches dual attached to INTERNET and MPLS transport:

 

Use case 1: Connectivity issue in the Underlay

By default branches running Versa OS send probes on all available WAN circuit at a rate of 2s, remote branches need to answer to those probes. If no response is received for 3 consecutive probes the path between the two branches is declared down.

Alarms section of the Logs will show SD-WAN path transitions, information about the time of the event, severity, appliance reporting the error, Alarm Type, Description and few other information. 

 

Versa OS generate logs when alarms are cleared, changes in path states are also logged.

It is possible to display only SD-WAN path related events by using Log Search function to avoid scrolling though the logs. In production amount of logs entries generated by the appliances can be high.

 

These alarms will be included in the SD-WAN Dashboard too, a chart will display the Top remote SLA path flap from a particular appliance, SD-WAN path down event will be  reported among other SLA related path condition.

The Chart is clickable and will present you with a time serie between the 2 selected appliances to help you correlate historical events and user reported issues. Below a view between Branch-1 and 2, you will find information about the WAN circuit  and number of transition from UP to DOWN. Network Administrator can use this information to isolate whether the issue is most likely a isolated branch issue, a regional issue or more generic transport problem in the underlay.

Use case 2: Path performance Monitoring

As already discussed Versa Secure SD-WAN solution generates probes (also refer as PDU) by default on all WAN circuits configured, the probes are also used to measure how a particular path performs by gathering bidirectional Latency, Jitter, and packet loss

Example of such case study would be customers complains about VOIP quality for  certain period of time between 2 branches HUB-Region1 and SITE-31, VOIP SD-WAN policy is to use MPLS transport.

From the SD-WAN Dashboard/Path select the appliances and circuit you want to analyse. You will be presented with a time series displaying path performance as well as details on the path metrics at the bottom of the page:

MPLS2 WAN circuit shows non zero loss ratio which will be impacting VOIP which results in bad user experience when using Realtime application. The graph can be saved or the details on the path parameters can be exported directly to various format for instant reporting.

Path Metrics can be changed from this page too, users can select Delay or Jitter to be displayed instead of loss ratio.

 

Conclusion

Versa Analytics is very powerful tool that can help Network Administrators and Network planner in their daily job, in this particular exercise I have concentrated on how to spot underlay issues in SD-WAN network. This is a small example on how to use information contained in our Analytics framework, other useful applications are plenty like BW usage monitoring, SD-WAN circuit usage, Users BW usage, Application Usage, QOS monitoring, Application Performance Monitoring Security and System Dashboards. Many topics all very interesting and candidates for other blogs and use cases scenario.