打印

VeloCloud SD-WAN 6.4 - Administration Guide - Monitor Enterprise 打印

Monitor Enterprise

VeloCloud SD-WAN allows an Enterprise user to monitor the events and services using a redesigned portal.

In the SD-WAN service of the Enterprise portal, select Monitor. The following screen displays:

Figure 1. Monitoring the Enterprise Network

You can explore each monitoring option and click the graphs to view detailed reports.

Each monitoring window consists of the following options:
  • Search - Enter a term to search for specific details. select the Filter icon to filter the view by a specific criterion.
  • Column - Click and select the columns to be shown or hidden in the view.
  • Refresh – Click to refresh the details displayed with the most current data.

Monitor Network Overview

The Network Overview page displays the overall summary of the network, like total count of activated Edges, links, top performing applications and Edges by traffic data volume, and other configuration data for an Enterprise.

To view the Network Overview summary, traffic usage data, and configuration data in the SD-WAN service of the Enterprise portal, select Monitor > Network Overview .

The Network Overview page appears. Turn on the Auto-Refresh button to automatically refresh the page every 30 seconds.

Figure 2. Network Overview

On the top of the Network Overview page, the Activated Edges section displays the total number of Activated Edges and Hubs that are connected, degraded, and offline, along with a graphical representation for the Enterprise. The Links section displays the Links and Hub Links stable, degraded, and down, along with a graphical representation.

Selecting a number in the Activated Edges or Links section redirects you to the Edges list page with the corresponding filter applied. Note that the Only Hub checkbox is enabled automatically in the Edges list page when you select the number on the Hub or Hub Links.

You can select the time range for which you want to display the traffic usage data in the dashboard. The default value is Past 12 hours.

 

Traffic Usage Summary

To view network traffic usage for the Enterprise, select the Traffic Usage tab. The Traffic Usage dashboard graphically displays the following details for an Enterprise:
Table 1. Traffic Usage Dashboard Option Descriptions
Option Description
Top Apps by Data Volume

Displays the top 10 performing applications sorted by volume of data.

Select an application to view the top 10 Edges for the selected application. To learn more about an Edge, select the Edge link, and it redirects you to the Monitor > Edges > Source page.
Top Edges by Data Volume

Displays the top 10 Edges sorted by volume of data.

Select an Edge to view the top 10 applications for the selected Edge. To learn more about an application, select the application link, and it redirects you to the Monitor > Edges > Source page.
Include SD-WAN Applications Turn on the toggle button to include SD-WAN applications and traffic data.
More Select the More button to show the next 10 performing applications/Edges. A maximum of 20 items can be displayed in the dashboard.

Configuration Data Summary

To view configuration data for the Enterprise, select the Configuration Data tab.

Figure 3. Network Overview- Configuration Data
The Configuration Data dashboard graphically displays the following details for an Enterprise:
Table 2. Configuration Data Dashboard Option Descriptions
Option Description
Profiles Used Displays the details of used and unused profiles.
Segments Activated Displays the details of activated and other segments.
Software Version Displays the details of software versions of the Edges, which are up-to-date and outdated.
Edges with Enabled VNF Displays the number of Edges activated with VNF that have statuses Error, Off, and On.
Edges with Enabled CC Displays the number of Edges activated with CC that have statuses Failed, Pending, and Ready.
Edges with Enabled A-S Pair Displays the number of Edges activated as Active-Standby pair with statuses Failed, Pending, and Ready.
Non SD-WAN Destinations via Gateway Displays the number of non SD-WAN destinations that are connected and offline.

Monitor Security Overview

The Security Overview page displays the overall impact summary of configured Security services, like Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), URL Categories, URL Reputations, and Malicious IP for all Edges within an Enterprise, based on the metrics collected using the various Enhanced Firewall Services (EFS) engines (IDS/IPS/URL Filtering/Malicious IP).

Note: To view the Security Overview option under the Monitor tab, enable the EFS feature in the Global Settings page.

Monitor Security Overview - Enterprise View

To view the overall impact summary of configured Security services for an Enterprise, in the SD-WAN service of the Enterprise portal, select Monitor > Security Overview . The Security Overview page appears.

Figure 4. Monitor Security Overview

In the Security Overview page, you can find the following details:

Table 3. Security Overview Option Descriptions
Option Description
Overall Impact Summary Displays the total count of Edges within the Enterprise and the total count of Reporting Edges whose traffic encountered at least one of the Enhanced Firewall Engines. Under Reporting Edges, selecting the link to the number displays a tabular view of all Edges whose traffic encountered at least one EFS engine, along with the Action count details. Hover the mouse over the Action count to view the split count by supported Action types.
Figure 5. Reporting Edges
To view the EFS Threats details for a specific Edge, select the link to the Edge name and see the Edge-specific Security Overview page. See the section Monitor Security Overview - Edge View.
IDS/IPS Summary Displays the total count of IDS/IPS Threats Detected and Prevented for all Edges within the Enterprise, along with the Threat Severity and Action details in a graphical representation. Hover the mouse over the graphs to view specific threat details. For detailed information about the IDS/IPS Threat distribution, see the section Monitor IDS/IPS.
URL Category Summary Displays the total count of URL Categories and Action count details for all Edges within the Enterprise, along with the Top 5 URL Categories details in a graphical representation. For detailed information about the URL Category Threats distribution, see the section Monitor URL Filtering.
URL Reputation Summary Displays the total count of URL Reputation risks and Action count details for all Edges within the Enterprise in a graphical representation. For detailed information about the URL Reputation Threats distribution, see the section Monitor URL Filtering.
Malicious IP Summary Displays the total count of Malicious IP Blocked and Monitored. For detailed information about the distribution of malicious IP threats, see the section Monitor Malicious IP.

Monitor IDS/IPS

For a detailed view of IDS/IPS-specific threats for an enterprise, select Monitor > Security Overview > IDS/IPS .

The IDS/IPS page is a graphical representation of Threat distribution (Threats Detected/Threats Prevented) based on the metrics collected using the IDS/IPS engines for all Edges within an Enterprise. You can view the Threat distribution of all the Edges using the following two views:
  • Impacted Edge Distribution: Represents a map view of all the IDS/IPS Impacted Edges (by severity) and Protected Edges. The page graphically displays the following IDS/IPS Threat details for an Enterprise:
    • Total count of Edges Impacted
    • Total count of Edges Protected
    • Top Threats Detected filtered "By Count" (Default) or "By Impact"
    • Top Threat Origins filtered "By Country" (Default) or "By IP Address"
    • Top Impacted Edges filtered "By Edge Name"
    • Top Impacted Clients filtered "By IP Address"
    Figure 6. Security Overview- Impacted Edge Distribution
  • Impacted Edge List: Represents a tabular view of all the IDS/IPS impacted Edges along with Threat details. The page displays the following details: Name and Description of the impacted Edge, Threat Impact on Edge, and Status of the impacted Edge.
    Figure 7. Security Overview- Impacted Edge List

Monitor URL Filtering

To view the URL Filtering specific threats details for an Enterprise, select Monitor > Security Overview > URL Filtering .

Figure 8. Monitor URL Filtering

 

The URL Filtering page graphically displays the following URL Categories and URL Reputations threat details for an Enterprise:
  • Total count of URL Categories
  • Total count of URL Category Actions
  • Top URL Categories
  • Top URL categories filtered by "Action" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
  • Top Edges filtered by "Category Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
  • Total count of URL Reputations
  • Total count of URL Reputation Actions
  • Top Websites filtered by "URL Reputation" (High Risk, Suspicious, Medium Risk, Low Risk, and Trustworthy) or "Total Count" (Default)
  • Top Edges filtered by "Reputation Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)

Monitor Malicious IP

For a detailed view of the Malicious IP-specific threats, select Monitor > Security Overview > Malicious IP .

Figure 9. Monitor Malicious IP

 

The Malicious IP page graphically displays the following Malicious IP threat details for an Enterprise:
  • Total count of Blocked Malicious IP
  • Total count of Monitored Malicious IP
  • Top Malicious Destination IPs filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
  • Top Malicious Categories filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
  • Top Edges filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
  • Top Malicious Destination Countries filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)

Monitor Security Overview- Edge View

To view the EFS Threat details for a specific Edge:

  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges . The list of Edges associated with the Enterprise appears.
  2. Select an Edge by selecting the link to an Edge. The Network Overview page (default page view) appears.
  3. From the Network Overview drop-down menu, select Security Overview. The Security Overview page displays the overall impact summary of configured Security services, like IDS/IPS, URL Categories, URL Reputations, and Malicious IP for the selected Edge.
    Figure 10. Monitor Security Overview- Edge View

Monitor Edges

You can monitor the status of Edges and view the details of each Edge, like the WAN links, top applications used by the Edges, usage data through the network sources and traffic destinations, business priority of network traffic, system information, or details of Gateways connected to the Edge.

To monitor the Edge details:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise. The page displays the details of the Edges, like the status, links, Gateways, and other information.
Figure 11. Monitor Edges

Select CSV to download a report of the Edges in CSV format.

Select View in the Gateways column to view the details of the Gateways connected to the corresponding Edge.

Select an Edge name in the Name column to view the details of the selected Edge. Select the relevant tabs to view the corresponding information. Each tab displays a drop-down list at the top, from which you can select a specific time period. The tab displays the details for the selected duration.

Some of the tabs provide a drop-down menu of metric parameters. You can choose the metrics from the list to view the corresponding data. The following table lists the available metrics:

The following table describes each drop-down menu that is available in the Links,Applications,Sources, Destinations, and Business Priority tabs.
Table 4. Available Metrics
Metrics Option Description
Average Throughput Total bytes in a given direction divided by the total time. The total time is the periodicity of statistics uploaded from the Edge. By default, the periodicity in Orchestrator is 5 minutes.
Total Bytes Total number of bytes sent and received during a network session.
Bytes Received/Sent Split up details of the number of bytes sent and received during a network session.
Total Packets Total number of packets sent and received during a network session.
Packets Received/Sent Split up details of number of packets sent and received during a network session.
Bandwidth The maximum rate of data transfer across a given path. Displays both the upstream and downstream bandwidth details.
Latency Time taken for a packet to get across the network, from source to destination. Displays both the upstream and downstream Latency details.
Jitter Variation in the delay of received packets caused by network congestion or route changes. Displays both the upstream and downstream Jitter details.
Packet loss Packet loss happens when one or more packets fail to reach the intended destination. A lost packet is calculated when a path sequence number is missed and does not arrive within the re-sequencing window. A “very late” packet is counted as a lost packet.
Auto Dual-Mode SIM Status of the Edge with respect to the Automatic Switchover feature configured on that Edge, and is applicable only for a 610-LTE. For more information on the Automatic Switchover feature, see Configure Automatic SIM Switchover.
Signal Signal strength of the Edge indicated by the number of bars.
The following table describes the filter options that are available in the Applications, Sources, and Destinations tabs.
Table 5. Filter Options
Filter Option Description
Application The application used by the Edge.
Category The category of the application used by the Edge.
Operating System The operating system used by the Edge.
Hostname The hostname associated with the flow.
IP Address The IP address associated with the flow.
Client Device The Client device associated with the flow.
Destination The destination domain of the flow.
Destination IP The destination IP address of the flow.
FQDN The Fully Qualified Domain Name (FQDN) of the flow.
Next Hop The Next hop SD-WAN destination for the flow based on indicated Route.
Route The WAN route taken by the flow. Refer to table Route to Next Hop Mapping for description of each route and its relation to Next hop.
The following table describes the route to next hop mapping.
Table 6. Route to Nexthop Mapping
Route Name Nexthop
cloudViaGateway The name of the Gateway that routes traffic to the cloud.
internetViaDirectBreakout Nexthop has no name. The traffic is coming from the Internet directly.
branchToBranch (Gateway) The name of the Gateway responsible for routing traffic to the other branch.
branchToBranch (Edge) The name of the Edge used to route traffic to the other branch.
branchToNVSDirect The name of the HUB device serving as the nexthop Edge.
branchToNVSViaGateway The name of the Gateway that routes traffic to NVS.
branchToBackhaul The name of the Edge or enterprise object used to route traffic to a non-Velocloud site.
cloudViaGateway (Edge – to Partner Gateway) The nexthop is the name of the Partner Gateway that will route the traffic.
branchRouted Nexthop has no name. For basic routed traffic, there is no destination object, specifically, via an Edge router.
internetViaBranchCSS Name of enterprise object used to route traffic to a non-Velocloud branch.
For each Edge, you can view the following details:

 

Select an Edge and select the Shortcuts option at the top to perform the following activities:
  • Configure: Navigates to the Configuration tab of the selected Edge. See
  • View Events: Displays the Events related to the selected Edge.
  • Remote Diagnostics: Allows running the Remote Diagnostics tests for the selected Edge. See
  • Generate Diagnostic Bundle: Allows the generation of a Diagnostic Bundle for the selected Edge. See
  • Remote Actions: Allows Remote actions for the selected Edge. See
  • View Profile: Navigates to the Profile page associated with the selected Edge.
  • View Gateways: Displays the Gateways connected to the selected Edge.
The following are the other options available on this page:
Table 7. Other Options
Option Description
Search Enter a term to search for the matching text across the page. Use the advanced search option to narrow down the search results.
Columns Select and select the columns to be displayed or hidden on the page.
Refresh Select to refresh the page to display the most current data.

Monitor Edge Overview

The Overview tab of an Edge in the monitoring dashboard displays the details of WAN links along with bandwidth consumption and network usage.

To view the information of an Edge:
  1. In the SD-WAN service of the Enterprise portal, select  Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge and the Overview tab is displayed by default.
The Overview tab displays the details of links, including status and bandwidth consumption.
Figure 12. Edge Overview

You can choose whether to view the Edge information live using the Live Mode option. When this mode is ON, live monitoring of the Edge happens, and the data in the page is updated whenever there is a change. The live mode is automatically moved to offline mode after a period of time to reduce the network load.

The Links Status section displays the details of Links, Link Status, Auto Dual-Mode SIM, WAN Interface, Throughput, Bandwidth, Signal, Latency, Jitter, and Packet Loss. For more information on these parameters, see Monitor Edges.

The Top Consumers section displays graphical representation of bandwidth and network usage of the following: Applications, Categories, Operating Systems, Sources, and Destinations of the Edges. Click View Details in each panel to navigate to the corresponding tab and view more details.

Hover over the graphs to view more details.
Note: The minimum amount of data consumption for SD-WAN control traffic on a link is 1.5 - 2 GB per month depending on the number of paths.

Monitor QoE

The Quality of Experience (QoE) tab shows the Quality Score for different applications. The Quality score rates an application's quality of experience that a network can deliver over a period of time. The QoE is calculated based on the best score comparing all the Static tunnels (Edge to Gateways and Edge to Hubs) and then displays the best-performing tunnel.

To view the QoE report of an Edge:
  1. In the SD-WAN service of the Enterprise portal, select  Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the QoE tab.
The QoE tab displays the quality score of applications for different traffic types.
Figure 13. QoE Tab

The following traffic types are supported: Voice, Video, and Transactional. Select the link to a traffic type displayed at the top to view the corresponding data. You can hover over a WAN network link or an aggregate link to display a summary of Latency, Jitter, and Packet Loss.

The Quality Score rates an application's quality of experience that a network can deliver for a given time frame. The QoE graphs display the quality scores of the selected Edge before and after the SD-WAN optimization. A black vertical dotted line indicating an anchor, appears on the graph, whenever there is a threshold value change in a Profile or an Edge. You can hover over the anchor to see the modified latency threshold values for Voice, Video, and Transactional. Also, the color of the graph varies depending on the threshold value as follows:
Table 8. Rating Color Description
Color Rating Color Rating Option
Green Good All metrics are better than the objective thresholds. Application SLA is met/exceeded.
Yellow Fair Some or all metrics are between the objective and maximum values. Application SLA is partially met.
Red Poor Some or all metrics have reached or exceeded the maximum value. Application SLA is not met.

To modify the threshold values, select the View/Modify Thresholds link located at the bottom of the screen, which takes you to the  Configure > Edges > Business Policy page.

Monitor Path Visibility

A path is a tunnel between two endpoints. Path visibility is a report on the utilization and quality of the paths between an Edge and its VeloCloud SD-WAN peers. With Orchestrator, an Enterprise user can monitor the Path visibility using the monitoring dashboard.

For a selected Edge, you can monitor the Path information for the VeloCloud SD-WAN peers with traffic flow observed for a specific period.
  1. In the SD-WAN service of the Enterprise portal, select Monitor Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the Paths tab.
For the selected Edge, the Paths tab displays the details of VeloCloud SD-WAN peers with traffic flow observed for a specified period.
Note: The Paths tab is available only for Edges with software image version 4.0 or later.
Figure 16. Edge Path

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

To get a report of a VeloCloud SD-WAN peer in CSV format, select the peer and select Export Path Statistics.

Select the link to a VeloCloud SD-WAN peer to view the corresponding Path details as follows:

  • All the VeloCloud SD-WAN peers that have traffic observed during the selected time period.
  • The status of the paths available for a selected peer.
  • Overall quality score of the paths for a selected peer for voice, video, and transactional traffic.
  • Time series data for each path by metrics like: Throughput, Latency, Packet loss, Jitter. For more information on the parameters, see Monitor Edges.
Figure 17. Path Details

The metrics time-series data is displayed in a graphical format. You can select and view the details of a maximum of 4 paths at a time.

By default, the Scale Y-axis evenly checkbox is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover over the graphs to view more details.

Expand the Quality Score pane at the top, to view the Path score by the traffic types.
Figure 18. Quality Score

You can select a VeloCloud SD-WAN peer displayed in the left pane to view the corresponding Path details.

A black vertical dotted line indicating an anchor appears on the graph whenever there is a threshold value change in a Profile or an Edge. You can hover over the anchor to see the modified latency threshold values for Voice, Video, and Transactional. To modify the threshold values, select the View/Modify Thresholds link located at the bottom of the screen, which directly takes you to the Configure > Edges > Business Policy page.

Monitor Flow Visibility

The Flow Visibility feature introduces a new Flows tab under Monitor > Edges , which provides detailed flow data on each traffic flow for each Edge. The comprehensive end-to-end flow (non-live flow) is built based on certain flow parameters, such as Source IP, Destination IP, Destination Port, Protocol, and Link ID. These parameters are displayed in a single-view table format, which can assist with monitoring and troubleshooting non-live flows. Starting with the 6.1 release, the Live Mode monitoring feature is supported. The Live Mode monitoring gives visibility into Source Port on top of non-live flows. It allows you to select individual or multiple live flows (up to four flows) to monitor and compare their metrics as live time series graphs.

Monitor Non-Live Flows

To view detailed non-live flow data for a selected Edge, perform the following steps:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link of an Edge, and then select the Flows tab.
  3. At the top of the page, from the time duration drop-down menu, choose a specific time or create a custom time filter to view the flow information. By default, Past 12 Hours is selected. Filter capabilities from the past 60 minutes to 1 year is supported. The current data retention policy allows for high-resolution (per 5 minutes) flows to be retained for 4 weeks and low-resolution (per day) flows to be retained for up to a year.

    High-resolution tables provide detailed insights into individual flows and short-term trends. They are useful for in-depth analysis and troubleshooting. Low-resolution tables offer a broader perspective on network traffic over longer periods. They are useful for capacity planning, trend identification, and reporting.

For the selected Edge, the Flows tab displays the detailed flow information about the selected Edge for a specified period. See the "Flows Parameter Description Table" below for a description of flow parameters.
Note: For the Flows feature, the unselected table fields are only available for Edges with software image version 5.1 or later.
Figure 19. Monitor Non-Live Flows

The Search field provides search capabilities to find a specific flow. Enter a search string to find text that matches the Source IP, Destination IP, Destination FQDN, and Destination Domain fields. Use the Advanced Search feature for more advanced filtering criteria.

Select the 'Filter' icon to define a filter criterion. You can filter the flow details by the specified criteria: Source IP, Destination IP, Destination Port, Segment, Host Name, Application, Category, Destination FQDN, Destination Domain, and Next Hop.

Note: The client device table filters hostname; however, the values are shown according to what was uploaded by the flow stats uploaded to the flow stats table. As a result, the hostname can be null, or it might not correspond to the hostname that is being filtered. In essence, it displays the value submitted at the time the flow was uploaded.

Select CSV to create customized reports by exporting flow data in CVS format.

Note: A user can download the first 60K records matching the filter/quickSearch/sortBy/startTime/endTime criteria when the metrics/getEdgeFlowVisibilityMetrics request was made.
Note: Export to CSV format is not supported in the Live Mode.

Monitor Live Flows

The Live Mode monitoring feature enables customers to fetch live flow data to identify and troubleshoot problems. By default, this feature fetches a batch of up to 1000 recent flow records from the Edge or however many flows can be captured within five seconds (default value). The number of flows and the flow capture time can be configured by an Operator via the "edge.liveData.enterFlowLiveMode.delay.seconds" and "edge.liveData.enterFlowLiveMode.flow.count" System Properties. See section "List of System Properties" in the Operator Guide for a description of these properties and information on how to configure them.
Note: The Live Mode feature is only available for Edges with a version of 6.1 or later and Orchestrator with a version of 6.1 or later. Both Edge and Orchestrator must be on version 6.1 or later. To activate Live Mode flow monitoring, perform the following steps:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link of an Edge, and then select the Flows tab.
  3. In the Flows tab area of the Orchestrator, at the top, right-hand corner, switch the Live Mode toggle button to the right to activate the live monitoring of flow data. The Time Remaining countdown of five minutes begins.
    Figure 20. Activate Live Flow

  4. In the Flows table, select up to four flows for which you want to monitor and compare the flow metrics. The selected flows move to the top of the table for better visibility. Then select any of the graph plots criteria (Bytes Received/Sent, Total Bytes, Packets Received/Sent, Total Packets, and Average Throughput), and select Submit
    Figure 21. Plot Flow Graph

    .

    For the selected Edge with Live Mode activated, the Flows tab displays time series graphs of the selected flows, plotted at a rate of two seconds for a period of five minutes based on the selected graph plots criteria.

    The Time Remaining countdown resets after the flows are selected and submitted. The timer will begin counting down from five minutes. After five minutes, a Mode Selection pop-up dialog displays.
    Figure 22. Mode Selection

    1. Select Yes to stay in live mode, which resets the mode to live, and the countdown of five minutes begins.
    2. Select No to exit the live mode. The Flows tab goes back to the non-live mode view.
      Note: At any given time, only one user is permitted to initiate live flows on a specific edge. The Mode selection dialog is displayed for 30 seconds. If no action is taken, the user is automatically exited from the live mode.
      Note: A maximum of 100 concurrent Edges can be monitored by default.
    By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis scale between the two charts. If required, you can turn off this option.
  5. Select the Breakdown by Links check box if you want to view the breakdown of flows by link. The link-level breakdown provides a detailed analysis of the graph flows, showing the data flow through each link since the flow was started.

    The breakdown of flows by link is calculated by using the flow tuple and link headers. This is in contrast with using the flow tuple with no added headers as in non-breakdown by link When breaking down network flows by link, if the flow is a local network flow (i.e., no Wide Area Network (WAN) link), then there would not be any WAN link information displayed.

  6. Selecting Refresh at the bottom-left side of the Orchestrator UI to fetches active flows in a batch of 1000- 4999 (as configured) flows from the Edge and updates existing flows displayed in the table.
    Note: When the live mode is activated, if you select Refresh the Time Remaining counter does not refresh.

    If a customer is actively monitoring flows and refreshes the table, the active live flows displayed on the graph will no longer display, and the graph will be empty.

Functionality Deviations from the Non-Live Mode

The following table describes all the functionality deviations and behavioral changes from the non-live mode.
Table 9. Functionality Deviations from the Non-Live Mode
Deviation Behavior
Deviation of Filter functionality from non-live mode In live mode, users must provide a CIDR-formatted IPv4 or IPv6 address to apply filters based on Source/Destination IP addresses of current flows on the Edge. The user cannot filter flows based on Link or Destination Domain.
Deviation of Search functionality from non-live mode In live mode, the search is performed locally and does not require a server-side search. Consequently, it filters data that has already been provided to the Orchestrator and not active flows on the Edge.
Deviation of Flow fields from non-live mode
  • For non-live mode, a device's hostname is mapped to a flow in order to filter traffic based on the provided hostname. In live mode, this is done by ignoring the hostname associated with a client device and displaying the hostname as sent by the edge instead. This can result in different hostnames being associated with the same flow based on non-live or live mode views. Additionally, the association to destination FQDN when the hostname is empty is bypassed to simplify the reasoning for the user when filtering for hostname.
  • In live mode, the Link column in the Flow table shows the number of links used by that flow. Hovering over the number shows more information about the link. If the column does not show a number, it means that it is a local network flow that is not associated with a WAN link.
  • In live mode, the Start Time column displays the start time when the Edge started live flow monitoring.
  • In live mode, the End Time column displays empty fields.
  • In live mode, the Total Bytes/Packets column shows the total since the Edge first viewed the flow record. This count may differ from the Link total due to the VCMP header.
  • In live mode, the Bytes Received/Sent and Packets Received/Sent columns show the snapshot of the reported value for the current interval, which is usually 2 seconds.
  • The Source Port field is only available for the live mode.
  • Once the users enter the live mode, the Link, Bytes, and Packet count values start accumulating.
  • When the Breakdown by Links checkbox is activated, the breakdown of flows by link is calculated by flow tuple and link. This is in contrast with using the flow tuple with no added headers as in non-breakdown by link. When breaking down network flows by link, if the flow is a local network flow (i.e., no Wide Area Network (WAN) link), then there would not be any WAN link information displayed.

 

Flows Parameter Description

Table 10. Flows Parameter Description
Field Item Description
Source IP Displays the IP address that owns the flow item. This information is also available on the Source tab and can be mapped to the name of the client device/operating system.
Note: When using the search features, IP filters do not support contains, startsWith or endsWith. Use CIDR format for similar results.
Note: When using the filter in the live mode, provide a CIDR formatted IPv4 or IPv6.
Destination IP Displays flow data of the Destination (Domain, FQDN, and IP). This information can also be found in the Destination tab.
Note: When using the search features, IP filters do not support contains, startsWith or endsWith. Use CIDR format for similar results.
Note: When using the filter in live mode, provide a CIDR formatted IPv4 or IPv6.
Source Port Displays the source port number of the flow.
Note: Source port is not available in the non-live mode.
Destination Port Displays the destination port number of the flow, which identifies the process that is to receive the data.
Protocol Displays Protocols (e.g. UDP, TCP) associated with the flow.
Segment Routing domain. Each segment has a unique routing table.
Link Underlying link through which the flow stats are reported.
ISP Displays the Internet Service Provider associated with the flow.
Host Name The hostname associated with the source device of the flow.
Application Column that displays the application. This information can also be found in the Application tab.
Application Category Similar applications that are used by a specific Edge can be grouped into a category.
Destination FQDN The Fully Qualified Domain Name (FQDN) of the Destination to which the traffic flow was directed.
Next Hop The name of next-hop device for the flow (for example, the name of the Gateway if the route is Cloud via Gateway). See the Route to Nexthop Mapping Table for more details.
Route The path taken to the next hop across one or more networks.
Start Time The timestamp of when the Edge started the flow stats aggregation period.
End Time The timestamp of when the Edge ended the flow stats aggregation period. The difference between start and end times equals the amount of time a flow stat record was aggregated for.
Average Throughput Displays the average throughput.
Total Bytes Displays the total number of bytes sent and received during a flow.
Bytes Received Displays details of the number of bytes received during a flow.
Bytes Sent Displays details of the number of bytes sent during a flow.
Total Packets Total number of packets sent and received during a flow.
Packets Received Displays details of the number of packets received during a flow.
Packets Sent Displays details of the number of packets sent during a flow.
Destination Domain This field is grayed out for the live mode. Ensure to use destination FQDN or destination IP for the same filter outcomes.
Business Policy Displays the name of the business policy rule associated with the flow.
Firewall Rule Displays the name of the firewall rule associated with the flow.

 

Route to Nexthop Mapping

Table 11. Route to Nexthop Mapping
Route Name Nexthop
cloudViaGateway The name of the Gateway that routes traffic to the cloud.
internetViaDirectBreakout Nexthop has no name. The traffic is coming from the Internet directly.
branchToBranch (Gateway) The name of the Gateway responsible for routing traffic to the other branch.
branchToBranch (Edge) The name of the Edge that was used to route traffic to the other branch.
branchToNVSDirect The name of the HUB device serving as the nexthop Edge.
branchToNVSViaGateway The name of the Gateway that routes traffic to NVS.
branchToBackhaul The name of the Edge or enterprise object that is used to route traffic to a non-VeloCloud site.
cloudViaGateway (Edge – to Partner Gateway) The nexthop is the name of the Partner Gateway that will route the traffic.
branchRouted Nexthop has no name. For basic routed traffic, there is no destination object, specifically, via an Edge router.
internetViaBranchCSS Name of enterprise object used to route traffic to a non-VeloCloud branch.

Monitor Edge Applications

You can monitor the network usage of applications or application categories used by a specific Edge.

To view the details of applications or application categories:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the Applications tab.

The Applications tab displays the details of the applications used by the selected Edge.

Figure 23. Applications used by Edge

At the top of the page, you can choose a specific duration to view the details of the priorities for the selected duration.

Select Filter to define a criterion and view the application details filtered by the specified criteria (Application, Category, Operating System, Hostname, IP Address, Client Device, FQDN, Next Hop, and Route). For more information about filter descriptions, see Monitor Edges.

By default, the Scale Y-axis evenly checkbox is pre-selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Select Categories to view similar applications grouped into categories. Hover the mouse over the graphs to view more details.

Select the metrics from the drop-down to view the details related to the selected parameter.

The bottom panel displays the details of the selected metrics for the applications or categories. You can select and view the details of a maximum of four applications at a time. Select Columns to select the columns you want to see or hide in the view.

To view drill-down reports with more details, select the links displayed in the metrics column.

The following image shows a detailed report of the top applications.

Figure 24. Detailed report on top applications

Select the arrows next to Transport Groups, Top Devices, or Top Destinations to navigate the corresponding tabs.

Monitor Edge Sources

You can monitor the network usage of devices and operating systems for a specific Edge.

To view the details of devices and operating systems:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the Sources tab.
The Sources tab displays the details of the client devices used by the selected Edge.
Figure 25. Sources Tab

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view more details.

Select Filter to define a criterion and view the application details filtered by the specified criteria (Category, Operating System, Hostname, IP Address, Client Device, Destination, Destination IP, FQDN, Next Hop, and Route). For more information about filter descriptions, see Monitor Edges.

Select Operating Systems to view the report based on the Operating Systems used in the devices.

Choose the metrics from the drop-down to view the details related to the selected parameter.

The bottom panel displays the details of the selected metrics for the devices or operating systems. You can select and view the details of a maximum of 4 client devices at a time. Select Columns to select the columns to be shown or hidden in the view.

To view drill-down reports with more details, select the links displayed in the metrics column.

The following image shows a detailed report of top clients:
Figure 26. Top Clients

Select the arrows displayed next to Top Applications or Top Destinations to navigate to the corresponding tabs.

Monitor Edge Destinations

You can monitor the network usage data of the destinations of the network traffic.

To view the details of destinations:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the Destinations tab.
The Destinations tab displays the details of the destinations of the network traffic for the selected Edge.
Figure 27. Destinations Tab

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

Select Filter to define a criterion and view the application details filtered by the specified criteria (Application, Category, Operating System, Hostname, IP Address, Client Device, Destination, Destination IP, FQDN, Next Hop, and Route). For more information about filter descriptions, see Monitor Edges.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

You can view the report of Destinations by Domain, FQDN, or IP address. Select the relevant type to view the corresponding information.

Hover the mouse on the graphs to view more details.

Choose the metrics from the drop-down to view the details related to the selected parameter.

The bottom panel displays the details of the selected metrics for the destinations by the selected type. You can select and view the details of a maximum of four destinations at a time. Select Columns to select the columns to be shown or hidden in the view.

To view drill-down reports with more details, select the links displayed in the metrics column.

The following image shows a detailed report of top destinations.
Figure 28. Top Destinations

Select the arrows displayed next to Top Applications or Top Devices to navigate to the corresponding tabs.

Monitor Business Priorities of an Edge

You can monitor the Business policy characteristics according to the priority and the associated network usage data for a specific Edge. To view the details of business priorities of the network traffic:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the Business Priority tab.
The Business Priority tab displays the details of the priorities of the network traffic for the selected Edge
Figure 29. Business Priority

.

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

Choose the metrics from the drop-down to view the details related to the selected parameter.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view more details.

The bottom panel displays the details of the selected metrics for the business priorities.

Monitor System Information of an Edge

Starting from the 6.1.0 release, the System tab is configured to display not only the detailed network usage by the system for a specific Edge, but also the system health statistics for an HA Standby Edge.

To access the System tab:
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
  2. Select the link to an Edge, and then select the System tab. The System Overview radio button is selected by default.
    Figure 30. System Overview

    Note: Starting from the 6.4.0 release, the Interface radio button is also available. For more information, see Network Interface Statistics Monitoring

    The screen displays graphical representation of usage details of the following over the period of selected time duration, along with the minimum, maximum, and average values.

    Table 12. Usage Details Graph
    Graph Description
    CPU Utilization Percentage of usage of CPU.
    CPU Core Temperature (C) The core temperature of the Edge CPU.
    Note: This graph is supported only for Edges running 5.1 and later versions.
    Memory Utilization Percentage of usage of memory.
    Flow Count Count of traffic flow.
    Over Capacity Drops Total number of packets dropped due to over capacity since the last sync interval. Occasional drops are expected, usually caused by a large burst of traffic. However, a consistent increase in drops usually indicates an Edge capacity issue.
    Tunnel Count Count of tunnel sessions.

    Hover the mouse on the graphs to view more details.

  3. By default, the System tab displays the information of an Active Edge. select the HA Standby button on the top right of the screen, to view the System Health statistics for an HA Edge. The Orchestrator includes special monitoring for a Site deployed with a High Availability topology which are outlined in the sections below.

High Availability Failover Bars

A site deployed in High Availability has additional functionality which is best seen when an HA failover occurs. When an HA failover occurs, the Orchestrator renders a vertical bar marking the point of the failover. This failover bar indicates when an HA site has triggered a failover and that there is now a different Edge in the role of Standby.
Figure 31. High Availability Failover Bars

  • If you hover the mouse on the bar, it indicates when the failover occurred. This failover bar represents a boundary marking how the system statistics apply to each respective HA Edge when they serve as the Active Edge.
  • If you select on the graph to the left side of the failover bar, the Orchestrator indicates which Edge was Active at the time of those statistics.
  • If you select on the graph to the right side of the failover bar, the Orchestrator indicates the Active Edge for the post-failover statistics. In this way, you can always know which Edge applies to which System values.
  • The HA Standby screen also provides live WAN Interface information which is especially helpful in Enhanced HA deployments where the Standby Edge is using unique WAN links.
  • Select on the information button, located at the top left of the screen, to get Standby Edge information at the same level as what a user sees on the Monitor > Edge > Overview tab, for the Active Edge.
  • To view the interface export details, select the Interface radio button, located at the top right of the screen.

High Availability specific information on the Overview tab

In the SD-WAN service of the Enterprise portal, when you navigate to the Monitor > Edge > Overview tab, a site deployed in High Availability has additional information specific to an HA deployment:
Figure 32. High Availability - Overview Tab
  • In the Link Status section, each connected WAN link includes a column Device Serial No (Device State) that includes the Edge serial number associated with that WAN link and the HA status of that Edge (Active or Standby). This information is valuable in Enhanced HA deployments where WAN links are uniquely associated to different HA Edges and allows you to see the status of WAN links on the Standby Edge just as you see them on the Active Edge.
  • The Overview tab adds an HA Interface Status section which includes the IP Address, Interface Status (Up or Down), and Interface (HA Type).

Network Interface Statistics Monitoring

Starting from the 6.4.0 release, you can view both real time and historical interface statistics data, on the Monitor > Edges > System > Interface screen of the Orchestrator. This feature allows you to monitor data at the interface level.

To access the network interface stats, in the Enterprise portal, navigate to Monitor > Edges > System. On the System tab, the System Overview radio button is selected by default. Select the Interface radio button to view the interface statistics (stats) information.
Figure 33. Interface Statistics

There are two modes available:
  • Non-Live Mode:
    • The non-live mode is activated by default.
    • It displays historical stats of an interface. Customers can view all the previously captured data.
    • This mode is supported on both Active and HA Standby Edges.
  • Live Mode:
    • To view real time interface stats, toggle the Live Mode button to ON.
    • This mode is supported only on Active Edges.

The table below the graphs displays the following information:

 
Option Description
Interface Displays the interface name. The interfaces are GE, Loopback and SFPs.
Status Displays the status of the interface.
Link Type Displays the type of the link. Example: LAN, WAN, HA.
Packet Drop Displays the packet drop details.
Segment Displays the segment name.
Interface Type Displays the interface type, and the corresponding details depending on the type.
  • Routed: IP Address, WAN Link, IP Version, Link Type.
  • Switched: Mode, VLANs.
The interface mappings are listed in the table below:
 
Interface Type Interface is used for
Switched LAN, HA
Loopback N/A
Routed WAN, none
Total Bytes Displays the total number of bytes.
Bytes Received Displays the number of bytes received.
Bytes Sent Displays the number of bytes sent.
Packets Received Displays the number of packets received.
Packets Sent Displays the number of packets sent.
Packet Errors Displays the packet errors.
Note: Select the check box against the interface to activate live mode for any selected interface. Customers can view up to four interfaces in the live mode.

Select Columns to hide or view the required columns. You can also select the columns using the drop-down menu present at the top left of the screen.

Select Refresh to view the latest data.

Monitoring High Availability Edges

The Orchestrator includes special monitoring for a site deployed with a High Availability topology which are outlined in this section.

Overview

Beginning in Release 5.2.0, the Orchestrator includes improved monitoring for sites deployed in a High Availability topology:
  • In the SD-WAN service of the Enterprise portal, the Monitor > Edges > Overview tab now includes two HA specific improvements:
    • WAN link information includes which HA Edge the link is associated with by serial number, which is especially important with Enhanced HA deployments.
    • HA Interface Status.
  • HA specific failover bars on the Monitor > Edges > System tab denoting where an HA Edge site failed over.
  • A new Monitor > Edges > HA Standby tab for Standby Edge monitoring information.

High Availability Specific Information

In the SD-WAN service of the Enterprise portal, when you navigate to the Monitor > Edges > Overview tab, a site deployed in High Availability has added information specific to an HA deployment:
Figure 34. High Availability Info
  • In the Link Status section, each connected WAN link includes a column Device Serial No (Device State) that includes the Edge serial number associated with that WAN link and the HA status of that Edge (Active or Standby). This information is valuable in Enhanced HA deployments where WAN links are uniquely associated to different HA Edges and allows you to see the status of WAN links on the Standby Edge just as you see them on the Active Edge.
  • The Overview tab adds an HA Interface Status section which includes the IP Address, Interface Status (Up or Down), and Interface (HA Type).

High Availability Failover Bars

In the SD-WAN service of the Enterprise portal, when you navigate to the Monitor > Edges > System tab, a site deployed in High Availability has additional functionality which is best seen when a HA failover has occurred. When an HA failover occurs, the Orchestrator renders a vertical bar marking the point of the failover.
Figure 35. High Availability Failover Details
Focusing on the CPU Utilization graph, when a user hovers their mouse on the bar, the bar indicates when the failover occurred. This failover bar represents a boundary marking how the System statistics apply to each respective HA Edge when they serve as the Active Edge.
Figure 36. High Availability Failover Rollover
If you click on the graph to the left (earlier) side of the failover bar, the Orchestrator will indicate which Edge was Active at the time of those statistics. In this example, the Active Edge prior to the failover was Edge serial # SYP5V43.
Figure 37. High Availability Failover Active Details
If you click on the graph to the right (later) side of the failover bar, the Orchestrator indicates that the Active Edge for the post-failover statistics is Edge serial # GYKJV43. In this way you can always know which Edge applies to which System values.
Figure 38. High Availability Post Failover Details

HA Standby Tab

You can now view the System Health statistics for the HA Edge when it is serving a standby role by clicking on the Monitor > Edges > HA Standby tab. This page also includes a failover bar indicating when an HA site has triggered a failover and there is now a different Edge in the role of Standby.
Figure 39. High Availability Standby
The HA Standby tab also provides live WAN Interface information which is especially helpful in Enhanced HA deployments where the Standby Edge is using unique WAN links. Click on the information button to get Standby Edge information at the same level as what a user sees on the Monitor > Edges > Overview tab for the Active Edge.
Figure 40. High Availability Standby Edge Details

Monitoring Network Services

You can view the details of configured network services for an enterprise.

To view the details of network services, log in to the SD-WAN service of the Enterprise portal, then select Monitor > Network Services .

You can view the configuration details of the following network services:

Monitoring Non SD-WAN Destinations through Gateway

View the configured Non SD-WAN Destinations along with the VPN Gateways, Site Subnets, and other configuration details.

To view the configured Non SD-WAN Destinations, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services to display Non SD-WAN Destinations via Gateway and review the details of configured Non SD-WAN Destinations.

To configure Non SD-WAN Destinations via Gateway, see Configuring Non SD-WAN Destinations via Gateway.

Figure 41. Displaying a Non SD-WAN Destination through a Gateway

 

Figure 42. Total Bytes Received

 

Figure 43. Total Bytes Received and Sent

 

Figure 44. Total Packets

 

Figure 45. Total Packets Received and Sent

 

Graphical Monitoring Options

Options
  • Total Bytes
  • Bytes Received and Sent
  • Total Packets
  • Total Packets Received and Sent
The page displays the following details for the configuration:
  • SD-WAN Destination Name
  • Public IP Address
  • SD-WAN Destination Status
  • Tunnel Status
  • Profiles and Edges Names using the Non SD-WAN Destination
  • Last contacted date and time

Sort the report by selecting the header of each column or use Filter to sort the details by specific Name, IP Address, or Status.

Select a Non SD-WAN Destination to view the following details:

Table 13. Option Details
Options Description
General Displays the Name, Type, IP address and tunnel settings of Primary and Secondary VPN Gateways, location details, and Site subnet details.
IKE/IPSec Configuration View a sample configuration template for Primary and Secondary VPN Gateways. You can copy the template and customize the settings as per your requirements.
Events View the events related to the selected Non SD-WAN Destination. Select the arrow displayed in the first column to view more details of an event.
Monitoring View the NSD tunnels display statistics in both table and chart format of the Bytes, Packets Sent and Received.

Monitoring Non SD-WAN Destinations through Edge

View the configured Non SD-WAN Destinations along with the VPN Gateways, Site Subnets, and other configuration details.

To view the configured Non SD-WAN Destinations, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services to display Non SD-WAN Destinations via Edge and review the details of configured Non SD-WAN Destinations.

To configure Non SD-WAN Destinations via Edge, see Configure Non SD-WAN Destinations via Edge.

Figure 46. Monitoring a Non SD-WAN Destination Through an Edge
The page displays the following details for the configuration:
  • SD-WAN Destination Name
  • Public IP Address
  • SD-WAN Destination Status
  • Tunnel Status
  • Profiles and Edges Names using the Non SD-WAN Destination
  • Last contacted date and time

Sort the report by selecting on the header of each column or use Filter to sort the details by specific Name, IP Address, or Status.

Selecting a Non SD-WAN Destination displays Name, Type, IP address and tunnel settings of Primary and Secondary VPN Gateways, location details, and Site subnet details under General.

Monitoring Cloud Security Service Sites

View the details of Cloud Security Services (CSS) configured for the Enterprise.

To view the configured Cloud Security Services, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Cloud Security Service Sites to display Cloud Security Service Sites and review the details of configured Cloud Security Service Sites.

To configure a new Cloud Security Service, see Configure a Cloud Security Service.

Figure 47. Monitoring Cloud Security Service Sites

The page displays the following details:

 
Column Name Description
Name CSS service provider name
Type CSS service provider type
Public IP CSS service provider IP address
Status CSS service provider overall status
Tunnel Status Status of tunnels created from the CSS provider from different Edges. Also, status of the external service as recorded by each Edge.
Deployment Status CSS service provider deployment status

You can also sort the report by selecting the header of each column. Use Filter to filter the details by specific Name, Type, IP address, or Status.

Select View under Deployment Status to view the deployment status of the CSS provider.

Note: Beginning with 6.1.0, L7 health check status and Related State Change Events details are not available on the Monitor > Cloud Security Service Sites page.
  • L7 health check status data only available through the API.
  • To view related tunnel state change events, navigate to Monitor > Events and filter by CSS tunnel events.

Monitoring Zscaler IaasSubscription

To view the Zscaler IaasSubscription, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Zscaler IaasSubscription . To configure a new Iaas subscription, see Configure API Credentials.

Figure 48. Viewing Zscaler IaasSubscriptions

The page displays the name of the service along with the deployment status.

Monitoring Edge Clusters

To view Edge Clusters, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Edge Clusters .

The Edge Clusters pages displays details of the already configured Edge Clusters.

Figure 49. Displaying Edge Clusters

The page displays the following details:

Table 14. Edge Cluster Option Descriptions
Option Description
Cluster Name Name of the Cluster as configured under Configure > Network Services > SD-WAN Destinations > Clusters and Hubs .
Edges Name of the Hub Edges in this Cluster.
CPU Utilization Percentage value of CPU utilization of the corresponding Edge.
Memory Utilization Percentage value of memory utilization in the corresponding Edge.
# Tunnels Number of tunnels associated with the Hub Edge in the Cluster.
Flow Count Number of flows associated with the Hub Edge in the Cluster.
# Handoff Queue Drops Number of packets dropped when they exceed the capacity of Hub Edge in the Cluster.

Monitoring Edge VNFs

To view Edge VNFs, in the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Edge VNFs .

The Edge VNFs pages displays details of the already configured Edge VNFs.

Figure 50. Monitoring Edge VNFs
The page displays the following details:
  • VNF Service Name
  • Number of Edges using the VNF
  • Edge VM Status

Select a VNF to view the corresponding VNF Edge deployment details.

Monitor Routing Details

You can view the routing services configured in the Enterprise.

In the SD-WAN service of the Enterprise portal, select Monitor > Routing . You can view the details of following routing services:

Monitor Multicast Groups

You can view the multicast groups configured for the Enterprise.

To view the multicast groups:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing . The Multicast Groups tab is displayed.

The Multicast Groups displays the details of already configured multicast group settings. To configure multicast groups, see Configure Multicast Settings for Profiles.
Figure 51. Monitor Multicast Groups Routing

The page displays the following details: multicast group address, segment that consist of the multicast group, Source IP address, RP address, number of Edges in the multicast group, created time period, and the last updated time period.

Select a multicast group to view the details of the Edges in the group, along with the upstream and downstream information. Select View PIM Neighbors to view the detail of the PIM neighbors connected to a specific Edge.

Monitor PIM Neighbors

You can view the details of Edges and the PIM neighbors available in the multicast groups.

To view the PIM neighbors:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > PIM Neighbors .

The PIM Neighbors tab displays the Edges available in the multicast groups.
Figure 52. Monitor PIM Neighbors

Select an Edge to view the PIM neighbors connected to the Edge. The PIM Neighbors section displays the following details: Segment of the multicast group, Edge name, Interface details, IP address of the neighbor, created and last updated date with time.

Monitor BGP Edge Neighbor State

You can view the details BGP neighbors connected to Edges.

To view the BGP neighbors connected to Edges:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BGP Edge Neighbor State .

The BGP Edge Neighbor State tab displays the Edges connected as BGP neighbors, when you have configured BGP settings on the Edges.
Figure 53. Monitor BGP Edge Neighbor State

The page displays the following details: Edge name, IPv4 and IPv6 address of the neighbor, State of the neighbor, Date and time of the state change, number of messages received and sent, number of Events, duration for which the BGP neighbor is Up/Down, and number of prefixes received.

Select an Edge name to view the corresponding event details. The Related State Change Events section displays the change in the state and other details for the selected Edge.
Note:
  • You can select the Filter Icon next to the Search option to filter the details by Edge Name, Neighbor IP, Neighbor IP Type, and Status.
  • BGP Edge Neighbor State (API: monitoring/getEnterpriseEdgeBgpPeerStatus): At the time of calling the API, if the Edge state is "OFFLINE", then the user interface displays the neighbor state as "Unavailable" with appropriate tooltip showing the current Edge state to the user.

Monitor BFD

You can view the BFD sessions on Edges and Gateways.

To view the BFD sessions:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BFD .

The BFD tab displays the details of already configured BFD sessions. To configure BFD, see Configure BFD for Profiles.
Figure 54. Monitor BFD

The page displays the following details for the Edges and Gateways: Name of the Edge or Gateway, Segment name, Peer IP address, Local IP address, State of the BFD session, Remote and Local timers, number of Events, and duration of the BFD session.

Select the link to an event number to view the break-up details of the events.

Monitor BGP Gateway Neighbor State

You can view the details of the BGP neighbors connected to Gateways.

To view the BGP neighbors connected to Gateways, follow the steps below.
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BGP Gateway Neighbor State .
  2. Select a Gateway name to view the corresponding event details. The Related State Change Events section displays the change in the state and other details for the selected Gateway.
The BGP Gateway Neighbor State tab displays the details of Gateways connected to BGP neighbors.
Figure 55. Monitor BGP Gateway Neighbor State
Note: BGP Gateway Neighbor State (API: monitoring/getEnterpriseBgpPeerStatus): At the time of calling the API, if the Gateway state is one out of "QUIESCED", "OUT_OF_SERVICE" or "OFFLINE", then the user interface displays the Neighbor state as "Unavailable" with appropriate tooltip showing the current Gateway state to the user.

BGP Received Routes and BGP Advertised Routes

For the 5.2 release, the BGP Gateway Neighbor State feature is enhanced with the BGP Received Routes and BGP Advertised Routes.

The BGP Received Routes displays routes (up to 16K) that have been received from the selected BGP neighbor at the Gateway, providing valuable insight into the routing information that is available in the network. This information can be used to troubleshoot connectivity issues in Customer deployments. The BGP Advertised Routes displays all routes that are being advertised to a selected BGP neighbor, providing visibility into the routes that are being used to reach destinations in the network (as shown in the image above the previous paragraphs).

See the table below for a detailed description of the fields in the BGP Received and Advertise Routes table.
Table 15. BGP Received Routes and BGP Advertise Routes
Status Code Displays the status code of the BGP route, as follows:
  • * valid
  • > best
  • = multipath
  • i-internal
Network Prefix/Mask Displays the prefix carried by the BGP route.
Next Hop Displays the Next-hop IP address that is used by BGP to reach the BGP prefix.
Metric Displays the MED (multi-exit discriminator) value associated with a route.
Local Preference Displays the local preference value assigned by a BGP router to a route.
Weight Displays the weight value assigned by the BGP router to a route.
AS Path Displays the list of AS Path numbers that are carried by the BGP route.
Community Displays the community attribute carried by the BGP route.
CSV Select the CSV button to export the data to an Excel sheet.

Gateway Route Table

The Gateway Route Table is a new feature for the 5.2 release that provides a comprehensive view of the routing information on an SD-WAN Gateway, displaying the routes (up to 16k) that are known to a Gateway, including both learned routes and statically configured routes.

The 5.2 release introduces the Gateway Route Table, which displays important information about each route, such as the Network Prefix and Mask Preference, Flags, and Metric, to name a few. The Gateway Route Table is updated in real-time, providing an up-to-date view of the routing information on a Gateway. It can be used to diagnose routing issues and to optimize routing policies.

To access the Gateway Route Table:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > Gateway Route Table , as shown in the image below.

Figure 56. Monitor Gateway Route Table
Note: ​The WebSocket connection will be terminated and will ask to reconnect when the Gateway WebSocket connections are opened in two tabs for the same session, or if idle time for five minutes.

See the table below for a description of the fields in the Gateway Route Table.

Table 16. Gateway Route Table Description
Field Description
Network Prefix The destination address of the route. It specifies the network to which the route applies.
Network Mask Displays the prefix carried by the BGP route.
Type Indicates the type of routes:
  • edge2edge: remote routes received from Edges.
  • datacenter: NSD BGP routes.
  • cloud: PG BGP routes.
Peer Name Indicates the name of the BGP peer that learned the route.
Reachable Indicates whether the route is reachable or not. If the route is reachable, it can be used for forwarding packets.
Metric A value that represents the cost of using a particular route. Lower values indicate a lower cost.
Preference A value that is used to influence the preferred path for outbound traffic. A lower value indicates a more preferred route.
Flags Flags are listed below:
  • B BGP
  • D DCE
  • L LAN SR
  • C Connected
  • O External
  • W WAN SR
  • S SecureEligible
  • s self
  • r recursive
  • H HA
  • m Management
  • n nonVelocloud
  • v ViaVeloCloud
  • A RouterAdvertisment
  • c CWS
  • a RAS
  • M MTGRE
  • I IPSec
Age Indicates the amount of time that has elapsed since the route was last updated.
C Tag Use to identify the customer that the route belongs to in a multi-tenant environment.
CSV Select the CSV button to export the data to an Excel sheet.

Monitor Alerts

Orchestrator allows to configure alerts that notify the Enterprise Administrators or other support users, whenever an event occurs.

Before you begin:

Ensure that you have configured the relevant alerts, along with the notification delay, in Service Settings > Alerts & Notifications See Configure Alerts and Notifications.

In the SD-WAN service of the Enterprise portal, select Monitor > Alerts .

The Alerts window displays the alerts received for different type of events:

Figure 57. Alerts

You can choose a specific time period from the drop-down menu, to view the alerts for the selected duration.

To view details of specific alerts, you can use the filter option. Select the Filter icon in the Search option to define the criteria.

Select the CSV option to download a report of the Alerts in CSV format. You can also choose to include the Operator alerts.

The Alerts window displays the following details:

Table 17. Alerts Window Options
Option Description
Incident The name of the event that triggered the alert.
Incident Category The category of the incident.
Affected Entity The entities (Edge/Link) affected by the incident.
Trigger Time Time at which the alert got triggered.
Delivery Attempted Time Time at which the operator or customer received the alert notification. The notification time depends on the delay time configured in the Alerts & Notifications page.
Status Status of the alert as Success, Failed, or No Recipients.
Alert Level Indicates whether the alert is received by the Operator or the Customer.

Monitoring Events

The Events page displays the events generated by the Orchestrator. These events help to determine the operational status of the system.

In the SD-WAN service of the Enterprise portal, select Monitor > Events .

Figure 58. Monitoring Events

Select a specific time period from the list, to view the events for the selected duration. Select on an event name to view more details.

To view details related to specific events, you can use the Filter option. Select Filter in the Search option to define the criteria.

Select the CSV option to download a report of the events in CSV format.

The Events window displays the following details:

 
Option Description
Event Name of the event
User Name of the user for events that involve the user.
Segment Name of the segment for segment related events.
Edge Name of the Edge for Edge related events.
Severity Severity of the event. The available options are: Alert, Critical, Debug, Emergency, Error, Info, Notice, and Warning.
Time Date and time of the event.
Message A brief description of the event.
   

Auto Rollback to the Last Known Good Configuration

If an Administrator changes a device configuration that causes the Edge to disconnect from the Orchestrator, the Administrator receives an Edge Down alert. Once the Edge detects that it cannot reach the Orchestrator, it will rollback to the last known configuration and generate an event on the OrchestratorBad Configuration.

The rollback time, which is the time necessary to detect a bad configuration and apply the previous known “good” configuration for a standalone Edge, is between 5-6 minutes. For HA Edges, the rollback time is between 10-12 minutes.
Note: This feature rolls back only Edge-level device settings. If the configuration is pushed from the Profile that causes multiple Edges to go offline from the Orchestrator, the Edges logs Bad Configuration events and rolls back to the last known good configuration individually.
Important: The Administrator is responsible for fixing the Profile accordingly. The Profile configuration will not roll back automatically.

Platform Firmware Upgrade Progress

To view the progress for the Platform Firmware upgrade on the Orchestrator UI, go to Monitor > Events . The Events page displays a list of events and shows the status of the Platform Firmware upgrade as In Progress or Installed.

Figure 59. Platform Firmware Upgrade Status
Note: On the Orchestrator UI, you can use the Filter feature to see only specific events, which can be especially helpful when upgrading multiple SD-WAN Edges.

Monitor Firewall Logs

The Firewall Logs page displays the details of firewall log originating from VeloCloud Edges. Previously you could only store and view firewall logs by forwarding them to a Syslog server. With Release 5.2.0, you can store firewall logs on the Orchestrator where you can view, sort, and search for them on the Orchestrator. By default, Edges cannot send Firewalls logs to Orchestrator. For an Edge to send the Firewall logs to Orchestrator, ensure you activate the Enable Firewall Logging to Orchestrator capability at the Customer level under Global Settings. By default, Orchestrator retains the Firewall logs until it reaches the maximum retention time of 7 days or a maximum log size of 15 GB per customer tenant on a rotation basis.

Firewall logs generate under the following conditions:
  • When creating a flow if the configuration accepts the flow.
  • Closing a flow.
  • Denying a new flow.
  • Updating an existing flow due to a firewall configuration change.
EFS Alerts generate when the flow traffic matches any URL categories, URL Reputation, Malicious IP, or any IDS/IPS suricata signatures configured on the EFS engine:
  • If a firewall rule has URL Categories filtering service activated, the URL Category engine looks up the categories of destination URLs and detects if that matches the Blocked or Monitor categories configured. If the URL matches the Blocked categories, the URL Categories engine generates an alert and blocks the Edge traffic. If the URL matches the Monitor categories, the engine allows the Edge traffic and captures the firewall logs.
  • If a firewall rule has URL Reputation filtering service activated, the URL Reputation engine looks up the reputation score of the URL and takes action (Allow/Block) based on the minimum reputation configured. If the reputation score of the URL is less than the minimum reputation configured, the Edge blocks the traffic and generates EFS alerts and logs, otherwise allows the traffic. The URL Reputation engine generates EFS logs for the allowed traffic based on the Capture Logs configuration.
  • If a firewall rule has Malicious IP filtering service activated, the Malicious IP engine checks if the destination IP is present in the Malicious IP Database (Network Query DB and Local DB). If the engine detects the destination IP in the Malicious IP database, then the engine generates EFS alerts and logs and takes Edge traffic decisions based on the configured action (Block/Monitor).
  • If a firewall rule has only Intrusion Detection System (IDS) activated, the Edges detect if the traffic flow is malicious or not based on certain signatures configured in the engine. If an attack is detected, the EFS engine generates an alert and sends the alert message to Orchestrator/Syslog Server
  • If a firewall rule has Intrusion Prevention System (IPS) activated, the Edges detect if the traffic flow is malicious or not based on certain signatures configured in the engine. If an attack is detected, the EFS engine generates an alert and blocks the traffic flow to the client only if the signature rule has action as Reject, matched by the malicious traffic. If the action in the signature rule is Alert, the engine allows the traffic without dropping any packets even if you configure IPS.

Viewing Edge Firewall Logs in Orchestrator

  1. In the SD-WAN service of the Enterprise portal, navigate to Monitor > Firewall Logs to display the Firewall Logs.
    Figure 60. Viewing Edge Firewall Logs

    With the Stateful Firewall and Enhanced Firewall Services (EFS) features activated, more information can be reported in the firewall logs. The following describes all the parameters reported in the firewall logs.

    Table 18. Field Descriptions
    Field Descriptions
    Time The timestamp of the traffic flow session on which the alert was triggered.
    Segment The name of the segment to which the session belongs.
    Edge The name of the Edge to which the session belongs.
    Action Any of the following actions triggered against the event/alert:
    • Allow
    • Close
    • Deny
    • Open
    • Update
    Interface The name of the interface on which the first packet of the session was received. In the case of overlay received packets, this field will contain VPN. For any other packets (received through underlay), this field will display the name of the interface in the Edge.
    Protocol The type of IP protocol used by the session. The possible values are TCP, UDP, GRE, ESP, and ICMP.
    Source IP The source IP address of the traffic flow session where the alert triggered.
    Source Port The source port number of the traffic flow session where the alert triggered.
    Destination IP The Destination IP address of the traffic flow session where the alert triggered.
    Destination Port The Destination port number of the traffic flow session where the alert triggered.
    Extension Headers The extension headers of the traffic flow packet.
    Rule The Rule to which the Signature belongs.
    Reason The reason for closure or denial of the session. This field is available for Close and Deny log messages.
    Bytes Sent The amount of data sent in bytes in the session. This field is available only for Close log messages.
    Bytes Received The amount of data received in bytes in the session. This field is available only for Close log messages.
    Duration The duration for which the session has been active. This field is available only for Close log messages.
    Application The Application name to which the session was classified by DPI Engine. This field is available only for Close log messages.
    Destination Domain The destination domain of the traffic flow session.
    Destination Name The name of the destination device of the traffic flow session.
    Session ID The Session ID of the traffic flow on which the alert was triggered.
    Signature ID A unique ID of the signature rule.
    Signature The Signature installed on the Edge.
    Attack Source The Source of the attack.
    Attack Target The Target of the attack.
    Severity The severity of the intrusion.
    Category The category type to which the intrusion belongs.
    IDS Alert Displays "Yes" if the alert notification is received from the IDS engine, or else displays "No".
    IPS Alert Displays "Yes" if the alert notification is received from the IPS engine, or else displays "No".
    URL The URL of the destination to which the traffic flow was directed.
    Engine Types Total count of Engine types that match the flow. Select the link in this column to view the Engine types that match the flow.
    URL Categories Total count of URL category types that matches the flow. Select the link in this column to view the URL categories that matches the flow.
    URL Category Filter Action The URL Category Engine-specific filtering action:
    • Block
    • Monitor
    URL Reputation The URL Reputation type defined in the policy rule.
    URL Reputation Action The URL Reputation Engine-specific filtering action:
    • Block
    • Monitor
    IP Categories Total count of threat types that match the flow. Select the link in this column to view the IP categories that match the flow.
    Malicious IP Action The Malicious IP Engine-specific filtering action:
    • Block
    • Monitor
    Note: Not all fields will be populated for all firewall logs. For example, Reason, Bytes Received/Sent and Duration are fields included in logs when sessions are closed. Signature ID, Signature, Attack Source, Attack Target, Severity, Category, IDS Alert, IPS Alert, URL, Engine Types, URL Categories, URL Category Filter Action, URL Reputation, URL Reputation Action, IP Categories, and Malicious IP Action are populated only for EFS alerts, not for firewall logs.
  2. You can use the Filter options and select a filter from the menu to query the Firewall logs.
  3. To view more detailed information about a specific Firewall log, select the Firewall log entry. Under the Firewall Log Details section, you can view the detailed Log Overview and Engine information for the selected log entry.
    Note: If the selected Firewall log entry is generated by Engines other than Enhanced Security Services, the Engine tab is not available.
    Figure 61. Displaying Edge Firewall Log Details
  4. In the Log Overview tab, select the link next to Engine to view detailed information about the specific Engine that matched the flow along with the Engine-specific filtering action.
    Figure 62. Displaying Edge Firewall Log Engine Details
  5. Create customized reports by exporting Edge Firewall Logs data in CSV format and selecting the CSV option.

Troubleshooting Firewall Logs

You can collect the firewall diagnostic logs by running the remote diagnostic tests on an Edge.

For Edges running Release 3.4.0 or later with Stateful Firewall activated, you can use the following remote diagnostic tests to obtain firewall diagnostic information:
  • Flush Firewall Sessions - Run this test on the required Edge by providing the Source and Destination IP addresses to flush the active firewalls session which needs to be reset. This is specifically for the Stateful Firewall. Running this test on an Edge not only flushes the firewall sessions, but actively sends a TCP RST for the TCP-based sessions.
  • List Active Firewall Sessions - Run this test to view the current state of the active firewall sessions (up to a maximum of 1000 sessions). You can filter by Source and Destination IP and Port as well as Segment to limit the number of sessions returned.
    Figure 63. Displaying Active Firewall Sessions
    Note: You cannot see denied sessions as they are not active sessions. To troubleshoot those sessions, you need to check the firewall logs.

 

You can use the following remote diagnostic tests to obtain the category and reputation score of a given URL, and threat category of a given IP:

  • Get IP Threat Reputation - Run this test on the required Edge by providing the IP address to view the threat category of the given IP.
    Figure 64. Obtaining the IP Threat Reputation
  • Get URL Category/Reputation - Run this test on the required Edge by providing the URL to view the category and reputation score of a given URL.
    Figure 65. Obtaining the URL Category and Reputation

Enterprise Reports

VeloCloud SD-WAN allows you to generate exportable secure SD-WAN Enterprise reports based on historical data for selected or all Edges across the Enterprise. The Enterprise reports include Network and Security data that are useful for the analysis of network.

For an Enterprise, you can generate a Quick Report, a Custom Report, and Generative AI (Gen AI) Traffic Reports.
  • Generate a Quick Report with default values, including all the data for the past one month starting from the time of request, and for all the Edges currently present in the Enterprise network.
  • Generate a Custom Report with customized settings by specifying the time range, required data, and Edges to be included.
  • Generate a Gen AI Traffic Report with information on Generative AI (Gen AI) applications traffic within the network of an Enterprise.

 

Note: By default, the Orchestrator stores up to 50 reports at a time for an Enterprise. An Operator can modify the number of reports using the system property, vco.reporting.maxReportsPerEnterprise.

A report has 60 days of age-out period and then deletes automatically. When a you exceed the maximum report value, the oldest report deletes first.

Accessing Enterprise Reports

In the SD-WAN service of the Enterprise portal, select Monitor > Reports .

In the Reports page, you can create a new Enterprise report, customize the report, and schedule report generation for a recurring period.

Figure 66. Displaying Available Enterprise Reports
For more information on creating different Enterprise reports, see the following topics:

Creating a Quick Enterprise Report

VeloCloud SD-WAN allows you to generate a consolidated report generated with default values, including all the data for the past month starting from the time of request, and for all the Edges currently present in the Enterprise network. Note that the Quick report does not include the Gen AI Application traffic related information.

To create a Quick Enterprise report, perform the following steps:

  1. In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
  2. On the Reports page, select New Report.
    Figure 67. Creating a Quick Enterprise Report
  3. On the New Report page, select Quick to generate a consolidated report with the settings displayed on the Quick Report pane. By default, this report includes data for the last 30 days, with breakdown details of the following:
    • Top 10 applications and the top 10 Edges using each application.
    • SD-WAN consumption based on traffic distribution with top 10 applications for each traffic type.
    • SD-WAN consumption based on transport distribution with top 10 applications for each transport type.
    • Top backup links based on traffic with top 5 applications for each of the backup links.
    • Top Non SD-WAN destinations directly from the VeloCloud Edges with the top 5 Edges for each destination.
    • Top Non SD-WAN destinations using VeloCloud Gateways with the top 5 Edges for each destination.
    • Top clients across Edges with top 5 applications for each client.
    • Security Summary of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
      • Total Edges - Total count of Edges in the Enterprise.
      • Reporting Edges - The count of Edges that have at least one EFS engine data.
      • Reporting Edges table - Displays the top 10 Edges, based on total actions across all EFS engines.

         

    • IDS/IPS displays the total count of IDS/IPS Threats Detected and Prevented for all Edges within the Enterprise, along with the Threat Severity and Action details.
    • URL Filtering displays the total count of URL Categories with Action count details and URL Reputation risks with Action count details for all Edges within the Enterprise, along with the Top 5 URL Filtering details.
    • Malicious IP displays the total count of Malicious IPs Blocked and Monitored.

       

    Note: The user can generate the EFS report only when EFS is activated at the customer level. For more information on how to activate EFS, see the topic Configure Customers.

     

  4. In the Submit Report, enter the Report Name, choose the Format to be either PDF or PDF and CSV, select the language of the Report, and choose whether to send the generated report as email and specify the email IDs.
  5. In the window Your Report is on its way that appears, select Done.

    Once you submit the report, the report details are displayed with the status in the Reports page. See Monitor Enterprise Reports.

    Figure 68. Displaying Reports

     

    You can generate a customized report with specific values including Gen AI Traffic data by selecting Custom. For more information, see Create a Custom Enterprise Report.

Create a Custom Enterprise Report

You can create an Enterprise report with customized settings by specifying the time range, required data, and Edges. Custom report generation allows you to select and include Gen AI Application traffic.

  1. In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
  2. On the Reports page, select New Report.
    Figure 69. Creating a Custom Enterprise Report
  3. In the Select Report page, select Custom.
Note: Gen AI Traffic report supports a time range of up to 31 days. You can select any 31 days within the last one year. If you include Gen AI Traffic report as well for Custom Reports, then make sure the time range selected for the report is not more than 31 days, or else the report will be rejected.

Next Steps

Follow the instructions on the screen to select the configuration settings for the custom report. See Select Time Range.

Selecting the Time Range

You can customize a report for a selected time period. In addition, you can schedule a report to run on recurring basis.

  1. When you choose to customize the Enterprise report and select Custom in Create a Custom Enterprise Report, the Select Time Range window appears.
    Figure 70. Selecting the Time Range

     

  2. The Create a one-time Report option is selected by default. You can either enter the start and end date for which the report should be generated, or choose the time range from the list.
  3. To configure a scheduled report, choose Schedule a recurring report and select the schedule period and time from the list.
    Figure 71. Schedule a Recurring Report

     

  4. Select Next.

Selecting Data

You can select the data to be included in a custom report.

  1. When you select Next after selecting the time range in Select Time Range, the Select Data window appears.
    Figure 72. Selecting Data for the Report
  2. Select the check boxes of the data items that you want to include in the report from the following available options. By default, the report selects all of the data items.
    • Edges by Application – Breakdown details of top 10 applications and the top 10 Edges using each application.
    • Applications by Traffic – Breakdown details of SD-WAN consumption based on traffic distribution with top 10 applications for each traffic type.
    • Applications by Transport – Breakdown details of SD-WAN consumption based on transport distribution with top 10 applications for each transport type.
    • Backup Link Usage – List of top backup links based on traffic with top 5 applications for each backup link.
    • Top Non SD-WAN Destinations (Direct) – List of top Non SD-WAN destinations directly from the VeloCloud Edges with top 5 Edges for each destination.
    • Top Non SD-WAN Destinations (via Gateway ) – List of top Non SD-WAN destinations via VeloCloud Gateways with top 5 Edges for each destination.
    • Top Talkers – List of top clients across Edges with top 5 applications for each client.
    • Security Summary – Comprises of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
      • Total Edges – Total count of Edges in the Enterprise.
      • Reporting Edges – The count of Edges that have at least one EFS engine data.
      • Reporting Edges table – Displays the top 10 Edges, based on total actions across all EFS engines.
    • IDS/IPS – Total count of IDS/IPS Threats Detected and Prevented for selected Edges within the Enterprise, along with the Threat Severity and Action details.
    • URL Filtering – Total count of URL Categories with Action count details and URL Reputation risks with Action count details for selected Edges within the Enterprise, along with the Top 5 URL Filtering details.
    • Malicious IP – Total count of Malicious IPs Blocked and Monitored.
    Note: The user can generate the EFS report only when EFS is activated at the customer level. For more information on how to activate EFS, see the topic Configure Customers.
  3. Select Next.

Select Edges

You can select to generate an Enterprise report including all the Edges or choose to include specific Edges.

  1. When you select Next after selecting the data to be included in the report in Select Data, the Select Edges window appears.
    Figure 73. Selecting Edges to Include in the Report

     

  2. By default, the report selects Include all edges and generates the report including data from all the Edges in the Enterprise.
  3. You can choose Include specific edges to generate the report with data from specific Edges. Select the appropriate condition from the list to include the corresponding Edges. Select + to include more conditions. After specifying the conditions, select Apply and the details of Edges selected according to the conditions display to the right.
  4. Select Next.

Submit Report

After configuring all the settings, you can generate the Enterprise report.

  1. When you select Quick to create a Quick Report in Create a Quick Enterprise Report, or select Next after selecting the Edges in Select Edges, the Submit Report window appears.
    Figure 74. Submitting the Report

     

  2. Configure the following:
    • Report Name - Enter a name for the report.
    • Format - Choose the format of the report from the list, as PDF or PDF and CSV.
    • Report Language - Choose the language in which you want to generate the report. Currently the report supports the following languages:
      • English
      • Simplified Chinese
      • Czech
      • Italian
      • French
      • German
    • Send email to list - If you want to send the generated report through Email, select the checkbox and enter the Email addresses separated by a comma. The Email attaches the report and sends to the recipients.
  3. In the Report Summary, verify the settings and select Submit.
  4. In the window Your Report is on its way, select Done.

Your report generate and displays in the Reports page. See Monitor Enterprise Reports.

Figure 75. Displaying Reports

Creating a Generative AI Traffic Report for Enterprise

VeloCloud SD-WAN allows you to create a Generative AI (Gen AI) specific report for all Gen AI applications contributing to network traffic within an Enterprise.
  1. In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
  2. Select New Report.
    Figure 76. Creating a New Generative AI Traffic Report
  3. On the Select Report page, select Gen AI to generate a Gen AI Traffic report with the default settings displayed in the Gen AI Traffic Report pane. By default, this report includes data for the last 30 days, with breakdown details of the following:
    • Top Ten Gen AI Applications within the network of an Enterprise
    • Top Ten Edges by Gen AI Applications
    • Top Talkers across an entire Enterprise
    • Top Ten Gen AI Applications presence across Edges
    • Gen AI Applications Growth across Edges over time
  4. In the Submit Report window that appears, enter the Report Name, choose the Format to be either PDF or PDF and CSV, select the language of the Report, and choose if you want to send the generated report as email and specify the email IDs. See Submit Report.

Once you submit the report, the report details are displayed with the status in the Reports page, where you can download and view the report data.

Figure 77. Displaying the Reports

 

To download a report, select Completed next to the report. The report downloads as a ZIP file, which consists of the PDF format of the report.

Note: The Gen AI report only supports the PDF format and does not support exporting to CSV.
The Gen AI Traffic report file consists of the following information:
  • Top Ten Gen AI Applications - Shows the top ten Gen AI applications usage by traffic volume and percentage measure compared to the overall Enterprise traffic volume.

  • Top Ten Edges By Applications – Shows the top ten contributing Edges for each of the Gen AI applications along with the ratio of Download (RX) to Upload (TX) traffic volume. Download-to-Upload Ratio (DUR) is an indicator that helps identify traffic patterns for Gen AI applications. A DUR value more than 1 indicates that the download is more than the upload, a DUR value less than 1 indicates that the upload is more than the download, and a DUR value equal to 1 means symmetrical.

    Figure 78. Displaying the GenAI Traffic Report
  • Top Talkers Across An Entire Enterprise – Shows the top five client devices that have contributed traffic for each of the top ten Gen AI applications, along with details like the Edge site the client belongs to and the DUR associated with the client.
    Note: The top talkers are based on the union of top sites for each of the top ten Gen AI applications.
    Figure 79. Displaying the Top Ten Talkers
  • Top Ten Gen AI Applications Presence Across Edges - Shows for each of the top ten Gen AI applications, what percentage of Edges across your entire Enterprise contributes to the traffic.
    Figure 80. Displaying the Top Ten Applications Presence Across Edges
  • Gen AI Applications Growth Across Edges Over Time – Shows the time growth across Edges for each of the top ten Gen AI applications. Regardless of the time range you have selected for your report, the time growth for Gen AI applications is shown for one year month by month.
    Figure 81. Displaying GenAI Applications Growth Across Edges over Time

Monitor Enterprise Reports

Generate a secure SD-WAN Enterprise report with Network and Security data, by using the default values, or a custom report with specified values, or a Gen AI specific report for Gen AI applications traffic. You can also schedule a custom report to run on a recurring basis. All the reports display in the Reports page, where you can download and view the report data. You can also view the scheduled reports on this page.

In the SD-WAN service of the Enterprise portal, select Monitor > Reports and display all of the generated reports.

Figure 82. Displaying the Available Reports List

 

To download a report, select the Completed link of the report. The report downloads as a ZIP file, which consists of the PDF format of the report. If you have configured to export the report to CSV format, the ZIP file consists of both the PDF and CSV files.
Note: The Gen AI report only supports the PDF format.
For a custom report, the data in the report may vary according to the customized settings. The report files consist of the following items:
  • PDF
    • Graphical representation of distribution of Enterprise Traffic, Transport, and top Applications.
    • Top 10 Applications by Traffic and Transport types
    • Top 10 Edges by Applications
    • Top Backup links with top Applications
    • Top Talkers with top Applications
    • Gen AI Traffic Report including the following details:
      • Top Ten Gen AI Applications within the network of an Enterprise
      • Top Ten Edges by Gen AI Applications
      • Top Talkers across an entire Enterprise
      • Top Ten Gen AI Applications presence across Edges
      • Gen AI Applications Growth across Edges over time
    • Top Edges in top Non SD-WAN Destinations from Edge
    • Top Sites in top Non SD-WAN Destinations via Gateway
    • Overall Impact Summary of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
      • Total Edges
      • Reporting Edges
      • Top Ten Reporting Edges and Actions
      • IDS/IPS Summary
      • URL Category Summary
      • URL Reputation Summary
      • Malicious IP Summary
    • IDS/IPS
      • Top Ten Impacted Edges by Total Count
      • Top Ten Impacted Edges by Critical and High Count
      • Top Threats Detected
    • URL Filtering
      • Top Ten Edges By Category Actions
      • Top Ten Edges By Category Blocked Actions
      • Top Ten URL Categories By Action
      • Top Ten Edges By Reputation Actions
    • Malicious IP
      • Top Ten Malicious Edges By Actions
      • Top Ten Malicious Edges By IP
      • Top Ten Malicious Destinations By Country
      • Top Ten Malicious Categories
Note: The Enterprise report PDF includes the Security Summary, IDS/IPS, URL Filtering, and Malicious IP related data only when activating EFS at the customer level. For more information about monitoring Security Services, see the topic Monitor Security Overview.
Figure 83. Displaying Traffic Distribution Information
The Enterprise Traffic distribution lists the following data:
  • Cloud Via Gateway - Internet bound traffic that goes through the Gateway.
  • Internet Via Direct Breakout - Internet bound traffic that breaks out directly from branch and does not go through VeloCloud Tunnels.
  • Internet Via Branch CSS - Traffic bound to Cloud Security Services directly from VeloCloud branch.
  • Branch To Branch - Traffic going through Gateway /Hub / dynamic SD-WAN Tunnels, directly between two VeloCloud branches.
  • Branch Routed - Traffic bound to local connected / static / routed (underlay) destinations.
  • Branch To NVS Via Gateway - Traffic bound from branch to Non SD-WAN Destination through Gateway.
  • Branch To NVS Direct - Traffic bound from branch to Non SD-WAN Destination over direct IPsec tunnels.
  • Branch To Backhaul - Internet bound traffic backhauled from branch to VeloCloud Hubs.
For CSV, the following CVS files download:
  • Top Sites by Applications - Lists all the applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
  • Traffic Type - Lists all the flow paths, applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
  • Transport Type - Lists all the Transport types, applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
  • Backup Link Usage - Lists the names of all the Backup links, total bytes and applications used by the links, Bytes transmitted, and Bytes received.
  • Non SD-WAN Destinations from Edge - Lists all the Non SD-WAN Destinations connected directly from the Edges, name and description of the connected Edges, Bytes transmitted, and Bytes received.
  • Non SD-WAN Destinations via Gateway - Lists all the Non SD-WAN Destinations connected through Gateways, name of the Gateway, Bytes transmitted, and Bytes received. This report also lists the name and description of the Edges connected to each destination along with the Bytes transmitted, and Bytes received.
  • Top Talkers - Lists the names of clients, source IP address, source MAC address, name and description of the Edges connected to each client, total bytes used by the client, applications, Bytes transmitted, and Bytes received.
  • Gen AI Traffic Report - A comprehensive summary of traffic usage based on Gen AI applications detected in the network. Details include Top 10 Applications, Top 10 Edges per top application, Top Talkers per top edge per top application, footprint of top application across all edges and growth of footprint of top application across all edges over the past year.
  • Security Summary - Lists all the Reporting Edges and total action count by category (IDPS, URL Category, URL Reputation, and Malicious IP).
  • IDPS Edge Stats - Lists all the impacted Edges and total count by severity (Critical, High, Medium, Low, and Suspicious).
  • IDPS Signature Stats - Lists all the signature names along with the severity and total count.
  • URL Categories - Lists all the impacted Edges and total count by Category Actions (Blocked, Allowed, and Monitored).
  • URL Reputation Stats - Lists all the impacted Edges and total count by Reputation Actions (Blocked, Allowed, and Monitored).
  • Malicious IP - Lists all the impacted Edges and total count by Malicious Actions (Blocked and Monitored).
Note: For more information about monitoring Security Services, see the topic Monitor Security Overview.
Figure 84. Displaying CSV Report for Top Sites by Applications

To delete a report, select the report and select Delete.

To view scheduled reports, select Recurring Reports.

Figure 85. Displaying Recurring Reports

The Recurring Reports window displays the details of reports and the recurrence schedule.

To remove a report from the scheduled list, select the report and select Delete.

..