Starting from version 20.4.1, vManage introduced new "Network Wide Path Insight" page, the user doc link can be found at:
In this thread, I'll walk you through how to utilize this new tool step by step, and how it can help with your network operation.
Step 0: Prerequisite
a) Network Wide Path Insight only works with cEdge devices for now, including Catalyst 8000 Series Routers, ISR Series Routers and ASR1000 Series Routers. Virtual router Catalyst 8000v model is also supported.
b) Software version must be: 20.4.1 or later for vManage, 17.4.1 or later for cEdge.
c) You must enable Data Stream in vManage [Administration] -> [Settings] -> [Data Stream] section as below:
Step 1: Specify observation site and VPN, input application/IP/port/DSCP filters.
a) Go to vManage [Monitor] -> [Network Wide Path Insight], first fill in the site id of the SD-WAN site you want to inspect, and then you have to choose the VPN you want to inspect, choose a VPN from the drop down list listing available VPNs.
b) Optional: similar to all other logging/debugging/troubleshooting, specifying additional filters like IP address, Application, Protocol(TCP or UDP) can help you minimize noise output.
c) Once you're done, hit the "Start" button. A trace operation will be created on all the cEdge devices located in that site you choose, and start to collect information we need.
Step 2: View live flow status
a) Assume you have live traffic in your network and exactly matching the filters you specified in Step1, just wait 10 to 20 seconds and you'll be able to see multiple flow entries in Flow Path and Metric tab as below:
b) For each flow, we can see flow tuple (ip/port combination), application, DSCP, network path, drop rate, latency, jitter and statistics information for both upstream and downstream directions of the flow. Here in most typical cases, upstream direction is the client to server direction while downstream direction is the server to client direction. (Conditions may change when you try to observe it from different point, but you can also check the destination port of the flow, normally it would be 53(DNS)/80(HTTP)/443(HTTPS) listening by the servers so you get to know which direction is client to server and vice versa.)
c) Use the search box to the up and left of this section to find your interested flow and expand the flow record to see detail information.
Step 3: Deep dive into a flow
a) Now assume you have chosen one single flow from step2, and you want to understand how this flow was processed by your SD-WAN network, keep the flow record expanded in Flow Path and Metric tab, then first you can go to geography view tab to observe where the flow has been traveled to.
b) Secondly, you can go to Feature View (Upstream or Downstream) tab to check which features processed the flow and how they processed it.
c) Thirdly, for one specific feature, take "SDWAN QoS Outpt" feature for example, you can check the policy configuration of SD-WAN QoS on that device by clicking on the feature detail information, then a pop up windows will appear to tell you what's the present policy configuration of SD-WAN QoS.
Step 4: Stop the trace.
a) Once you've done with your current troubleshooting/inspection, you can stop the trace on devices, and all information collected from the trace will still be available in vManage as long as storage space is sufficient. (Will automatically wipe out oldest when storage space running low.)
b) "Stop" button in policy section can stop current displaying trace session.
c) If you want to see other traces, go to Trace History tab, click on "detail" link to the right most of the table to switch to the trace you want to see.
Please understood that it's impossible to describe everything in detail in such a short conversation, in case you have doubts, please take this thread as a Q&A thread and feel free to leave your question in reply, we'll try our best to answer.
Thanks.
