Monitor Azure Virtual WAN Network Performance

How to Monitor Azure Virtual WAN Network Performance

This guide provides step-by-step instructions and best practices for monitoring the performance of your Azure Virtual WAN deployment. Effective monitoring is crucial for ensuring optimal network connectivity, identifying potential bottlenecks, and troubleshooting issues proactively.

Pro Tip: Regularly review your monitoring data to establish baseline performance metrics. This will make it easier to detect anomalies and deviations from the norm.

Key Performance Indicators (KPIs) to Monitor

Bandwidth Utilization: Track the amount of data being transferred over your Virtual WAN links (e.g., VPN, ExpressRoute).
Latency: Measure the time it takes for packets to travel between points in your network.
Packet Loss: Monitor the percentage of data packets that fail to reach their destination.
Jitter: Observe the variation in packet delay. High jitter can impact real-time applications like voice and video.
Connection Status: Ensure VPN tunnels and ExpressRoute circuits are consistently connected and stable.
Throughput: Measure the actual data transfer rate achieved.
CPU/Memory Usage: Monitor the resource utilization of your Virtual WAN components (e.g., VPN devices, routers).

Azure Virtual WAN Monitoring Dashboard Example

Leveraging Azure Monitor for Virtual WAN

Azure Monitor is your primary tool for collecting, analyzing, and acting on telemetry from your Azure Virtual WAN resources.

Step 1: Enable Diagnostics Settings

To collect performance metrics, you need to configure diagnostic settings for your Virtual WAN hub.

Navigate to your Virtual WAN resource in the Azure portal.
Under the "Monitoring" section, select Diagnostics settings.
Click Add diagnostic setting.
Select the desired metrics and log categories (e.g., AzureDiagnostics, VpnConnectionDiagnostics).
Choose a destination for your logs and metrics:
- Log Analytics workspace: For interactive querying and analysis.
- Storage account: For long-term archival.
- Event Hubs: For integration with third-party SIEM or monitoring tools.
Click Save.

Step 2: Explore Metrics in Azure Monitor

Azure Monitor provides a rich set of metrics for Virtual WAN components. You can view these directly or pin them to dashboards.

Go to Azure Monitor in the Azure portal.
Select Metrics.
In the "Resource type" dropdown, select Virtual WAN or specific components like Virtual Hub or VPN Gateway.
Choose the desired metric (e.g., BgpPeeringStatus, TunnelStatus, InboundTraffic, OutboundTraffic).
Apply filters and splitting options to analyze data by region, connection, or device.

Common metrics for Virtual WAN include:

VPN Gateway: TunnelCount, BytesInPerSecond, BytesOutPerSecond.
ExpressRoute Gateway: Similar traffic metrics.
Virtual Hub: Network traffic statistics, routing information.

Step 3: Utilize Log Analytics for Deeper Insights

Log Analytics allows you to query your diagnostic logs using Kusto Query Language (KQL) for advanced analysis and troubleshooting.

Navigate to your Log Analytics workspace.
Select Logs.
Query tables like AzureDiagnostics, AzureNetworkAnalytics, or specific tables related to VPN or ExpressRoute.

Example KQL query to check VPN tunnel status over the last hour:

AzureDiagnostics
    | where TimeGenerated > ago(1h)
    | where ResourceProvider == "MICROSOFT.NETWORK" and Category == "VpnConnectionDiagnostics"
    | where Properties.StatusCode == "Connected" or Properties.StatusCode == "Disconnected"
    | project TimeGenerated, Resource, Properties.TunnelName, Properties.StatusCode, Properties.LatencyInMs
    | order by TimeGenerated desc

Step 4: Set Up Alerts

Proactive alerting is essential for immediate notification of performance degradation or connectivity issues.

Go to Azure Monitor.
Select Alerts.
Click Create > Alert rule.
Scope: Select your Virtual WAN or relevant resource.
Condition: Choose the metric or log search that triggers the alert (e.g., TunnelStatus is not Connected, PacketLossRate exceeds a threshold).
Actions: Configure action groups to send notifications (email, SMS, webhook) or trigger automated remediation tasks.
Details: Define the alert name, severity, and description.

Additional Monitoring Tools and Techniques

Network Watcher: Utilize features like Connection Troubleshoot, IP Flow Verify, and Packet Capture for in-depth network diagnostics.
Azure Network Analytics: For flow logs and traffic analytics to understand traffic patterns and identify security threats.
Third-Party Tools: Integrate with your existing Network Performance Monitoring (NPM) solutions for consolidated views.

Best Practice: Automate the creation of monitoring dashboards and alerts during the deployment phase of your Virtual WAN to ensure immediate visibility.

Troubleshooting Common Performance Issues

High Latency: Check the physical distance and network hops between endpoints. Optimize routing and consider Azure regions closer to your users.
Low Throughput: Investigate bandwidth limitations on VPN/ExpressRoute connections. Ensure network devices are not saturated.
Packet Loss: Examine the health of underlying network infrastructure, including your on-premises network and peering locations.
VPN Tunnel Instability: Review VPN gateway logs for rekeying issues, IPsec negotiation failures, or underlying network connectivity problems.

By implementing a robust monitoring strategy with Azure Monitor and Network Watcher, you can ensure the reliability, performance, and security of your Azure Virtual WAN network.