Documentation forSolarWinds Observability

Network monitoring

Network monitoring observes the performance and availability of the network devices that are crucial for your network. Performance metrics are gathered from the different network devices in your environment. You can pivot easily between metrics, traces, and custom data to quickly solve performance problems.

For network devices, SolarWinds Observability collects metrics, such as CPU or memory usage, and additional data, such as interface details. If you collect NetFlow on your devices, the data can also be displayed in SolarWinds Observability.

The Network Collector gathers and sends the data to SolarWinds Observability.

Monitor a network device in SolarWinds Observability

  1. Specify devices to monitor. This might require installing and configuring a Network Collector or just adding network devices in the Network Collector Web Console. See Add a network device.

  2. To get an overview about network devices already monitored in SolarWinds Observability, go to the Network area overview.

    • To view the overall health of monitored environment, check out the Overview.

      Click Overall Health to go to the list of monitored nodes in the Entity Explorer.

    • Check out Diagnostics for devices with health issues.

    • Check out the most frequently used protocols, endpoints or conversations in the Flows tab.

      This requires that you have flow export set up.

  3. To get details about a specific device, find the device in the Entity Explorer and go to the Details view for the network device. You will see details on monitored metrics and elements on the device in individual tabs, such as Interfaces, Volumes, Flows, Sensors,...

  4. To analyze data, check out the results of the traces and monitoring in the Metrics Explorer. See Analyze data.

Monitor critical network paths (NetPath)

Review a graphical node-by-node display of critical network paths. With NetPath, you can see how your network is delivering applications to your users, whether paths to key applications are up or down. NetPath also helps you identify where a network problem is and who is responsible for it.

  1. Deploy a probe on a computer. The probe discovers and tests the network path the traffic takes to any network endpoint. See Add and manage NetPath endpoints.

  2. Review the NetPath tab. Click the Network area overview > Diagnostics > NetPath. The tab lists all endpoints defined in your organization.

    • Click an endpoint row to display the Inspector Panel for the endpoint.

    • Click the endpoint name to display Endpoint Details, Probe Details, and the Path for the endpoint in the tab.

      Grey nodes without a description are usually timed-out by a firewall.

    • Click a probe in the Probes Details widget to display the corresponding path below.

    • The Graph widget displays the path from the probe to the endpoint. Click a node or connection in the Graph widget to display details about the node/connection in the Inspector Panel.

    • To zoom in/out in the Graph widget, click into the widget and use the mouse wheel.

    • Scroll down in the Graph widget to see the timeline. The timeline represents each NetPath data poll. Click an item to display data for the selected moment. Green items mean that reaching the path was successful, red items mean that the path failed or has reached the critical status.

    • To change the timeline, move the slider below the timeline.

Monitored elements and data relevant for network devices

The following components and related data may be monitored on the network device. Data displayed in the SolarWinds Observability depend on what data a specific device provides.

Interfaces

When a you add a network device in the Network Collector for monitoring with SolarWinds Observability, you can specify interfaces you want to monitor. See Add single nodes.

To see a list of monitored interfaces on a network device, find the device in the Entity Explorer and click the Interfaces tab.

The Interfaces tab displays a donut chart showing the number of interfaces monitored on the selected device, grouped by their status. The time series widget next to it displays historical interface statuses.

Click an interface to go to the interface details view. See Interface metrics and Network widgets for details.

To see a list of all monitored interfaces, click Explore, and then select Network Interfaces in the drop-down list at the top of the page.

Volumes

When a network device's volume elements are detected and monitored, they are listed in the Volumes tab, with an overview of their status, size, percentage of used space, and the volume type.

To monitor volumes on a device, add the device in Network Collector Web Console, and make sure the volume is selected for monitoring. See Monitor volumes.

Click a volume to display volume data. See Volume metrics and Network widgets for details.

Sensors

If hardware health sensors are detected on a monitored network device, you can see the list of all monitored sensors on the device in the Entity Explorer, in the Sensors tab for the network device details view.

Use the search and filter options to find the sensor you are interested in and click the sensor. You will see an overview of data for the sensor and an Alerts tab with a list of unresolved alerts relevant for the selected device.

Click a sensor to display sensor data. See Sensor metrics and Network widgets for details.

For metrics, the information includes the current value of the selected metric and a graph showing the metric values recorded over the selected time period.

Flows

If you collect NetFlow on your devices, flow details are available in the Network devices area overview or in the Flows tab for a monitored element's details view. Flow details are collected based on the Orion.Netflow.Flows.Bytes metric. See Flow metrics.

Filter flow data to display only communication inside the organization, outside of the organization or all flow data

Click the filter icon on a Flow tab, and select the Traffic Direction you want to apply. You can select multiple filter options at the same time.

  • No filter selected: All flow data is displayed in the charts.

  • East/West: Only flows from within the organization are displayed.

  • North/South: Only flows regarding communication outside of the organization are displayed.

  • Not classified: IPv6 and IPv4 multicast traffic.

How do the filters work?

The Network Collector marks IP addresses within your organization as private. If both addresses in a communication are marked as private, the flow data are displayed when you apply the East/West filter. If one of the IP addresses is not marked as private, the flow data are displayed when you apply the North/South filter.

The filters do not support IPv6 addresses and multicast traffic. While you can see these on the All traffic view, IPv6 addresses and multicast traffic are not displayed on the filtered views.

Filter flow data based on time

Use time filters in the upper right part of the screen. To use a custom time range, scroll down and select Custom at the bottom of the drop-down list.

Filter flow data based on endpoints, protocols, applications, advanced applications, countries, or domains

To quickly display flow data for a specific endpoint, protocol, application, advanced application, country, or domain, click the filter icon on a Flow tab, and select the filter you want to apply.

You can apply the filters to all flow data in the Network area overview, to flow data from a specific device in the Network Device Details view, or to flow data from a specific interface in the Interface Details view.

Find network devices exporting flows (Entity Explorer)

To quickly filter out network devices that export flow data in the Entity Explorer, use options in the Last Received Flows filter.

Find devices exporting the most flow data

To determine devices that export the most flow data, click Network in the left-hand navigation, activate the Flows tab and scroll down to Top Flow Sources.

To see the interface exporting the most flow data on a device:

  1. In the Network area overview > Flows tab, go to Top Flow Sources table.

  2. Click a device name in the Name column in the table. This opens the Flows tab on the device details view.

  3. Now on the Flows tab for the device, scroll down to the Top Flow Sources table. The table shows a list of top flow-exporting interfaces on the device.

Filter by domain

Select a domain to filter the data. If there is no data from the selected domain, no data is displayed, for example if all traffic is from private IP addresses in an internal network.

See Add a network device.

Ports

To monitor ports add a device that supports ports for monitoring, such as a switch.

This requires a fresh installation Network Collector 2022.4 or later, not supported on Network Collectors upgraded to 2022.4 or later.

For monitored switches, you will see a Ports tab in the Entity details view with information about used/free ports, ports usage over time, and details, such as port status, IP, vendor, or MAC address. See Network widgets.

VLANS

If you add a device with VLANs, the node details page includes the VLANS tab, listing all VLANs on the device.

Expand a VLAN to see more details, such as the VLAN ID, state, tag, and the list of interfaces that build the VLAN.

Wireless Controllers and Thin Access Points

If you add a wireless controller node for monitoring, the node details page includes the Access Points tab, listing thin access points available on the wireless controller. You can switch the display to the Grid View or display access points in a Topology View.

Click an access point to display a list of connected clients in an Inspector Panel.

Get an overview of monitored controllers, access points, or clients

  1. Click Network in the left-hand navigation, and then click the Wireless Controllers tile.

  2. Select the item you want to list in the Type drop-down list.

    When you filter by controllers, click into a controller row to display the Inspector Panel with more details about the controller.

See Wireless Controller and Thin Access Point metrics.

Routing

For monitored routers (devices of the Router type), you can see the Routing tab in the Entity Details view.

Routing information includes top flapping routes, routing neighbors, default route changes, or the routing table.

Firewalls (VPN tabs)

When you observe a network device that is a firewall, the device details view includes two extra tabs with relevant details:

  • Site-to-Site VPN: lists Site-to-Site tunnels on the device.

  • Remote Access VPN: lists remote access tunnels on the device.

Available details differ based on the firewall vendor. Supported devices: Palo Alto firewalls and Cisco ASA firewalls.

SD-WAN

When you add a network device that is an edge network device (its device type is SD-WAN), the device details view includes an SD-WAN tab with health details and more information on WAN utilization, WAN uplinks, tunnels, and relevant interfaces.

On Networks Overview, you can see an additional SD-WAN tile that filters out monitored SD-WAN widgets. Hover over a SD-WAN device name to display more details in the Inspector Panel.

Tunnel Performance

Starting with Network Collector 2023.4, SolarWinds Observability monitors SD-WAN tunnel performance. In the Entity Explorer for monitored SD-WAN devices, an extra tab Tunnel Performance is displayed. Provided details include jitter, latency, or packet loss by tunnel.

Collecting and displaying tunnel performance data requires Network Collector 2023.4.

Load Balancers

When you observe a network device that is an F5 load balancer, you can monitor the status and availability of servers or resources in the pool. Load balancer details are available in the Network area overview.

This feature requires the Network and Infrastructure subscription. See Network and Infrastructure Observability.

Network widgets

In addition to standard visualizations of metric data, the following widgets display detailed insights into your network devices and their connections, interfaces, volumes, and flow data.

Active Alerts

In Entity Explorer, on the Overview or Interfaces tab.

An overview of the active alerts triggered by network devices or interfaces, categorized by severity. Active alerts are alerts that have been triggered but not cleared. This includes acknowledged alerts.

For more information about the entity's active alerts, click the widget title or click the vertical ellipsis () in the upper-right corner of the widget and click View All Active Alerts.

Default Route Changes

A table listing any changes to default routes in the designated network that include the viewed node. The widget is available on the Routing tab.

Available details include the next hop, route change and the time stamp of the last change.

Use the drop-down to filter widget by virtual routing and forwarding (VRF). The default VRF is Main.

Details

On the Overview tab, the Details widget shows details about the device, such as name, native state, vendor, IP address, and more.

On Interface details tab, the Details widget shows details about the interface, such as name, state, native state, or interface speed.

On Sensor details tab, the Details widget shows a brief description of the sensor.

On Volume details tab, the Details widget shows details about the volume, such as name, state, native state, volume type, or size.

Device Details

Device details include the network device native state, information whether the IP address is dynamic (Yes/No), machine type, device category, system name, description, object ID, software version, and more.

Ethernet Ports Used Over Time

On Ports tab in an entity details view; a time series widget displaying port usage over time.

Health

On SD-WAN tabs in SD-WAN network device details views, the widget shows the health of tunnels, WAN uplinks, and interfaces on the entity.

IP Addresses

The IP Addresses widget provides a list of IP addresses discovered for the network device.

Polling Details

The Polling Details widget includes the polling IP address, polling method, the frequency of polling status and metrics on the device, and more.

Ports

On Ports tab in an entity details view; displays details about ports, such as status, IP, vendor, MAC Address, and more.

Ports Currently in Use

On Ports tab in an entity details view; displays how many ports are in use and free now.

Routing Neighbors

Routing neighbors of the device. The widget is available on the Routing tab.

Available details include the neighbor node name, protocol, status, IP address, whether it is a remote neighbor, and the last change time stamp. If the neighbor network device is monitored with SolarWinds Observability, you can click the device name to open the network device details view.

Routing Table

A snapshot of the routing table of the currently viewed network device. The table is available on the Routing tab.

Available details include the destination, CIDR, next hop, interface, metric, or source.

Use the drop-down to filter widget by virtual routing and forwarding (VRF). The default VRF is Main.

Top Domains

A donut chart displaying the domains responsible for the most traffic through all devices exporting flow (on the Flows tab on the Network area overview) or through the selected network device (on the Flows tab on a device details view).

Top Domains Ingress / Top Domains Egress

A time series widget on the Flows tab on an interface details view that display the domains responsible for the most incoming (Ingress) or outgoing (Egress) traffic through the interface.

Top 10 Flapping Routes

A list of top 10 flapping routes in the designated network, by default ordered by the number of flaps over the designated time period in descending order. The widget is available on the Routing tab.

Use the drop-down to filter widget by virtual routing and forwarding (VRF). The default VRF is Main.

Available details include the number of Flaps over the recorded over the designated period of time, the Destination IP of the flapping route, the CIDR block size of the listed route, next hop on the listed route, the protocol used by the route, and the time stamp of the last change in the route.

If the next hop devices is monitored with SolarWinds Observability, you can click the device in the Next Hope column to open the network device details view.

Topology Map

A topology map shows relationships between the network device and other network devices that communicate with it. Borders are color-coded by health status.

You can filter the widget to display L2, L3, or all connections.

  • Monitored network devices: The map shows the icon, name, and health score. Click an item to display the details in the Inspector Panel.

  • Discovered network devices: The map only shows the IP address and a question mark icon; the border is a gray dotted line. No additional details are available, therefore the Inspector Panel is disabled.

Top Tunnels by Jitter / Top Tunnels by Latency / Top Tunnels by Packet Loss

On Tunnel Performance tabs in SD-WAN network device details views, the widget lists tunnels with most jitter, latency, or packet loss on the device.

Trends on Top Tunnels by Jitter / Trends of Top Tunnels by Latency / Trends of Top Tunnels by Packet Loss

These time series widgets on the Tunnel Performance tab in SD-WAN network device details views show in a graph how jitter, latency, or packet loss of tunnels with the highest amount of jitter, latency, or packet loss developed over time.

Tunnels

On SD-WAN or Tunnel Performance tabs in SD-WAN network device details views, the widget lists tunnels on the device and provides more info on their status and both source and target devices and interfaces.

If you click on a tunnel in the Tunnels widget on the Tunnel Performance tab, the Inspector Panel opens and shows jitter, latency, and packet loss information for the tunnel.

WAN Uplinks

On SD-WAN tabs in SD-WAN network device details views, the widget lists uplinks with details, such as interface name, status, or IP.

WAN Utilization (MB)

On SD-WAN tabs in SD-WAN network device details views, the widget shows the branch name, details on traffic utilization for the current device (In, Out, Total), the application with the most traffic, its protocol, and host IP for the time period set for the view.