Understanding the Meta, Comcast, and LinkedIn Outages

Product Updates

Introducing Multi-service Views for Enhanced Service Correlation

By Prab Singh
| | 14 min read


Correlation of application experience with network delivery has been at the heart of ThousandEyes since its inception. The network has long been the de facto vector of blame when users experience slowness in accessing their business-critical applications. This issue becomes further acute as applications move to the cloud and what was once a self-managed, internal network with a small set of WAN providers is now a conglomerate of ISPs that eventually connect the user to the cloud. In this new world, IT and cloud operations teams have looked to ThousandEyes to quickly understand the fault domain, whether it is the local network, Internet, cloud provider network, or the application service. By collecting data across multiple layers and visualizing where problems occur, ThousandEyes enables operations teams to dramatically lower the mean time to detect problems, so they can quickly triage the issue or escalate to the appropriate internal or external team. In this sense, ThousandEyes is more than a network intelligence solution—it’s a decision engine that allows different operations teams to quickly understand what action should be taken to resolve a user issue.

ThousandEyes’ intuitive visualization of complex journeys across networks, services, and applications has now been used by hundreds of enterprises—including top banks, SaaS providers, and Fortune 1000 companies—to ensure the performance of their digital ecosystems. Today, we’re excited to announce the next step in our evolution, Multi-service Views, a unique advancement that harnesses the power of data and visualization to solve even harder problems for our customers.

Multi-service Views builds on the multi-layered approach that has been a hallmark of ThousandEyes, by enabling multiple services—whether digital journey dependencies, multiple user groups, or different application tiers and modules—to be aggregated into a single visualization. This cross-service view delivers immediate insights for teams responsible for ensuring a good digital experience across a complex set of internal and external dependencies.

Below are three common scenarios that present significant challenges to most enterprises.

Increasing SaaS and Bespoke-application Dependencies

As enterprises increase their reliance on SaaS, external APIs and other services to support employees and customers, it has become increasingly important to understand and measure this across every critical piece of their digital supply chain. Even SaaS applications, which are typically experienced as monolithic by their users, often involve many interactions between and across edge dependencies, application tiers, and backend APIs. As an example, let’s take a look at the login experience of a user accessing Office 365 via its authentication service, Azure AD.

Figure 1. Office 365 authentication waterfall

In order for any user to successfully login into an Office 365 application, the inventory of service dependencies are as follows:

  • Successfully resolving login.microsoftonline.com using the local DNS resolver and/or upstream DNS nameservers depending on caching
  • Redirecting to www.office.com
  • Redirecting to login.microsoftonline.com to initiate the validation and authentication process, which involves interacting with backend data stores
  • Loading objects from Edgecast CDN and another part of Microsoft’s network that serves login.live.com

Each of the respective services may depend upon independent networks that must be available for the login.microsoftonline.com login page to be served to users. Each of these separate workflows reveals an aspect of the overall journey users must complete in order for the login page to be loaded. When something goes wrong, knowing where in the user journey (and at what layer, e.g., app or network) is crucial to successfully identifying and resolving availability and performance issues.

Figure 2. Office 365 login dependencies with Multi-service Views

This simultaneous visibility across multiple services is where Multi-service Views can drive even faster outcomes. Multi-service Views leverages the data collected across individual ThousandEyes tests to build a single service view for users to understand how each dependency affects overall application experience.

Deconstructing Overlay Networks

Network overlays have dramatically increased as enterprises have adopted SD-WAN and cloud-based security services, and have had to scale VPN capacity to support secure access for a remote workforce. While overlay provisioning, policies, and performance are important, so too is the underlying network transport, which is increasingly Internet-based. Multi-service Views deconstructs network connectivity into its constituent overlay and underlay parts, visualizing the end-to-end overlay tunnel endpoints, as well as every Layer 3 hop across the underlay.

Software Defined WAN (SD-WAN)

The rise of cloud-based applications has led to a wider adoption of software-defined WAN solutions that allow customers to more efficiently use their WAN resources per end-user application needs. Using application-aware policies that are centrally managed and pushed down to WAN routers, enterprises can dramatically increase operational agility and network resilience.

SD-WAN solutions use overlay networks to route traffic based on user-defined policies for a particular application. However, this control and this automation comes at the cost of visibility, as overlays will typically obscure the network underlay. To see the entire network path, as well as its impact on application experience, ThousandEyes users typically configure two tests — one to measure application response times and overlay network performance, and a second to measure and map the underlay network path.

Figure 3. Web application response time
Figure 4. Network path visualization (default overlay network)
Figure 5. Network path visualization (additional network test to public IP address of remote tunnel endpoint)

While these independent tests provide the needed visibility, the correlation of application experience to underlying ISP performance requires more intensive analysis across tests today. This is less than ideal, as users need to alternate between tests to understand impact while troubleshooting an operational problem. Multi-service Views enables these tests to be aggregated into a single view so that overlay and underlay network performance can be easily correlated for rapid problem domain isolation.

Figure 6. SD-WAN Overlay and underlay network with Multi service Views

Cloud-based Secure Web Gateways (SWG)

The move to SaaS applications has led to a move towards cloud-based secure web gateways (SWG), which inspect web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. SWGs provide benefits for remote workers who could be accessing SaaS applications from anywhere on any device, and SWGs are slowly becoming the standard way of securing SaaS applications, whether remote or on-premises. This extension of the firewall beyond the perimeter of your branch means network teams need new ways to monitor this extended network.

Two common modes of onboarding a cloud SWG at a branch location is the use of either transparent proxy mode or explicit proxy mode. In transparent mode, branch office traffic is directed to the closest SWG through a GRE or IPsec tunnel configured at the branch edge router. This generally leads to a network blindspot from the branch perimeter to the SaaS application being accessed due to the use of an overlay network and reliance on a public network. As a result, other measurements need to be made to gain back lost visibility. This can be accomplished today by setting up two distinct tests:

    • One test to the application being accessed from the enterprise agent at the branch. Note, in transparent proxy mode, due to the GRE tunnel, the path appears to be in a private network even though the last node segment ( to is actually traversing a public network.

Figure 7. Default network visibility to SWG transparent proxy
    • Another test to the transparent proxy IP address using ICMP to bypass the tunnel and discover the underlay network

Figure 8. Separate test to transparent proxy via ISP underlay

Multi-service Views make the measurements and network paths of the overlay and underlay network easier to correlate by combining interface nodes that are common across multiple network tests and branching the underlying ISP(s) from the GRE tunnel.

Figure 9. Cloud proxy network access using Multi-service Views

Network path correlation across clustered services

Multi-service Views also make it much easier for users to see common dependencies and network bottlenecks that impact a set of services. Building upon our unique path visualization, Multi-service Views leverages our path building algorithm across multiple networks to build a picture that was previously not possible.

Below is an example of an application being accessed by two data centers.

Figure 10. Default network visibility to one of the application pods

However, this application is served by multiple pods that are load-balanced. For an operations team, it’s critical to understand each pod’s performance and how any of them may be contributing to user experience issues that surface intermittently only when the faulty pod or its associated network is used to serve the traffic. With Multi-service Views, we can layer the networks serving each pod from both data centers to build a more complete picture that drastically reduces time to troubleshoot.

Figure 11. Multi-service Views showing network access to all application pods

It’s important to note the commonalities and differences between the two views. Four network segments from the right are common across each pod and can be clearly seen as the logical network serving all application pods. Likewise, the first seven segments from the left represent local data center networks accessing each pod with some degree of overlap. This data is captured without any instrumentation on network devices themselves but leveraging our advanced network synthetics to weave together data across multiple tests.

The above are just a few examples of how this new capability can be used and why we’re excited to offer it to our customers.

A Step Forward in Managing Complex, Hybrid Digital Ecosystems

At ThousandEyes, we understand the challenges facing enterprises as they move to the cloud and are increasingly tasked with solving problems regardless of ownership domain. We will continue to push the boundaries on how data can drive intelligence for enterprises, and we'll remain committed to delivering innovations that help our customers tackle hard challenges so they continuously thrive in a cloud, SaaS, and Internet-centric world.

Multi-Service View Availability

Multi-service Views will be available for the HTTP Server and Network layers across agent-to-server tests. It’s currently available to early access customers. To learn more about Multi-service Views, register for our Platform Update webinar or sign up for a custom demo. To request access to the limited availability program, contact your account representative.

Subscribe to the ThousandEyes Blog

Stay connected with blog updates and outage reports delivered while they're still fresh.

Upgrade your browser to view our website properly.

Please download the latest version of Chrome, Firefox or Microsoft Edge.

More detail