Monitor Split Tunnel
It’s common to have enterprises relying on split tunnel to provide connectivity to remote branch offices. In a split tunnel configuration, remote users utilize the commodity Internet connection, like Comcast or Verizon, to reach public websites or cloud services and a VPN tunnel, also called a LAN-to-LAN tunnel, to reach Intranet websites or other corporate services. The LAN-to-LAN tunnel is established between the branch router and the VPN concentrator that is located at the company’s headquarters or data centers.
(SD-WAN is an evolution of this model, where one or more commodity Internet connections are bundled together to offer enterprise-grade services for real-time and circuit uptime)
The network architect may choose to configure split tunneling either for economic reasons, due to the lower cost of Internet connections when compared to dedicated circuits like metro-Ethernet or MPLS, or for practical reasons, oftentimes due to the lack of transport services in specific areas of the country.
No matter what, when a branch office is configured with split tunneling, it becomes a challenge for network managers that rely on monitoring servers installed at the data center to quickly detect service outages and application performance issues before remote users do. This “network blindness” at remote locations has a tremendous impact on business operations (e.g. retail, banking, and healthcare) as well as for the network manager’s ability to troubleshoot remote application issues that affect the end users.
(Read about how Veterans United chose NetBeez to increase uptime and services availability at remote branch offices)
The problem with split tunneling and traditional network monitoring is that most solutions based on SNMP have the monitoring server installed at the data center. This server, which integrates an SNMP poller, periodically performs MIB queries on the router and switches installed at the remote branch offices. Problem is that centralized network monitoring can’t really tell if users are able to connect to cloud application and what the performance is like.
To solve this problem, network managers can now rely on distributed monitoring agents that perform active tests on the network layer (PING and Traceroute) as well as on the transport and application layer (Iperf and HTTP) to monitor services availability, check whether DNS works, and measure network and application performance.
The “distributed network monitoring” strategy implemented by NetBeez enables organizations with several branch offices to monitor split tunnel setups, gaining network visibility and utilizing quick detection of remote network and application issues.
If you want to learn more about NetBeez, I encourage you to schedule a demo with a representative from our team.