3.2 End-Device Network Issue Diagnosis

Maintaining a reliable and secure network requires diagnosing network issues on traditional end-devices, such as computers and smartphones. ENNA v1.0 exam emphasizes the endpoint agent, its capabilities, metrics, and troubleshooting techniques to identify and resolve network problems impacting applications from the end-user's perspective. These issues can affect users working from various locations, including the office and home. While IP-connected devices such as sensors, cameras, and IoT devices are not within the current scope (v1.0), they may be included in future versions of the exam.

Key Concepts

Diagnosing End-Device Network Issues

This section focuses on analyzing data to troubleshoot network problems originating from end devices. We'll cover how to leverage information from ThousandEyes Endpoint Agents to identify and resolve these issues.

We can categorize the issues into three main areas:

1. Local network problems
2. Web performance problems
3. Broader network problems (beyond the local network)

Local Network Problems

Local networks can be problematic for anyone, but especially for remote workers. Endpoint Agents provide a unique perspective into the network conditions experienced by remote workers and devices.

They gather crucial data, including:

• ICMP ping and traceroute information to network elements (proxies, VPNs, gateways) over the past 24 hours.
• Network profiles capturing connection details.

Data is collected in focused bursts every 5 minutes.

Potential Causes:

• Gateway malfunctions
• Bandwidth limitations
• Endpoint performance bottlenecks (CPU, memory)
• Poor Wi-Fi signal strength
• General Wi-Fi connectivity problems

Troubleshooting:

• Verify endpoint network settings
• Examine network interface details (speed, errors)
• Use network diagnostic tools (ping, traceroute) within ThousandEyes to gain historical context and path visualization
• Analyze logs and error messages from end devices to identify errors, configuration problems, or hardware failures

Web Performance Issues

Potential Causes:

• Browser cache/cookie issues
• Web application errors or outages
• API limitations or failures
• DNS server problems

Troubleshooting:

• Within ThousandEyes, correlate web performance metrics with underlying network conditions
• Analyze HTTP error messages for clues
• Clear browser cache and cookies, and verify firewall/proxy configurations

Broader Network Problems (Beyond the Local Network)

Potential Causes:

• ISP outages
• Network congestion
• Physical infrastructure issues (fiber cuts, power outages)
• DNS server problems
• Routing anomalies

Troubleshooting:

• In ThousandEyes, pinpoint the time the issue began
• Use the network visualization to isolate problematic nodes by filtering for an affected agent
• Differentiate between end-to-end packet loss (at the agent) and forwarding loss occurring along the network path

ThousandEyes Endpoint Agent Metrics

Familiarize yourself with the metrics collected by ThousandEyes Endpoint Agents. This knowledge is essential for:

• Problem Context: Understanding the type and scope of data collected helps you interpret the situation.
• Root Cause Identification: By correlating metrics across different layers (e.g., HTTP response time against network latency), you can pinpoint whether the issue stems from the network, application, or endpoint itself.
• Troubleshooting Remote Workers: Determine if a remote worker's issues are due to local network congestion, Wi-Fi signal strength, device resource constraints, or problems with the ISP or wider internet.

The table below provides an overview of the metrics and views available for data collected by Endpoint Agents.

Table 1: Endpoint Agent Metrics

Refer to our official product documentation for a more detailed breakdown: Data Collected by Endpoint Agent

Resources

• Troubleshooting Endpoint Agent issues
• Endpoint Agent Views Reference
• Data Collected by Endpoint Agent
• What is jitter? An article on Meraki portal
• WiFi and LAN Monitoring
• VPN Monitoring

Sample Questions

3.2 Question 1

Refer to the exhibits. The endpoint has the following IP credentials:

192.168.100.9/24, DNS: 8.8.8.8,8.8.4.4, GW: 192.168.100.1

Based on the views presented in the exhibits, what led to the error occurring on Sun, May 5 23:27 GMT +2?

• A) The test target stopped responding.
• B) The FQDN of the test target is non-existent.
• C) The DNS servers assigned to the endpoint are unreachable.
• D) The DNS settings on the endpoint are incorrect.

3.2 Question 2

The Endpoint stopped appearing online after it was moved to another network.

The customer reviewed the endpoint logs but did not identify anything suspicious.

The customer also confirmed that the endpoint was online on the old network, and the new network is fully operational. Other endpoints that were moved to the new network are also online. Since the new network is small, the admin is using static IP assignment.

What is the best way to bring the endpoint online?

• A) It may be an issue with the lack of space in the new network. The endpoint should be moved back to the old network.
• B) The endpoint agent should be reinstalled to come online. This always helps.
• C) The endpoint will automatically come online in 10-15 minutes, no action is needed.
• D) Endpoint IP settings must be checked along with connectivity to c1.eb.thousandeyes.com.