Network-wide path insight provides end-to-end application-tracing serviceability in a Cisco Catalyst SD-WAN network. This feature lets you initiate application tracing and displays the trace results collected from multiple devices in a consolidated view. You also can view detailed information at the packet level, application level, domain level, flow level, and network level. Information from traces provides comprehensive insights into the operations of your network and can assist with performance analysis, planning, and troubleshooting.

For a brief video overview of network-wide path insight, see Cisco Catalyst SD-WAN Network-Wide Path Insight How to Demo.

This feature is supported on Cisco IOS XE Catalyst SD-WAN devices.

• Ensure that the Data Stream option is enabled in Cisco SD-WAN Manager. To enable this option, perform the following steps.

  Note	In a Cisco Catalyst multitenant deployment, you must have the provider role to enable this option. For more information, see User Roles in Multitenant Environment. If you try to set up a trace path when Data Stream is not enabled, you are prompted to enable it.

  1. From the Cisco SD-WAN Manager menu, choose Administration > Settings.

  2. For the Data Stream option, click View.

  3. Click Edit and choose Enable.

  4. Click Save.

• From Cisco Catalyst SD-WAN Manager Release 20.13.1, integrating Cisco Identity Services Engine (ISE) with Cisco Catalyst SD-WAN enables network-wide path insight traces to identify the specific users who are associated with traffic flows.

  For integration information, see Configure Cisco ISE in Cisco SD-WAN Manager.

  • Ensure that the users are registered with Cisco ISE.

• From Cisco Catalyst SD-WAN Manager Release 20.14.1, if you want traces to collect information about Cisco ThousandEyes Enterprise Agent tests, ensure that Cisco ThousandEyes is monitoring your network, and ensure that you know your Cisco ThousandEyes account username and OAuth bearer token. In addition, ensure that a Cisco ThousandEyes Enterprise Agent is deployed on a Cisco IOS XE Catalyst SD-WAN device in a service VPN other than VPN0 or 512, or on another host that is connected to a service VPN.

• Support for this feature on Cisco vEdge devices is limited to interoperation with Cisco IOS XE Catalyst SD-WAN devices.

• Only UDP and TCP can be traced using the Network-Wide Path Insight feature.

• This feature is not supported on VPN 0 or the transport VPN.

• This feature is not supported when extranet VPNs or service chain policies are configured in your Cisco Catalyst SD-WAN deployment.

• Not all packet traces are captured per flow. The system takes samples for the most typical packets automatically.

• Flow records do not display the complete history of flow path and hop information for releases before Cisco vManage Release 20.6.1.

• Mixed application and default policies are not supported for releases before Cisco vManage Release 20.6.1.

• You can monitor a maximum of two traces per device, and 10 concurrent active traces per Cisco SD-WAN Manager tenant.

• The following table shows the number of active flows that can be monitored, and the supported number of completed flows. Tracing stops when the monitoring limit is reached.

  Release	Number of Supported Active Flows	Number of Supported Number of Completed
  Releases before Cisco vManage Release 20.6.1	50 to 100 per device, depending on the Cisco IOS XE Catalyst SD-WAN device	1,000
  Cisco vManage Release 20.6.1 through Cisco vManage Release 20.8.x	50 to 100 per device, depending on the Cisco IOS XE Catalyst SD-WAN device	10,000
  Cisco vManage Release 20.9.1 and later releases	50 to 100 per device, depending on the Cisco IOS XE Catalyst SD-WAN device	60,000

• In releases before Cisco vManage Release 20.6.1, flow trace does not show the complete network path if the following optimizations are enabled:

  • UTD

  • TCP

  • SSL

  • DRE

• In the Application Stats graphs that are available in the Insight Summary > Overview tab, you cannot choose a WAN color for Cisco ASR 1000 Series Routers and Cisco Catalyst 8500 Series Edge Platforms.

• Traces that identify specific users who send and receive traffic provide information for IPv4 traffic only. This feature is available from Cisco Catalyst SD-WAN Manager Release 20.13.1.

• The site at which the trace starts by default has 100 peering sites with concurrent site-to-site traffic and can be extended to 250 peers in Administration Setting of Network Wide Path Insight. If the peering site is more than the configured value, the trace doesn't start from that site.

• For Cisco Catalyst SD-WAN Manager Release 20.14.1 and earlier releases, you can monitor traffic on flows that are initiated before you start a trace.

  For Cisco Catalyst SD-WAN Manager Release 20.15.1 and later releases, TCP/UDP flows that are initatied before you start a trace have lower chances of being monitored when compared with the newly initatied flows. You can use specific filters to monitor traffic on these flows.

• Verification of network and policy design when deploying a new site, VPN, or application

• Daily monitoring of network, application, and policy operations

• Collection of information for diagnosing operational issues

For more information, see Use Cases.