ZDX behind GRE - how does it know the path?


Not sure if this is the right forum, but there’s no dedicated one for ZDX. So, I’d like to confirm few things. We’re trying to troubleshoot MS Teams issue and we use ZDX as our primary source of QoUE score. However, we aren’t sure the data it gives is valid.

Our offices have Silver-Peak (Aruba) SD-WAN appliances which have GRE tunnels configured pointing to Zscaler PSENs. We also use Tunnel 2.0 on-prem. So, traffic from the user is encapsulated twice (ZCC, then GRE). However, ZDX shows is a traceroute from SD-WAN appliance (it’s WAN interface) all the way to PSEN.

My question is how does it know what path looks like in the underlay if there’s no way traffic can bypass GRE. I accept the fact that ZDX can bypass tunnel 2.0, but GRE is transparent for it. Yet, it shows us hop by hop path in the underlay. I just don’t understand where this data comes from and how to treat it. Anyone from Zscaler please?

1 Like