Cisco Systems 3.6 specifications Event Processing Overview

Page 15

Chapter 1 Fault Management Overview

Event Processing Overview

The propagated severity of the alarm (the whole event sequence) is always determined by the last event in the sequence. In the above example, when the link-down alarm is open it will have critical severity; when it clears it moves to normal severity. An exception to this rule is the informational event (severity level of info) such as user acknowledge event, which does not change the propagated severity of the sequence (the alarm).

Each ticket assumes the propagated severity of the alarm with the topmost severity, within all the alarms in the correlation hierarchy at any level.

Note Each alarm does not assume the propagated severity of the correlated alarms beneath it. Each alarm assumes its severity only from its internal event sequence, as described above, while the ticket assumes the highest severity among all the alarms in the correlation tree.

Event Processing Overview

Cisco ANA provides a customizable framework for identifying and processing raw events. The raw events are collected into the Event Manager, forwarded to their respective VNE, and then processed as follows:

Step 1 The event data is parsed to determine its source, type, and alarm-handling behavior.

Step 2 If the event type is configured to try and correlate, the VNE attempts to find a compliant cause alarm. This is done in the VNE fabric.

Step 3 The event fields are looked up and completed.

Step 4 The event is sent to the Cisco ANA gateway, where:

•The event is written to the event database.

•If the event belongs to an alarm, it is attached to its respective event sequence and correlated to the respective root-cause alarm within the ticket, or a new sequence and new ticket is opened.

•If the event is marked as ticketable, and it did not correlate to any other alarm, a new ticket will be opened where the alarm that triggered the ticket will be the root cause of any alarms in the correlation tree.

Cisco Active Network Abstraction Fault Management User Guide, Version 3.6 Service Pack 1

	OL-14284-01	1-7

Image 15

Contents Americas Headquarters Page N T E N T S Multi Route Correlation Cloud VNE Alarm Sending Event Correlator Vii About This GuideViii Managing Events Fault Management OverviewBasic Concepts and Terms AlarmEvent Sequence Event Flapping Events Repeating Event SequenceTicket Correlation By Root CauseSequence Association and Root Cause Analysis Severity PropagationEvent Processing Overview OL-14284-01 Unreachable Network Elements Fault Detection and IsolationVNE Sources of Alarms On a Device Alarm IntegrityIntegrity Service Fault Detection and Isolation Integrity Service Cisco ANA Event Correlation and Suppression Event SuppressionCisco ANA Root-Cause Correlation ProcessCorrelation by Flow Root-Cause AlarmsCorrelation Flows Correlation by KeyUsing Weights DC Model Correlation CacheCorrelating TCA Device Unreachable Alarm Advanced Correlation ScenariosConnectivity Test Device Unreachable Example Device Fault IdentificationIP Interface Failure Scenarios IP Interface Status Down AlarmCorrelation of Syslogs and Traps IP Interface Failure Examples All IP Interfaces Down AlarmInterface Example 10.200.1.2 General Interface Example Ethernet, Fast Ethernet, Giga Ethernet Examples ATM ExamplesIp interface status down Parameters Interface Registry ParametersMulti Route Correlation Example Multi Route Correlation11 Multi Route Correlation Example Generic Routing Encapsulation GRE Tunnel Down/Up GRE Tunnel Down/Up Alarm14 GRE Tunnel Down Example 1 Single GRE Tunnel GRE Tunnel Down Correlation Example15 GRE Tunnel Down Example 2 Multiple GRE Tunnels 16 Alarms Correlation to GRE Tunnel Down Ticket BGP Process Down Alarm Mpls Interface Removed AlarmLDP Neighbor Down Alarm OL-14284-01 Correlation Over Unmanaged Segments Cloud VNETypes of Unmanaged Networks Supported Supported When Logical Inventory Physical Inventory Cloud Correlation Example Cloud Problem AlarmOL-14284-01 Alarm Type Definition Event and Alarm Configuration ParametersEvent Sub-Type Configuration Parameters Root Cause Configuration ParametersGeneral Event Parameters Network Correlation Parameters Correlation Configuration ParametersFlapping Event Definitions Parameters System Correlation Configuration ParametersImpact Analysis Options Impact AnalysisAffected Severities Impact Report StructureAffected Parties Tab Impact Analysis GUIViewing a Detailed Report For the Affected Pair Detailed Report For the Affected Pair Accumulating Affected Parties Disabling Impact AnalysisAccumulating the Affected Parties In an Alarm Accumulating the Affected Parties In the Correlation TreeUpdating Affected Severity Over Time OL-14284-01 BGP process up Shut down on a device Supported Service AlarmsAll ip interfaces Sent when all IP interfaces True Warnin Shelf Out Rx Dormant Tx DormantLink Over Utilized OL-14284-01 Event and Alarm Correlation Flow Figure B-1 Event Correlation Flow VNE level Software Function ArchitectureEvent Correlation Flow Event Creation VNE levelEvent Correlation Alarm Sending Event Correlator Correlation Logic Event CorrelatorPost-Correlation Rule Event Correlator

Related manuals

Manual 4 pages 36.46 Kb