Cisco Systems 3.6 Root-Cause Alarms, Correlation Flows, Correlation by Key, Correlation by Flow

Page 23

Chapter 3 Cisco ANA Event Correlation and Suppression

Root-Cause Alarms

Root-Cause Alarms

Potential root-cause alarms have a determined weight according to the specific event customization. Refer to Chapter 6, “Event and Alarm Configuration Parameters” for additional information about setting the weights. For example, a link-down alarm is configured to allow other alarms to correlate to it, thus when a link-down event is recognized, other alarms that occur in the network may choose to correlate to it, hence identifying it as the cause for their occurrence. However an event that is configured to be the cause for other alarms can in its turn correlate to another alarm. The topmost alarm in the correlation tree is the root cause for all the alarms.

Correlation Flows

The VNEs utilize their internal device component model (DCM) in order to perform the actual correlation. This action is considered to be a correlation flow. There are two basic correlation mechanisms used by the VNE:

1.Correlation by Key (correlation in the same VNE).

2.Correlation by Flow (correlation across VNEs or in the same VNE). Each event can be configured to:

Not correlate at all.

Perform correlation by key.

Perform correlation by flow.

For more information about these parameters, see Chapter 6, “Event and Alarm Configuration

Parameters”.

In addition, the DC model cache enables the system to issue correlation flows over an historical network snapshot that existed in the network before a failure occurred. For more information see DC Model Correlation Cache.

Correlation by Key

When the root cause problem is at the box level, attempts to correlate to other events are restricted to the specific VNE. This means that the correlation flow does not cross the DCM models of more than one VNE. An example is a port-down syslog event correlating to a port-down event.

An exception for this behavior is the link-down alarm. Since a link entity connects two endpoints in the DCM model, it involves the DCM of two different VNEs, but on each VNE the events are correlated to their own copy of the link-down event.

Correlation by Flow

Network problems and their effects are not always restricted to one network element. This means that a certain event could have the capability of correlating to an alarm several hops away. To do this the correlation mechanism within the VNE uses an active correlation flow that runs on the internal VNE’s DCM model and tries to correlate along a specified network path to an alarm. This is similar to the Cisco ANA PathTracer operation when it traces a path on the DCM model from point A to point Z, except that it is trying to correlate to a root-cause alarm along the way, rather than just tracing a path.

Cisco Active Network Abstraction Fault Management User Guide, Version 3.6 Service Pack 1

 

OL-14284-01

3-3

 

 

 

Page 22 Page 24
Image 23
Page 22 Page 24
Contents Americas Headquarters Page N T E N T S Multi Route Correlation Cloud VNE Alarm Sending Event Correlator Vii About This GuideViii Managing Events Fault Management OverviewBasic Concepts and Terms AlarmEvent Sequence EventFlapping Events Repeating Event SequenceTicket Correlation By Root CauseSequence Association and Root Cause Analysis Severity PropagationEvent Processing Overview OL-14284-01 Unreachable Network Elements Fault Detection and IsolationVNE Integrity Service Sources of Alarms On a DeviceAlarm Integrity Fault Detection and Isolation Integrity Service Cisco ANA Event Correlation and Suppression Event SuppressionCisco ANA Root-Cause Correlation ProcessCorrelation by Flow Root-Cause AlarmsCorrelation Flows Correlation by KeyCorrelating TCA Using WeightsDC Model Correlation Cache Connectivity Test Device Unreachable AlarmAdvanced Correlation Scenarios Device Unreachable Example Device Fault IdentificationIP Interface Failure Scenarios IP Interface Status Down AlarmCorrelation of Syslogs and Traps IP Interface Failure Examples All IP Interfaces Down AlarmInterface Example 10.200.1.2 General Interface Example Ethernet, Fast Ethernet, Giga Ethernet Examples ATM ExamplesIp interface status down Parameters Interface Registry ParametersMulti Route Correlation Example Multi Route Correlation11 Multi Route Correlation Example Generic Routing Encapsulation GRE Tunnel Down/Up GRE Tunnel Down/Up Alarm14 GRE Tunnel Down Example 1 Single GRE Tunnel GRE Tunnel Down Correlation Example15 GRE Tunnel Down Example 2 Multiple GRE Tunnels 16 Alarms Correlation to GRE Tunnel Down Ticket LDP Neighbor Down Alarm BGP Process Down AlarmMpls Interface Removed Alarm OL-14284-01 Types of Unmanaged Networks Supported Correlation Over Unmanaged SegmentsCloud VNE Supported When Logical Inventory Physical Inventory Cloud Correlation Example Cloud Problem AlarmOL-14284-01 Alarm Type Definition Event and Alarm Configuration ParametersGeneral Event Parameters Event Sub-Type Configuration ParametersRoot Cause Configuration Parameters Network Correlation Parameters Correlation Configuration ParametersFlapping Event Definitions Parameters System Correlation Configuration ParametersImpact Analysis Options Impact AnalysisAffected Severities Impact Report StructureAffected Parties Tab Impact Analysis GUIViewing a Detailed Report For the Affected Pair Detailed Report For the Affected Pair Accumulating Affected Parties Disabling Impact AnalysisUpdating Affected Severity Over Time Accumulating the Affected Parties In an AlarmAccumulating the Affected Parties In the Correlation Tree OL-14284-01 BGP process up Shut down on a device Supported Service AlarmsAll ip interfaces Sent when all IP interfaces True Warnin Shelf Out Link Over Utilized Rx DormantTx Dormant OL-14284-01 Event and Alarm Correlation Flow Figure B-1 Event Correlation Flow VNE level Software Function ArchitectureEvent Correlation Event Correlation FlowEvent Creation VNE level Post-Correlation Rule Event Correlator Alarm Sending Event CorrelatorCorrelation Logic Event Correlator
Related manuals
Manual 4 pages 36.46 Kb
Top Page Image Contents