Cisco Systems 3.6 Root-Cause Alarms, Correlation Flows, Correlation by Key, Correlation by Flow

Page 23

Chapter 3 Cisco ANA Event Correlation and Suppression

Root-Cause Alarms

Root-Cause Alarms

Potential root-cause alarms have a determined weight according to the specific event customization. Refer to Chapter 6, “Event and Alarm Configuration Parameters” for additional information about setting the weights. For example, a link-down alarm is configured to allow other alarms to correlate to it, thus when a link-down event is recognized, other alarms that occur in the network may choose to correlate to it, hence identifying it as the cause for their occurrence. However an event that is configured to be the cause for other alarms can in its turn correlate to another alarm. The topmost alarm in the correlation tree is the root cause for all the alarms.

Correlation Flows

The VNEs utilize their internal device component model (DCM) in order to perform the actual correlation. This action is considered to be a correlation flow. There are two basic correlation mechanisms used by the VNE:

1.Correlation by Key (correlation in the same VNE).

2.Correlation by Flow (correlation across VNEs or in the same VNE). Each event can be configured to:

Not correlate at all.

Perform correlation by key.

Perform correlation by flow.

For more information about these parameters, see Chapter 6, “Event and Alarm Configuration

Parameters”.

In addition, the DC model cache enables the system to issue correlation flows over an historical network snapshot that existed in the network before a failure occurred. For more information see DC Model Correlation Cache.

Correlation by Key

When the root cause problem is at the box level, attempts to correlate to other events are restricted to the specific VNE. This means that the correlation flow does not cross the DCM models of more than one VNE. An example is a port-down syslog event correlating to a port-down event.

An exception for this behavior is the link-down alarm. Since a link entity connects two endpoints in the DCM model, it involves the DCM of two different VNEs, but on each VNE the events are correlated to their own copy of the link-down event.

Correlation by Flow

Network problems and their effects are not always restricted to one network element. This means that a certain event could have the capability of correlating to an alarm several hops away. To do this the correlation mechanism within the VNE uses an active correlation flow that runs on the internal VNE’s DCM model and tries to correlate along a specified network path to an alarm. This is similar to the Cisco ANA PathTracer operation when it traces a path on the DCM model from point A to point Z, except that it is trying to correlate to a root-cause alarm along the way, rather than just tracing a path.

Cisco Active Network Abstraction Fault Management User Guide, Version 3.6 Service Pack 1

 

OL-14284-01

3-3

 

 

 

Image 23
Contents Americas Headquarters Page N T E N T S Multi Route Correlation Cloud VNE Alarm Sending Event Correlator Vii About This GuideViii Managing Events Fault Management OverviewBasic Concepts and Terms AlarmEvent Sequence EventFlapping Events Repeating Event SequenceTicket Correlation By Root CauseSequence Association and Root Cause Analysis Severity PropagationEvent Processing Overview OL-14284-01 Unreachable Network Elements Fault Detection and IsolationVNE Integrity Service Sources of Alarms On a DeviceAlarm Integrity Fault Detection and Isolation Integrity Service Cisco ANA Event Correlation and Suppression Event SuppressionCisco ANA Root-Cause Correlation ProcessCorrelation by Flow Root-Cause AlarmsCorrelation Flows Correlation by KeyCorrelating TCA Using WeightsDC Model Correlation Cache Connectivity Test Device Unreachable AlarmAdvanced Correlation Scenarios Device Unreachable Example Device Fault IdentificationIP Interface Failure Scenarios IP Interface Status Down AlarmCorrelation of Syslogs and Traps IP Interface Failure Examples All IP Interfaces Down AlarmInterface Example 10.200.1.2 General Interface Example Ethernet, Fast Ethernet, Giga Ethernet Examples ATM ExamplesIp interface status down Parameters Interface Registry ParametersMulti Route Correlation Example Multi Route Correlation11 Multi Route Correlation Example Generic Routing Encapsulation GRE Tunnel Down/Up GRE Tunnel Down/Up Alarm14 GRE Tunnel Down Example 1 Single GRE Tunnel GRE Tunnel Down Correlation Example15 GRE Tunnel Down Example 2 Multiple GRE Tunnels 16 Alarms Correlation to GRE Tunnel Down Ticket LDP Neighbor Down Alarm BGP Process Down AlarmMpls Interface Removed Alarm OL-14284-01 Types of Unmanaged Networks Supported Correlation Over Unmanaged SegmentsCloud VNE Supported When Logical Inventory Physical Inventory Cloud Correlation Example Cloud Problem AlarmOL-14284-01 Alarm Type Definition Event and Alarm Configuration ParametersGeneral Event Parameters Event Sub-Type Configuration ParametersRoot Cause Configuration Parameters Network Correlation Parameters Correlation Configuration ParametersFlapping Event Definitions Parameters System Correlation Configuration ParametersImpact Analysis Options Impact AnalysisAffected Severities Impact Report StructureAffected Parties Tab Impact Analysis GUIViewing a Detailed Report For the Affected Pair Detailed Report For the Affected Pair Accumulating Affected Parties Disabling Impact AnalysisUpdating Affected Severity Over Time Accumulating the Affected Parties In an AlarmAccumulating the Affected Parties In the Correlation Tree OL-14284-01 BGP process up Shut down on a device Supported Service AlarmsAll ip interfaces Sent when all IP interfaces True Warnin Shelf Out Link Over Utilized Rx DormantTx Dormant OL-14284-01 Event and Alarm Correlation Flow Figure B-1 Event Correlation Flow VNE level Software Function ArchitectureEvent Correlation Event Correlation FlowEvent Creation VNE level Post-Correlation Rule Event Correlator Alarm Sending Event CorrelatorCorrelation Logic Event Correlator
Related manuals
Manual 4 pages 36.46 Kb

3.6 specifications

Cisco Systems 3.6 marks a significant advancement in network technology, presenting an innovative suite of features and capabilities designed to enhance performance, security, and flexibility for modern networks. As a leader in networking solutions, Cisco continues to evolve its offerings, ensuring they meet the demands of businesses operating in increasingly complex environments.

One of the standout features of Cisco Systems 3.6 is the introduction of enhanced automation capabilities. Automation reduces the manual effort required for network management, allowing IT teams to focus on strategic initiatives rather than routine maintenance. The system leverages advanced machine learning algorithms to analyze network behavior, detect anomalies, and suggest optimizations, which enhances operational efficiency and uptime.

In terms of security, Cisco Systems 3.6 integrates robust cybersecurity measures directly into its architecture. It incorporates Cisco's SecureX framework, which provides centralized visibility and control across the entire security stack. This feature allows organizations to respond rapidly to threats, leveraging threat intelligence and automated response mechanisms to mitigate risks effectively.

Another notable characteristic is improved compatibility with cloud environments. With the rise of hybrid cloud models, Cisco Systems 3.6 offers seamless integration capabilities that enable businesses to connect their on-premises networks with public and private cloud infrastructures. This ensures greater flexibility and enhanced performance for cloud-based applications.

Cisco also emphasizes software-defined networking (SDN) with its updated platform. This approach allows for greater agility, enabling network administrators to programmatically manage resources through a centralized interface. SDN facilitates rapid deployment of services and applications, optimizing the overall user experience.

Cisco Systems 3.6 also boasts enhanced collaboration tools, fostering improved communication across teams. Featuring advanced video conferencing and messaging capabilities, it enhances productivity and streamlines processes, regardless of employee location. These tools are designed to support remote work environments, which have become increasingly important in today's business landscape.

Furthermore, energy efficiency is a core aspect of Cisco Systems 3.6. The system is designed to optimize power consumption and reduce overall operating costs, aligning with global sustainability goals. The efficient design prioritizes environmentally friendly practices while still delivering high performance.

In conclusion, Cisco Systems 3.6 represents a comprehensive evolution in networking technology, focusing on automation, security, cloud integration, SDN, collaboration, and energy efficiency. These features position Cisco as a pivotal player in supporting organizations as they navigate the complexities of digital transformation and the future of networking.