CN114338419B - IPv6 global networking edge node monitoring and early warning method and system - Google Patents

Abstract

The invention discloses a monitoring and early warning method and a system for IPv6 global networking edge nodes, wherein the method comprises the steps of distributing IPv6 address segments and marking local edge network nodes; collecting local area network non-private data information: local edge network node data; collecting internet non-private data information: local and foreign edge network node IP addresses and state identifications; collecting private data information of a local area network: log data of local and foreign edge network nodes; and constructing a dynamic Bayesian network early warning model, analyzing the acquired data, and obtaining the probability of warning occurrence of edge nodes in the current networking in the future, wherein the greater the probability is, the higher the authenticity of warning occurrence is. The invention solves the problems of large service scale, complex application relationship, multiple dependency layers and difficult inquiry problem in the operation and maintenance scene of the machine room.

Description

IPv6 global networking edge node monitoring and early warning method and system

Technical Field

The invention belongs to the technical field of networking communication, and particularly relates to an IPv6 global networking edge node monitoring and early warning method and system.

Background

In order to accelerate the development of the next generation internet scale deployment based on internet protocol version six (IPv 6), with the gradual penetration of digital development, the on-line equipment of the global internet is gradually increased, and compared with the equipment increased by 10-100 times before ten years, even though the operation and maintenance are already developing from manual operation and maintenance to tool operation and platform operation and maintenance, the current ultra-large networking, server and application requirements on IPv6 operation and maintenance monitoring still cannot be met.

At the same time, software systems are becoming larger and more complex, often containing hundreds of services deployed on thousands or even hundreds of thousands of servers, and supporting a large number of concurrent users. One particular challenge faced by large software systems is anomaly diagnosis. That is, how quickly the problem is diagnosed when it occurs, and how quickly the administrator identifies the root cause. Journaling is a common source of information for problem diagnosis. However, in today's large-scale systems, the log can be very large. For example, in some large systems that provide global services, the daily log data may amount to tens of TB (TBs). Microsoft's online service system even generates logs exceeding 1Pbe (PB) per day.

In the prior art, the problem of combination of network equipment, a server and applications in the process of internet nodes is difficult to achieve, so that the problem of low timeliness of large-scale networking internet topology is caused. The use of logs to collect information does not require modification of application code, or takes advantage of more advanced monitoring techniques and features that intuitively reflect the execution of the service.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides the IPv6 global networking edge node monitoring and early warning method and system, the log collecting information does not need to change application program codes, and the global networking edge node monitoring and early warning can be carried out by combining a higher monitoring technology, so that the execution condition of the service can be intuitively reflected, and the problems of large service scale, complex application relation, multiple dependence layers and difficult inquiry problem in a machine room operation and maintenance scene are solved.

In order to achieve the technical purpose, the invention adopts the following technical scheme:

the IPv6 global networking edge node monitoring and early warning method is characterized by comprising the following steps:

step 1, distributing IPv6 address segments and marking local edge network nodes;

Step 2, collecting local area network non-private data information: local edge network node data;

step 3, collecting internet non-privacy data information: local and foreign edge network node IP addresses and state identifications;

step4, collecting private data information of the local area network: log data of local and foreign edge network nodes;

And 5, constructing a dynamic Bayesian network early warning model, and analyzing the data acquired in the step 2-4 to obtain the probability of warning occurrence of the edge node in the current networking in the future, wherein the greater the probability is, the higher the authenticity of warning occurrence is.

In order to optimize the technical scheme, the specific measures adopted further comprise:

the step1 comprises the following steps:

Step 11, obtaining a fixed prefix from a preset networking IPv6 address segment, wherein an identification range is 33-64 bits of IPv6 address;

step 12, classifying the IPv6 address prefix obtained in the step 11 through a preset IP prefix database to obtain an IPv6 address of an application identifier and a reserved identifier;

specifically, IPv6 address prefixes are divided into six major classes:

Class one: attribute identification, corresponding to 33-35 bits;

class II: region identification, corresponding to 36-40 bits;

class III: platform identification, corresponding to 41-44 bits;

class IV: a mechanism identifier corresponding to 45-48 bits;

class five: application identification, corresponding to 49-52 bits;

Class six: reserving a mark, which corresponds to 53-64 bits;

Step 13, marking the local edge network node in the IPv6 address of the application identifier and the reserved identifier;

Step 14, generating a 64-bit IPv6 address of the marked edge network node.

And 2, acquiring data of a basic monitoring item of the edge network node and data of packet loss and delay among the edge network nodes, which are distributed and marked through an IPv6 address field, in the networking by adopting a TR069 protocol, and storing the acquired data into a non-privacy database.

And 3, executing a linux system self-contained curl command by an internet data acquisition program deployed at a local edge network node, combining parameters-I and IP addresses to obtain response information of the accessed different-place edge for node request, extracting state identifiers of the rear edge of the Http key word from the response information, wherein 200 represents successful connection, other represents abnormal connection, and finally storing the IP addresses and the state identifiers of the local and different-place edge network nodes into a non-privacy database.

Step 4 above refers to the log file being changed by executing the tail command of the linux system by the log server program deployed on the local edge network node in combination with the parameter-f, and collects the log data in the log file of the system on the server managed by each local and remote network node in the network, thereby obtaining the log data of each service, and storing the obtained data in the privacy database on the log server.

And 5, constructing a dynamic Bayesian network early warning model, analyzing and acquiring data of basic monitoring items, packet loss and delay data among edge network nodes and state identification data with key words of Http, accessing a privacy database to acquire log data of each service, and obtaining the probability of warning occurrence of the edge nodes in the current networking in the future, wherein the greater the probability is, the higher the authenticity of warning occurrence is.

The dynamic Bayesian network early warning model comprises the following steps:

ZY(D|+)＝ZY(+|D)ZY(D)/(ZY(+|D)ZY(D)+ZY(+|N)ZY(N))

ZY (D|+) is the probability of alarm occurrence when the false alarm rate is considered;

ZY (+|d) represents the accuracy at which the alarm occurs;

ZY (D) is the alarm occurrence rate;

ZY (+|n) represents the probability of misjudging as an alarm, which is the number of misreports with monitoring index data of 0/the total number of monitoring indexes;

ZY (N) represents the probability of failure of the monitoring index, and is 1-ZY (D).

An IPv6 global networking edge node monitoring and early warning system, comprising:

the IPv6 address segment allocation module is used for allocating IPv6 address segments and marking local edge network nodes;

The data acquisition module is used for acquiring local area network non-private data information: local edge network node data; collecting internet non-private data information: local and foreign edge network node IP addresses and state identifications; collecting local area network privacy data information: log data of local and foreign edge network nodes;

The Bayesian early warning module is used for constructing a dynamic Bayesian network early warning model, analyzing the data acquired by the data acquisition module, and obtaining the probability of occurrence of warning of edge nodes in the current networking in the future, wherein the greater the probability is, the higher the authenticity of occurrence of warning is.

The invention has the following beneficial effects:

according to the invention, an artificial intelligent Bayesian early warning model is introduced, log monitoring data of privacy of large and ultra-large networking distributed edge nodes is fully utilized, network equipment foundation monitoring data (memory, disk and process) of networking edge node privacy acquired by a TR069 protocol is combined with a monitoring program to execute on-off state data of each node marked in an allocated IPv6 address field of the edge node, and an artificial intelligent dynamic Bayesian network early warning method is provided for networking edge nodes and between the edge nodes and related local area networks.

According to the method, comprehensive data training is carried out on non-private Internet node acquisition data, private network equipment basic monitoring index data corresponding to the node, and private network equipment related application and service (database, middleware and server) data, so that early warning probability of each monitoring index of the edge node is obtained. The model deviation problem can be effectively overcome, and the calculation complexity is reduced.

Drawings

FIG. 1 is a flow chart of the method of the present invention;

FIG. 2 is a diagram illustrating IPv6 address field assignment;

FIG. 3 is a data acquisition flow chart;

fig. 4 is a bayesian early warning flow chart.

Detailed Description

Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.

Referring to fig. 1, the method for monitoring and early warning an IPv6 global networking edge node according to the present invention includes:

Step 1, distributing IPv6 address segments and marking local edge network nodes, comprising the following steps:

Step 11, obtaining a fixed prefix from a preset networking IPv6 address segment, wherein an identification range is 33-64 bits of IPv6 address;

step 12, classifying the IPv6 address prefix obtained in the step 11 through a preset IP prefix database to obtain an IPv6 address of an application identifier and a reserved identifier;

Referring to fig. 2, step 12 classifies IPv6 address prefixes into six major categories:

Class one: attribute identification, corresponding to 33-35 bits;

class II: region identification, corresponding to 36-40 bits;

class III: platform identification, corresponding to 41-44 bits;

class IV: a mechanism identifier corresponding to 45-48 bits;

class five: application identification, corresponding to 49-52 bits;

Class six: reserving a mark, which corresponds to 53-64 bits;

wherein the name of each class is identified by a binary code, and the code conversion is performed by binary conversion 16-ary.

The identified binary code corresponds to the number of bits of IPv 6:

The above IPv6 addresses of each bit are binary-converted into 16-ary codes by a background program, and the IPv6 addresses of 48 bits are extended.

The specific identification method comprises the following steps:

49-52 bits hexadecimal field 1 bit to identify;

53-64 bits hexadecimal field 3 bits are used to make the representation identification.

Step 13, marking the local edge network node in the IPv6 address of the application identifier and the reserved identifier;

Step 14, generating a 64-bit IPv6 address of the marked edge network node.

Referring to fig. 3, step2, collecting local area network non-private data information: local edge network node data:

the TR069 protocol is adopted to collect the data of the own basic monitoring items (memory, disk and process) of the edge network nodes distributed and marked by the IPv6 address field in the networking and the data of packet loss and delay among the edge network nodes, and the collected data is stored in a non-privacy database.

First, the edge (CPE) needs to support the TR069 protocol.

After an edge (CPE) is accessed to the networking, the operation of carrying out communication authentication configuration on the edge (CPE) is actively executed through a program deployed by the ACS. Meanwhile, the characteristics of interoperation between ACS and edge (CPE) through the special RPC method of TR069 protocol are utilized. The ACS secondarily sends a request message conforming to the RPC format of the TR069 protocol to the edge (CPE), wherein the request message comprises the time (ms) of each test of the request acquisition edge (CPE), a monitoring index item and IP.

Secondly, the edge (CPE) analyzes the request message and acquires the time (ms) of each test, the monitoring index item and the IP address to put into the request message. The edge (CPE) requests the request message to the ACS again, and the ACS analyzes the time (ms) of the test acquired from the edge (CPE), the monitoring index item and the IP address. Thus, the data acquisition of the basic monitoring items (memory, disk and process) of the local edge network nodes in the networking and the network packet loss and delay conditions between the local and the different edge network nodes are completed. And finally, storing the acquired data into a non-privacy database.

Step 3, collecting internet non-privacy data information: local and foreign edge network node IP address and status identification:

And executing a linux system by an Internet data acquisition program deployed at a local edge network node, combining a parameter-I and an IP address, obtaining response information of an accessed remote edge (CPE) request, extracting a state identifier behind an Http key from the response information, wherein 200 represents successful connection, and other represents abnormal connection, and finally storing the IP addresses and the state identifiers of the local and remote edge network nodes into a non-privacy database.

Step4, collecting private data information of the local area network: log data of local and foreign edge network nodes:

The method comprises the steps of referring to a log file which is being changed through a self-contained tail command of a linux system and a parameter-f of a log server program execution linux system deployed on a local edge network node, collecting log data in the log file of the system on a server managed by each local and different network node in a networking, obtaining log data of services such as a database, middleware, a server CPU, a memory, a disk and a process, and storing the obtained data in a privacy database on the log server.

Tail-F FILENAME displays the last content in the filename file on the screen and is continuously refreshed, so that the latest file content can be seen as long as the filename is updated.

Step 5, constructing a dynamic Bayesian network early warning model, analyzing the data acquired in the step 2-4 to obtain the probability of warning occurrence of the edge node in the current networking in the future, wherein the greater the probability is, the higher the authenticity of warning occurrence is

Referring to fig. 4, in the embodiment, a dynamic bayesian network early warning model is constructed, data of basic monitoring items (memory, disk and process) acquired by a non-private database and data of packet loss and delay among edge network nodes are analyzed, log data of services such as the acquisition of the private database (database, middleware, server CPU, memory, disk and process) are accessed, the probability of warning occurrence of the edge nodes in the current networking in the future is obtained, and the greater the probability is, the higher the authenticity of warning occurrence is.

The construction and analysis process of the dynamic Bayesian network early warning model is as follows:

prior probability = [ privacy prior probability + [ non-privacy prior probability ]

I.e. how many pieces of monitoring data the current edge node has.

And (3) accessing the non-private database by using the IPv6 address with the edge node label in the IPv6 address field as a query condition to acquire data of basic monitoring items (memory, disk and process) and data of packet loss and delay between edge network nodes.

The IPv6 address with the edge node label in the IPv6 address field is used as a query condition to access a privacy database, and log data of services such as a database, middleware, a server CPU, a memory, a disk and a process are obtained.

Conditional probability = total number of current edge node monitoring index data other than 0.

Adjustment factor = access to private and non-private databases acquisition monitoring false alarm times/[ prior probability ]

[ Posterior probability ] x adjustment factor = [ prior probability ]

Model mathematical formula:

ZY(D|+)＝ZY(+|D)ZY(D)/(ZY(+|D)ZY(D)+ZY(+|N)ZY(N))

obtaining by model calculation (probability of occurrence of alarm)

Description of relevant parameters:

[ posterior probability ] x adjustment factor = [ prior probability ]

The posterior probability mathematical formula is described as

Posterior probability = ZY (|d) x adjustment factor

【D】 Probability of alarm occurrence

[/] = Division symbol

[ ZY ] regardless of the false alarm rate, the probability of an alarm occurring.

"ZY (D | +)") considers the false alarm rate, the probability of an alarm occurring.

The term "ZY (+i D)" represents the accuracy at which the alarm occurs, i.e., (prior probability) =1—the false alarm rate of the alarm data that occurs, for example: when the alarm occurs, the false alarm rate is one percent, ZY (+I D) 1-0.01=0.99

[ ZY (D) ] alarm incidence rate

The expression "ZY (+|n)" represents the number of false alarms/the total number of monitoring indexes for which the probability of false alarms being judged=the monitoring index data is 0.

"ZY (N) =represents the probability that the monitoring index does not fail, that is, 1-ZY (D).

Thus, the dynamic Bayesian network early warning model is as follows:

ZY(D|+)＝ZY(+|D)ZY(D)/(ZY(+|D)ZY(D)+ZY(+|N)ZY(N))

taking memory data in basic monitoring items acquired by a non-privacy database as an example:

ZY (D|+) is the probability of occurrence of a memory alarm when the false alarm rate is considered;

ZY (+|d) represents the accuracy of the memory alert when it occurs;

ZY (D) is the occurrence rate of memory alarms;

ZY (+|n) represents the probability of misjudging as a memory alarm, which is the number of misreports with monitoring index data of 0/the total number of monitoring indexes;

ZY (N) represents the probability of failure of the memory monitoring index, and is 1-ZY (D).

The invention discloses an IPv6 global networking edge node monitoring and early warning system, which comprises:

the IPv6 address segment allocation module is used for allocating IPv6 address segments and marking local edge network nodes;

The data acquisition module is used for acquiring local area network non-private data information: local edge network node data; collecting internet non-private data information: local and foreign edge network node IP addresses and state identifications; collecting local area network privacy data information: log data of local and foreign edge network nodes;

The Bayesian early warning module is used for constructing a dynamic Bayesian network early warning model, analyzing the data acquired by the data acquisition module, and obtaining the probability of occurrence of warning of edge nodes in the current networking in the future, wherein the greater the probability is, the higher the authenticity of occurrence of warning is.

Abbreviations and key terms used in the present invention are defined as follows:

IPv6 is an abbreviation of "Internet Protocol Version 6" (internet protocol version 6), which is a next generation IP protocol designed by the Internet Engineering Task Force (IETF) to replace IPv4, and has a huge number of addresses, and can be used for encoding an address for each sand worldwide.

A subnet segment (network segment) generally refers to a portion of a computer network that can communicate directly using the same physical layer device (transmission medium, repeater, hub, etc.). For example, a network segment is between 192.168.0.1 and 192.168.255.255. The IPv6 subnet segments omit the leading zero of each segment, but each segment should have at least one number.

For example: ABCD:09A9:ERFC:0033:00F1:126 represents an IPv6 and 126 subnet bit;

A subnet range address is obtained:

ABCD:09a9:erfc:0033:00f1:0:0:0 to ABCD:09a9:erfc:0033:00f1:0000:0000:0003.

Because IPv4 network address resources are limited, application and development of the Internet are severely restricted, and the use of IPv6 not only can solve the problem of the number of network address resources, but also can solve the obstacle that various access devices are connected to the Internet. At present, operators and large enterprises are constructing IPv6, the Internet is comprehensively evolved and upgraded to IPv6, the address format of the IPv6 is different from the IPv4 format, the IPv6 has no concept of subnet masks, no concept of network numbers and host numbers, prefix length and interface IDs are replaced by the concepts of the network numbers and the host numbers, and the resource management mode of the IPv4 and the logic of subnet division are full life cycle management which cannot plan the IPv6 to recycle. In the process of deployment and application of IPv6 in a large number, IPv6 address management is dispersed according to respective networking and illegal access of services, and difficulty is increased in IP address planning management of operation and maintenance personnel. The number of IPv6 addresses is huge and the address length is longer, and the number of subnets of the 64-bit prefix of the IPv6 address of the segment under the corresponding subnet bit is calculated aiming at the IPv6 address segment and the subnet bit so as to determine that each subnet realizes the automatic calculation of the starting and ending IP range, and a great amount of calculation resources and time are consumed.

Therefore, the method reduces the loss of the computing resource, improves the management efficiency rate of the IP address resource, reduces the cost investment, and is particularly important for operators and enterprises.

The [ Tail ] command may be used to view the contents of the file, with a common parameter-f commonly used to view the changing log file.

Tail-F FILENAME will display the last content in the filename file on the screen and continually refresh so that the latest file content can be seen as long as the filename is updated.

"TR 069", collectively, "TECHNICAL REPORT 069" is a system of operations performed by DSL Forum (a non-profitable worldwide industry alliance, dedicated to the development of broadband network paradigms,

Members of which include leading vendors of communications, equipment, computers, networks, and service providers, and the like, have now renamed "Broadband Forum") to revise a technical specification, which is a management Protocol at the application layer, named "CPE wide area network management Protocol (CPE WAN MANAGEMENT Protocol)".

TR069 defines a set of brand-new network management system structure, including management model, interaction interface and basic management parameters, which can effectively implement management of home network equipment.

In TR-069, the network management server is called ACS (Auto Configuration Server auto configuration server) with a specific IP address and URL; the managed device obtains the URL of the ACS through the DHCP server, and after obtaining the network management IP, the managed device starts to establish the HTTP session according to the URL of the ACS. After the session is established, initialization is required, the purpose of which is to perform authentication, and the ACS is to ensure the validity of the managed device. After the initialization is completed, the network management server can acquire various monitoring information from the CPE.

The advantages are as follows: no SNMP function needs to be configured on the managed device, and if the managed device exceeds 3000 or more, a lot of configuration time of the monitored device will be saved.

The advantages are as follows: TR069 gathers information quickly because structured data information can be transferred by itself using the HTTP protocol. Therefore, all the required information is collected once and returned all at once, and the SNMP itself cannot transmit the information, which is collected one by one and returned one by one. The invention highlights the status of artificial intelligence in the fields of network security and operation and maintenance. The method and the system effectively solve the problems that the protection of the privacy data of the existing internet distributed edge nodes does not affect the training effect of the central model, and greatly reduce the training load of the central model. And meanwhile, data are collected by non-private internet nodes, basic monitoring index (comprising CPU, memory and hard disk) data of private network equipment corresponding to the nodes, and comprehensive data training is carried out on related application and service (database, middleware and server) data of the private network equipment, so that early warning probability of each monitoring index of the edge node is obtained. The invention effectively solves the problem of model deviation, improves the communication efficiency and reduces the calculation complexity.

The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above examples, and all technical solutions belonging to the concept of the present invention belong to the protection scope of the present invention. It should be noted that modifications and adaptations to the invention without departing from the principles thereof are intended to be within the scope of the invention as set forth in the following claims.

Claims (5)

1. The IPv6 global networking edge node monitoring and early warning method is characterized by comprising the following steps:

step 1, distributing IPv6 address segments and marking local edge network nodes;

Step 2, collecting local area network non-private data information: local edge network node data;

step 3, collecting internet non-privacy data information: local and foreign edge network node IP addresses and state identifications;

step4, collecting private data information of the local area network: log data of local and foreign edge network nodes;

Step 5, a dynamic Bayesian network early warning model is constructed, the data collected in the step 2-4 are analyzed, the probability of occurrence of warning of the edge node in the current networking in the future is obtained, and the greater the probability is, the higher the authenticity of occurrence of warning is;

the step 1 comprises the following steps:

Step 11, obtaining a fixed prefix from a preset networking IPv6 address segment, wherein an identification range is 33-64 bits of IPv6 address;

step 12, classifying the IPv6 address prefix obtained in the step 11 through a preset IP prefix database to obtain an IPv6 address of an application identifier and a reserved identifier;

specifically, IPv6 address prefixes are divided into six major classes:

Class one: attribute identification, corresponding to 33-35 bits;

class II: region identification, corresponding to 36-40 bits;

class III: platform identification, corresponding to 41-44 bits;

class IV: a mechanism identifier corresponding to 45-48 bits;

class five: application identification, corresponding to 49-52 bits;

Class six: reserving a mark, which corresponds to 53-64 bits;

Step 13, marking the local edge network node in the IPv6 address of the application identifier and the reserved identifier;

Step 14, generating a 64-bit IPv6 address of the marked edge network node;

Step 3, executing a linux system self-contained curl command by an internet data acquisition program deployed at a local edge network node, combining parameters-I and IP addresses to obtain response information of an accessed remote edge network node request, extracting state identifiers behind an Http keyword from the response information, wherein 200 represents successful connection, other represents abnormal connection, and finally storing the IP addresses and the state identifiers of the local and remote edge network nodes into a non-privacy database;

and 4, referring to the changed log file through a log server program execution linux system self-contained tail command combined with the parameter-f, collecting log data in log files of a system on a server managed by each local and different network node in the networking, so as to obtain log data of each service, and storing the obtained data in a privacy database on the log server.

2. The method for monitoring and early warning of an IPv6 global networking edge node according to claim 1, wherein the step 2 uses TR069 protocol to collect data of basic monitoring items of edge network nodes distributed and marked by IPv6 address fields in the networking, and data of packet loss and delay between the edge network nodes, and stores the collected data in a non-private database.

3. The method for monitoring and early warning of IPv6 global networking edge nodes according to claim 1, wherein step 5 is characterized in that a dynamic Bayesian network early warning model is constructed, data of basic monitoring items are obtained through analysis, packet loss and delay data among edge network nodes and state identification data with key words of Http are obtained, meanwhile, a privacy database is accessed to obtain log data of each service, the probability of occurrence of warning of the edge nodes in the current networking in the future is obtained, and the greater the probability is, the higher the authenticity of occurrence of warning is.

4. The method for monitoring and early warning an IPv6 global networking edge node according to claim 3, wherein the dynamic bayesian network early warning model is as follows:

ZY(D|+)＝ZY(+|D)ZY(D)/(ZY(+|D)ZY(D)+ZY(+|N)ZY(N))

ZY (D|+) is the probability of alarm occurrence when the false alarm rate is considered;

ZY (+|d) represents the accuracy at which the alarm occurs;

ZY (D) is the alarm occurrence rate;

ZY (+|n) represents the probability of misjudging as an alarm, which is the number of misreports with monitoring index data of 0/the total number of monitoring indexes;

ZY (N) represents the probability of failure of the monitoring index, and is 1-ZY (D).

5. An IPv6 global networking edge node monitoring and early warning system for implementing the IPv6 global networking edge node monitoring and early warning method according to any one of claims 1 to 4, comprising:

the IPv6 address segment allocation module is used for allocating IPv6 address segments and marking local edge network nodes;

The data acquisition module is used for acquiring local area network non-private data information: local edge network node data; collecting internet non-private data information: local and foreign edge network node IP addresses and state identifications; collecting local area network privacy data information: log data of local and foreign edge network nodes;

The Bayesian early warning module is used for constructing a dynamic Bayesian network early warning model, analyzing the data acquired by the data acquisition module, and obtaining the probability of occurrence of warning of edge nodes in the current networking in the future, wherein the greater the probability is, the higher the authenticity of occurrence of warning is.