WO2016095408A1 - Controller and method for processing alarm relevance - Google Patents

Controller and method for processing alarm relevance Download PDF

Info

Publication number
WO2016095408A1
WO2016095408A1 PCT/CN2015/078388 CN2015078388W WO2016095408A1 WO 2016095408 A1 WO2016095408 A1 WO 2016095408A1 CN 2015078388 W CN2015078388 W CN 2015078388W WO 2016095408 A1 WO2016095408 A1 WO 2016095408A1
Authority
WO
WIPO (PCT)
Prior art keywords
alarm
controller
service
analysis
found
Prior art date
Application number
PCT/CN2015/078388
Other languages
French (fr)
Chinese (zh)
Inventor
陈俏钢
肖红运
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016095408A1 publication Critical patent/WO2016095408A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities

Definitions

  • This document relates to the network technology managed by the SDN (Software Defined Network) controller, and more particularly to a scheme for using the controller to perform alarm correlation processing.
  • SDN Software Defined Network
  • a network In a communication network, a network consists of a number of communication device nodes, which are called network elements.
  • the network elements are connected by communication lines, including fiber optic cables and the like.
  • the network elements are distributed in various regions, some in the communication building laboratory in the city, and some network elements are in remote areas.
  • the devices of these network elements need to be configured, maintained, and monitored. It is impossible to assign them to each location. This requires a central network management system, which is placed in the central computer room to configure and maintain various nodes on the network through remote communication. monitor.
  • Managing the network through the controller is an emerging network management control system.
  • Controllers can be hierarchically organized in a tree to correlate large-scale networks.
  • the domain controller (D-Controller, DC for short) of the network element is directly managed.
  • the super controller (S-Controller, SC for short) does not directly manage the network element but manages the domain controller. Then, through the virtual network management provided by the domain controller, the management of the actual network is realized.
  • the controller forms a tree management system, and the upper layer is the SC, the underlying DC partition management domain, and the management communication network and the network element.
  • the northbound interface allows the application layer's network APP to access the network management, and can also operate through the side interface, with the EMS network element management system, the NMS network management system, or the OSS. Support system communication management information.
  • the network APP is an actual business application to the network, and it uses the resources provided by the control to issue requests for service establishment, deletion, or modification.
  • the controller establishes, deletes, or modifies services according to the request of the network APP, and monitors the alarm and performance of the service.
  • the DC directly manages the communication network, while the SC manages the DC, and can also communicate with the traditional network management system, and finally provides the APP with resources and services.
  • the SDN controller In the network controlled by the SDN controller, due to the control characteristics of the SDN controller, it only cares about the resources related to the service, and because of the division of the rights, it is not always possible to see all the resources related to the service. Under such conditions, it is more difficult to analyze the cause of the failure through a large number of alarms obtained, which is more difficult than the traditional network management system.
  • the embodiment of the invention provides a controller and an alarm correlation processing method to solve the problem of low alarm analysis efficiency in the related art.
  • An embodiment of the present invention provides a method for alarm correlation processing, including:
  • the controller When receiving the alarm reported by the southbound interface, the controller performs alarm correlation analysis on the alarm and the existing alarm in the network range of the controller;
  • the controller suppresses the reporting of the alarm.
  • the foregoing method further includes:
  • the controller reports the alarm to the upper controller or the application.
  • the controller determines whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy.
  • the alarm analysis policy includes at least one or more of the following information:
  • the alarms report the quantity control information, and the alarms report the priority information.
  • the step of the controller determining whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy includes:
  • the service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the controller is configured according to the pre-configured The alarm analysis policy determines whether the alarm is reported.
  • the step of the controller determining whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy includes:
  • the service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, the alarm is used as a priority. The highest alarm is reported to the upper-layer controller or the application, and the derivative alarm triggered by the alarm is detected in the intermediate node of the service. If there is a derivative alarm triggered by the alarm, the controller may The alarm is changed from the reporting state to the suppression state.
  • the step of the controller determining whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy includes:
  • the analysis determines the service in which the alarm is located, and if some nodes of the service in which the alarm is located are within the control range of the controller, analyze whether there is an alarm that triggers the alarm in the upstream of the service of the alarm resource, and if so, the suppression If the alarm does not exist, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
  • the foregoing method further includes:
  • the foregoing method further includes:
  • the controller receives the query for the partial part alarm or all the alarms initiated by the network application APP or the upper layer controller through the query interface, and returns a corresponding alarm according to the received command.
  • the embodiment of the invention further provides a controller, including:
  • the alarm analysis module is configured to perform an alarm correlation analysis between the alarm and an existing alarm in the network scope of the controller when the controller receives the alarm reported by the southbound interface;
  • the alarm processing module is configured to suppress the reporting of the alarm when the root cause alarm is found as a result of the alarm correlation analysis.
  • the alarm processing module is further configured to report the alarm to an upper-layer controller or an application, or according to a pre-configured alarm, when the root cause alarm is not found as a result of the alarm correlation analysis.
  • the analysis policy determines whether the alarm is reported to the upper controller or application.
  • the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found.
  • the alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the The pre-configured alarm analysis policy determines whether the alarm is reported.
  • the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found.
  • the alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, The alarm is reported to the upper-layer controller or the application as the highest-priority alarm, and the derivative alarm caused by the alarm is detected in the intermediate node of the service. If the alarm generated by the alarm is generated, the controller The alarm of the intermediate node is modified from the reporting state to the suppression state.
  • the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found.
  • the alarm processing module analyzes and determines the service where the alarm is located. If some nodes of the service where the alarm is located are within the control range of the controller, analyze whether the upstream service of the alarm resource is upstream. There is an alarm that triggers the alarm. If yes, the alarm is suppressed. If not, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
  • controller further includes:
  • the alarm record module is configured to record the alarm and the found root cause alarm as associated alarms when the root cause alarm is found in the alarm correlation analysis result.
  • controller further includes:
  • the query module is configured to receive a query for a part of the alarm or all alarms initiated by the network application APP or the upper layer controller through the query interface, and return a corresponding alarm according to the received command.
  • the embodiment of the invention further provides a computer readable storage medium storing program instructions, which can be implemented when the program instructions are executed.
  • the technical solution of the embodiment of the present application analyzes the direct interaction relationship of the alarms, analyzes the root cause alarms, and then filters out the more important alarms, and reports the filtered alarms to the upper controller or the application layer. This greatly reduces the number of alarm reports and directly identifies the most likely cause of root failure, thereby improving the efficiency of alarm analysis.
  • FIG. 1 is a schematic diagram of a related art SDN controller management control network
  • FIG. 2 is a schematic diagram of a relationship between a controller and other entities in a related art SDN network
  • FIG. 3 is a schematic flowchart of alarm correlation processing in the embodiment
  • FIG. 5 is a schematic diagram of an internal module of the controller in the embodiment.
  • This embodiment provides a method for alarm correlation processing, which mainly includes the following operations:
  • the controller When the controller receives the alarm reported by the southbound interface, it performs alarm correlation analysis on the alarm and the existing alarms in the network range of the controller.
  • the controller suppresses the report of the alarm.
  • the controller can take different operation processing. For example, the controller may report the alarm to the upper-layer controller or the application, or determine whether to report the alarm to the upper-layer controller or the application according to the pre-configured alarm analysis policy.
  • the alarms report the quantity control information, and the alarms report the priority information.
  • the controller determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy as follows:
  • the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
  • the controller reports the alarm with the highest priority to the upper controller or application, and analyzes the alarm. If there is a derivative alarm triggered by the alarm, the controller needs to modify the alarm of the intermediate node from the reporting state to the suppression state.
  • the controller If the node where the alarm is located is in the control range of the controller, you need to further analyze whether the alarm is generated in the upstream of the service of the alarm resource. If it exists, the alarm is suppressed. If it does not exist, the controller then The pre-configured alarm analysis policy determines whether the alarm is reported.
  • the controller determines whether to report an alarm, and if it is determined according to any one of the pre-configured alarm analysis strategies, it is determined that the alarm needs to be reported.
  • the alarm can be reported.
  • the alarm is reported only when all the reporting conditions in the pre-configured alarm analysis policy are met.
  • the alarm can be reported when the multiple reporting conditions in the pre-configured alarm analysis policy are met. That is, the manner of determining whether to report the alarm according to the alarm analysis policy may be various, and the embodiment does not impose any limitation on this.
  • the recording operation can be added to facilitate subsequent alarm management operations. That is, when the root cause alarm is found in the alarm correlation analysis result, the alarm and the found root alarm are recorded as associated alarms.
  • the query function may also be provided, that is, the controller receives the network application APP or the command of the upper layer controller to query part of the alarm or all the alarms through the query interface, and returns a corresponding alarm according to the received command.
  • Step 301 The network application or the upper controller sends a command to the controller to configure an alarm analysis policy.
  • the alarm analysis policy may include whether the alarm of the service intermediate node is reported, the number of alarms reported (including, for example, the number of alarms reported by each service), and the alarm reporting priority (including, for example, the priority of certain types of alarm reporting).
  • Step 302 The controller receives the alarm reported by the southbound interface.
  • the alarm may be sent from the device network element or the lower layer controller. After receiving the alarm, the alarm is forwarded to the alarm analysis module for processing.
  • the reported alarm has a unique alarm identifier.
  • Step 303 The alarm analysis module performs alarm correlation analysis on the existing alarms in the network range of the control by using the newly received alarms;
  • Step 3 above includes a flexible combination of some or all of the sub-steps below.
  • Step 303.1 starting from the resource generating the alarm, the alarm may be triggered by a service layer resource failure of the resource. Recursively search for service layer resources, check whether the service layer resources have alarms and whether the alarm is a root cause alarm. Going down until there is no more underlying service resources and can trigger The alarm of this alarm is up to now. If found, the alarm that the resource just found is the source of the alarm found in this analysis.
  • step 303.2 the service where the alarm is located is analyzed, and all nodes are in the control range of the controller. If yes, it is analyzed whether the resource of the alarm is in the middle of the service. If it is the intermediate point, according to the alarm analysis strategy of step 301, the intermediate point is not reported, or the alarm severity of the intermediate point is lower than or equal to the source and sink endpoints. If the severity of the alarm does not continue to be reported, or the priority is not reported, or the number of alarms is limited, the policy is processed according to the policy.
  • the alarm is sent according to the alarm analysis policy in step 301, and the newly received alarm is reported as a higher-priority alarm, and the intermediate node of the service is analyzed. If it exists, the alarm of the intermediate point changes from the reporting state to the suppression state.
  • step 303.3 if the analysis is that the service in which the alarm is located is only partially controlled by the controller. If the service layer alarm is generated according to step 303.1, the alarm is generated. If the alarm is generated, the upstream alarm is triggered.
  • step 303.4 if the root cause alarm is not found in the analysis of the previous steps, and the alarm policy is not received, the alarm is directly reported. If the root cause alarm is found in the previous analysis and is recorded as an associated alarm and is suppressed according to the alarm policy, the alarm is not reported. In the suppression state, the alarm still exists, but it is not reported automatically. The detected alarms associated with each other are marked with the alarm ID of the found alarm source as an associated alarm.
  • Step 304 If the controller manages multiple lower-layer controllers, and the reported alarm is located across multiple lower-layer controllers, after the root cause alarm is obtained, the command may be sent to the lower-layer controller to provide the analyzed Associate the alarm identifier of the root alarm and instruct the lower controller to suppress the derived alarm. Reduce the amount of alarm reporting.
  • Step 305 If the alarm correlation information sent by the upper controller is received, and the root source alarm is found in the alarm reported by the controller, the controller suppresses the alarm.
  • Step 306 the network application APP or the upper layer controller can query part of the alarm or all the alarms through the query interface, and the controller returns the result according to the query condition.
  • the alarms suppressed in the previous alarm analysis can also be queried.
  • the following takes an alarm generated in a service spanning multiple SCs as an example to illustrate another example of the alarm association processing method.
  • the connection between NE1, NE2 and NE6 indicates the service of an APP.
  • the service A endpoint is at NE1
  • the Z endpoint is at NE6
  • the NE2, NE3, NE4, and NE5 are directly managed by DC1, DC2, and DC3, respectively.
  • the upper layer is managed by an SC, and the dotted line in the figure indicates the management relationship.
  • an alarm Alarm1 is generated in the network element 1, and is reported from the network element 1 to the DC1, which is affected by the alarm1, and NE2, NE3, and NE4 also generate the alarms Alarm2, Alarm3, and Alarm4 respectively (the thick arrow in the figure indicates the alarm).
  • the process of alarm correlation processing is as follows:
  • Step 1 When DC1 receives Alarm1 (arrow No. 1 in the figure), the analysis finds that the service layer alarm is not found and Alarm1 is triggered, and the resource is the endpoint of the service, then the alarm has no root cause alarm and is directly reported (2 in the figure) Arrow)
  • Step 2 When DC1 receives alarm2 (arrow No. 3 in the figure), it is found that NE2 does not find the service layer alarm to trigger Alarm2, but the service endpoint NE1 has alarm1, which will trigger alarm2, then record Alarm1 as the associated alarm and suppress Alarm2;
  • Step 3 When DC2 receives Alarm3 (arrow No. 4 in the figure), it is found that NE3 does not find the service layer alarm and raises Alarm3, and Alarm3 is not at the end of the service. The service endpoint is not in the control scope of the controller. The root cause alarm was not found and reported directly (arrow No. 6 in the figure);
  • Step 4 When DC2 receives Alarm4 (arrow No. 5 in the figure), it is found that NE4 does not find the service layer alarm and raises Alarm4, and Alarm4 is not at the end of the service. The service endpoint is not in the control scope of the controller. The root cause alarm was not found and reported directly (arrow No. 6 in the figure);
  • Step 5 After the SC receives the alarms Alarm3 and alarm4 (arrow No. 6 in the figure), the analysis finds that NE3 and NE4 have not found the service layer alarm and triggered Alarm3, Alarm4, but the service endpoint NE1 exists. Alarm1 will trigger alarm3, Alarm4. Then record Alarm1 as the associated alarm, and suppress Alarm3, alarm4, and notify DC2 to suppress (arrow No. 7 in the figure);
  • Step 6 The final APP only receives the alarm1 of NE1 (the arrow No. 9 in the figure), and achieves the purpose of finding the root cause alarm and reducing the alarm reporting amount;
  • Step 7 For some kind of needs, when the APP cares about a certain service, it may need to query all the related alarms, and then send an inquiry command to query all the alarms of the service, including the suppressed alarm.
  • the controller returns the response layer by layer and reports it to the APP after the SC is summarized.
  • This embodiment provides a controller, as shown in FIG. 5, including at least the following modules:
  • the alarm analysis module is configured to perform an alarm correlation analysis between the alarm and an existing alarm in the network scope of the controller when the controller receives the alarm reported by the southbound interface;
  • the alarm processing module is configured to suppress the reporting of the alarm when the result of the alarm correlation analysis is that the root cause alarm is found.
  • the alarm processing module is further configured to: when the result of the alarm correlation analysis is that the root cause alarm is not found, the alarm may be reported to the upper-layer controller or the application, or the alarm is analyzed according to the pre-configured alarm analysis policy. Upper controller or application.
  • the alarms report the quantity control information, and the alarms report the priority information.
  • the processing of the alarm processing module includes:
  • the service of the alarm is determined. If all the nodes of the service are in the control range of the controller, and the alarm resource is the intermediate point of the service, determine whether to report the report according to the pre-configured alarm analysis policy. Alarm.
  • the alarm resource is the source and sink endpoint of the service
  • the alarm with the highest priority is reported to the upper controller or application, and analyzed. Whether there is a derivative alarm triggered by the alarm in the intermediate node of the service. If there is a derivative alarm triggered by the alarm, the alarm of the intermediate node is changed from the reporting state to the suppression state.
  • the alarm analysis policy determines whether the alarm is reported.
  • the alarm processing module may report the alarm according to any one of the pre-configured alarm analysis policies.
  • the alarm may be reported only when multiple or all of the pre-configured alarm analysis policies are met. This embodiment does not limit the specific reporting principle.
  • the foregoing apparatus may further include an alarm recording module, where the module is configured to record the alarm and the found root source alarm as associated alarms when the root cause alarm is found in the alarm correlation analysis result.
  • the device may further include a querying module, configured to receive a query for a part of the alarm or all the alarms initiated by the network application APP or the upper layer controller by using the query interface, and return a corresponding alarm according to the received command.
  • a querying module configured to receive a query for a part of the alarm or all the alarms initiated by the network application APP or the upper layer controller by using the query interface, and return a corresponding alarm according to the received command.
  • the technical solution of the embodiment of the present application greatly reduces the number of alarm reports, and directly finds out the most likely cause of root failure, thereby improving the efficiency of alarm analysis.

Abstract

Disclosed in the embodiments of the present invention are a controller and a method for processing alarm relevance. The method comprises: when a controller receives an alarm reported by a southbound interface, alarm relevance analysis is performed on said alarm and the current alarms within network range of the present controller; if the result of the alarm relevance analysis is that a root alarm is found, then the controller suppresses the report of said alarm. The controller comprises an alarm analysis module and an alarm processing module.

Description

一种控制器及告警关联性处理的方法Controller and alarm correlation processing method 技术领域Technical field
本文涉及SDN(Software Defined Network)控制器管理的网络技术,尤其涉及一种利用控制器进行告警关联性处理的方案。This document relates to the network technology managed by the SDN (Software Defined Network) controller, and more particularly to a scheme for using the controller to perform alarm correlation processing.
背景技术Background technique
在通讯网络中,网络由许多通讯设备节点组成,这些网络节点叫做网元。网元之间通过通讯线路进行连接,包括光纤电缆等多种形式。网元则分散分布在各个地区,有的在城市里的通讯大楼实验室里,有的网元在偏远地区。然而这些网元的设备需要进行配置、维护和监控,不可能每处都派人值守,这样就需要一个中心网络管理系统,放在中心机房,通过远程通讯对网络上各个节点进行配置、维护和监控。In a communication network, a network consists of a number of communication device nodes, which are called network elements. The network elements are connected by communication lines, including fiber optic cables and the like. The network elements are distributed in various regions, some in the communication building laboratory in the city, and some network elements are in remote areas. However, the devices of these network elements need to be configured, maintained, and monitored. It is impossible to assign them to each location. This requires a central network management system, which is placed in the central computer room to configure and maintain various nodes on the network through remote communication. monitor.
通过控制器管理网络是一种新出现的网络管理控制系统。在这个控制系统中,把传统网管中对业务资源的控制功能独立出来,仅仅关注业务资源。控制器可以按树型层次化组织,以便关联大规模网络。直接管理网元的叫域控制器(Domain Controller,D-Controller,简称DC);而上层的控制器(Super Controller,S-Controller,简称SC)不直接管理网元,而是管理域控制器,然后再通过域控制器提供的虚拟网络管理,实现对实际网络的管理。如图1所示,一个应用场景中,控制器形成树形管理体系,上层是SC,底层的DC划分管理域,管理通讯网络和网元。控制器除了南向和网络设备通过接口进行管理,还有北向接口可以让应用层的网络APP接入进行网络管理,还可以通过侧接口,同EMS网元管理系统、NMS网络管理系统或者OSS操作支撑系统沟通管理信息。网络APP是对网络的实际业务应用,它会使用控制提供的资源,发出业务建立、删除或修改的请求。而控制器根据网络APP的请求建立、删除或修改业务,并对业务的告警,性能进行监控。如图2所示,DC直接管理通讯网络,而SC管理DC,同时还可以和传统网络管理系统进行交流,最终提供给APP提供资源和服务。Managing the network through the controller is an emerging network management control system. In this control system, the control functions of the service resources in the traditional network management are separated, and only the service resources are concerned. Controllers can be hierarchically organized in a tree to correlate large-scale networks. The domain controller (D-Controller, DC for short) of the network element is directly managed. The super controller (S-Controller, SC for short) does not directly manage the network element but manages the domain controller. Then, through the virtual network management provided by the domain controller, the management of the actual network is realized. As shown in Figure 1, in an application scenario, the controller forms a tree management system, and the upper layer is the SC, the underlying DC partition management domain, and the management communication network and the network element. In addition to the southbound and network devices managed by the interface, the northbound interface allows the application layer's network APP to access the network management, and can also operate through the side interface, with the EMS network element management system, the NMS network management system, or the OSS. Support system communication management information. The network APP is an actual business application to the network, and it uses the resources provided by the control to issue requests for service establishment, deletion, or modification. The controller establishes, deletes, or modifies services according to the request of the network APP, and monitors the alarm and performance of the service. As shown in Figure 2, the DC directly manages the communication network, while the SC manages the DC, and can also communicate with the traditional network management system, and finally provides the APP with resources and services.
网络实际运行过程中,可能会遇到故障,或者收到干扰而通讯质量下降。 一旦发送这种情况。设备就会报告警。由于网络设备直接的通讯是密切关联的,一个设备或者一部分资源有故障报告警,就会引发网络大面积产生告警。产生非常多的告警量。对网络管理员来说,这么多告警要找出真正的故障原因是困难的。网络中一个故障的出现会引发一个直接反映该故障的告警,同时由于故障影响到其他设备或者业务,会引发一系列告警。告警A引发了告警B。告警A是根源告警,告警B是衍生告警。During the actual operation of the network, faults may be encountered, or interference may be received and communication quality may be degraded. Once this is sent. The device will report an alarm. Since the direct communication of the network device is closely related, a device or a part of the resource has a fault report alarm, which will cause a large area of the network to generate an alarm. A lot of alarms are generated. For network administrators, it is difficult to find so many alarms for the real cause of the failure. The occurrence of a fault in the network triggers an alarm that directly reflects the fault. At the same time, a series of alarms are triggered because the fault affects other devices or services. Alarm A raises alarm B. Alarm A is the root alarm and alarm B is the derivative alarm.
在SDN控制器管控的网络中,由于SDN控制器的控制特性,其只关心业务相关的资源,而且由于权限划分原因,也不一定能看到全部业务相关的资源。在这样的条件下,想通过得到的大量告警里分析出故障原因,比传统网络管理系统更为困难。In the network controlled by the SDN controller, due to the control characteristics of the SDN controller, it only cares about the resources related to the service, and because of the division of the rights, it is not always possible to see all the resources related to the service. Under such conditions, it is more difficult to analyze the cause of the failure through a large number of alarms obtained, which is more difficult than the traditional network management system.
发明内容Summary of the invention
本发明实施例提供一种控制器及告警关联性处理的方法,以解决相关技术中告警分析效率低的问题。The embodiment of the invention provides a controller and an alarm correlation processing method to solve the problem of low alarm analysis efficiency in the related art.
本发明实施例提供了一种告警关联性处理的方法,包括:An embodiment of the present invention provides a method for alarm correlation processing, including:
控制器收到南向接口上报的告警时,对所述告警与本控制器的网络范围内的现有告警进行告警关联性分析;When receiving the alarm reported by the southbound interface, the controller performs alarm correlation analysis on the alarm and the existing alarm in the network range of the controller;
当告警关联性分析的结果为找到根源告警,则所述控制器抑制所述告警的上报。When the result of the alarm correlation analysis is that the root cause alarm is found, the controller suppresses the reporting of the alarm.
可选地,上述方法还包括:Optionally, the foregoing method further includes:
当告警关联性分析的结果为没有找到根源告警,则所述控制器将所述告警上报给上层控制器或应用;或者When the result of the alarm correlation analysis is that the root cause alarm is not found, the controller reports the alarm to the upper controller or the application; or
当告警关联性分析的结果为没有找到根源告警,则所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用。When the result of the alarm correlation analysis is that the root cause alarm is not found, the controller determines whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy.
可选地,上述方法中,所述告警分析策略至少包括如下一种或几种信息:Optionally, in the foregoing method, the alarm analysis policy includes at least one or more of the following information:
业务中间节点的告警是否上报的信息,告警上报数量控制信息,告警上报优先级信息。Whether the alarms of the service intermediate nodes are reported, the alarms report the quantity control information, and the alarms report the priority information.
可选地,上述方法中,当告警关联性分析的结果为没有找到根源告警时, 所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:Optionally, in the foregoing method, when the result of the alarm correlation analysis is that the root cause alarm is not found, The step of the controller determining whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy includes:
分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的中间点,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the controller is configured according to the pre-configured The alarm analysis policy determines whether the alarm is reported.
可选地,上述方法中,当告警关联性分析的结果为没有找到根源告警时,所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:Optionally, in the foregoing method, when the result of the alarm correlation analysis is that the root cause alarm is not found, the step of the controller determining whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy includes:
分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的源宿端点,则将所述告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的中间节点中是否存在所述告警引发的衍生告警,如果存在所述告警引发的衍生告警,则所述控制器将该中间节点的告警由上报状态修改为抑制状态。The service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, the alarm is used as a priority. The highest alarm is reported to the upper-layer controller or the application, and the derivative alarm triggered by the alarm is detected in the intermediate node of the service. If there is a derivative alarm triggered by the alarm, the controller may The alarm is changed from the reporting state to the suppression state.
可选地,上述方法中,当告警关联性分析的结果为没有找到根源告警时,所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:Optionally, in the foregoing method, when the result of the alarm correlation analysis is that the root cause alarm is not found, the step of the controller determining whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy includes:
分析确定所述告警所在的业务,如果所述告警所在业务的部分节点在本控制器的控制范围内,则分析本告警资源的业务上游是否存在引发所述告警的告警,如果存在,则抑制所述告警,如果不存在,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The analysis determines the service in which the alarm is located, and if some nodes of the service in which the alarm is located are within the control range of the controller, analyze whether there is an alarm that triggers the alarm in the upstream of the service of the alarm resource, and if so, the suppression If the alarm does not exist, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
可选地,上述方法还包括:Optionally, the foregoing method further includes:
当告警关联性分析结果为找到根源告警时,将所述告警与找到的根源告警记录为关联告警。When the alarm correlation analysis result is that the root cause alarm is found, the alarm and the found root source alarm are recorded as associated alarms.
可选地,上述方法还包括:Optionally, the foregoing method further includes:
控制器通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警。The controller receives the query for the partial part alarm or all the alarms initiated by the network application APP or the upper layer controller through the query interface, and returns a corresponding alarm according to the received command.
本发明实施例还提供了一种控制器,包括: The embodiment of the invention further provides a controller, including:
告警分析模块,设置为在本控制器收到南向接口上报的告警时,对所述告警与本控制器的网络范围内的现有告警进行告警关联性分析;以及The alarm analysis module is configured to perform an alarm correlation analysis between the alarm and an existing alarm in the network scope of the controller when the controller receives the alarm reported by the southbound interface;
告警处理模块,设置为当告警关联性分析的结果为找到根源告警,则抑制所述告警的上报。The alarm processing module is configured to suppress the reporting of the alarm when the root cause alarm is found as a result of the alarm correlation analysis.
可选地,上述控制器中,所述告警处理模块,还设置为在告警关联性分析的结果为没有找到根源告警时,将所述告警上报给上层控制器或应用,或者根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用。Optionally, in the foregoing controller, the alarm processing module is further configured to report the alarm to an upper-layer controller or an application, or according to a pre-configured alarm, when the root cause alarm is not found as a result of the alarm correlation analysis. The analysis policy determines whether the alarm is reported to the upper controller or application.
可选地,上述控制器中,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指:Optionally, in the above controller, the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found. :
所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的中间点,则所述根据预先配置的告警分析策略确定是否上报所述告警。The alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the The pre-configured alarm analysis policy determines whether the alarm is reported.
可选地,上述控制器中,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指:Optionally, in the above controller, the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found. :
所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的源宿端点,则将所述告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的中间节点中是否存在所述告警引发的衍生告警,如果存在所述告警引发的衍生告警,则所述控制器将该中间节点的告警由上报状态修改为抑制状态。The alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, The alarm is reported to the upper-layer controller or the application as the highest-priority alarm, and the derivative alarm caused by the alarm is detected in the intermediate node of the service. If the alarm generated by the alarm is generated, the controller The alarm of the intermediate node is modified from the reporting state to the suppression state.
可选地,上述控制器中,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指:Optionally, in the above controller, the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found. :
所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的部分节点在本控制器的控制范围内,则分析本告警资源的业务上游是否 存在引发所述告警的告警,如果存在,则抑制所述告警,如果不存在,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The alarm processing module analyzes and determines the service where the alarm is located. If some nodes of the service where the alarm is located are within the control range of the controller, analyze whether the upstream service of the alarm resource is upstream. There is an alarm that triggers the alarm. If yes, the alarm is suppressed. If not, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
可选地,上述控制器还包括:Optionally, the controller further includes:
告警记录模块,设置为在告警关联性分析结果为找到根源告警时,将所述告警与找到的根源告警记录为关联告警。The alarm record module is configured to record the alarm and the found root cause alarm as associated alarms when the root cause alarm is found in the alarm correlation analysis result.
可选地,上述控制器还包括:Optionally, the controller further includes:
查询模块,设置为通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警。The query module is configured to receive a query for a part of the alarm or all alarms initiated by the network application APP or the upper layer controller through the query interface, and return a corresponding alarm according to the received command.
本发明实施例还提供一种计算机可读存储介质,存储有程序指令,当该程序指令被执行时可实现上述方法。The embodiment of the invention further provides a computer readable storage medium storing program instructions, which can be implemented when the program instructions are executed.
本申请实施例技术方案通过分析告警直接的相互影响关系,分析出根源告警,然后筛选出更为重要的告警,把筛选后的告警上报给上层控制器或者应用层。这样大大降低了告警上报的数量,直接把最有可能的根故障原因找出来,从而提高了告警分析效率。The technical solution of the embodiment of the present application analyzes the direct interaction relationship of the alarms, analyzes the root cause alarms, and then filters out the more important alarms, and reports the filtered alarms to the upper controller or the application layer. This greatly reduces the number of alarm reports and directly identifies the most likely cause of root failure, thereby improving the efficiency of alarm analysis.
附图概述BRIEF abstract
图1为相关技术SDN控制器管理控制网络示意图;1 is a schematic diagram of a related art SDN controller management control network;
图2为相关技术SDN网络中控制器与其他实体的关系示意图;2 is a schematic diagram of a relationship between a controller and other entities in a related art SDN network;
图3为本实施例中告警关联性处理的流程示意图;FIG. 3 is a schematic flowchart of alarm correlation processing in the embodiment;
图4为本实施例中业务跨多个DC的告警上报和分析流程图;4 is a flowchart of alarm reporting and analysis of services across multiple DCs in the embodiment;
图5为本实施例中控制器内部模块示意图。FIG. 5 is a schematic diagram of an internal module of the controller in the embodiment.
本发明的实施方式Embodiments of the invention
需要说明的是,在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present application may be combined with each other arbitrarily.
实施例1 Example 1
本实施例提供一种告警关联性处理的方法,主要包括如下操作:This embodiment provides a method for alarm correlation processing, which mainly includes the following operations:
控制器收到南向接口上报的告警时,对该告警与本控制器的网络范围内的现有告警进行告警关联性分析;When the controller receives the alarm reported by the southbound interface, it performs alarm correlation analysis on the alarm and the existing alarms in the network range of the controller.
当告警关联性分析的结果为找到根源告警,则控制器抑制该告警的上报。When the result of the alarm correlation analysis is that the root cause alarm is found, the controller suppresses the report of the alarm.
另外,如果告警关联性分析的结果为没有找到根源告警,那么控制器可以采取不同的操作处理。例如控制器则可以将该告警上报给上层控制器或应用;或者器根据预先配置的告警分析策略确定是否将该告警上报给上层控制器或应用。In addition, if the result of the alarm correlation analysis is that the root cause alarm is not found, the controller can take different operation processing. For example, the controller may report the alarm to the upper-layer controller or the application, or determine whether to report the alarm to the upper-layer controller or the application according to the pre-configured alarm analysis policy.
其中,本实施例所涉及的告警分析策略至少包括如下一种或几种信息:The alarm analysis strategy involved in the embodiment includes at least one or more of the following information:
业务中间节点的告警是否上报的信息,告警上报数量控制信息,告警上报优先级信息。Whether the alarms of the service intermediate nodes are reported, the alarms report the quantity control information, and the alarms report the priority information.
当告警关联性分析的结果为没有找到根源告警时,控制器根据预先配置的告警分析策略确定是否将该告警上报给上层控制器或应用的过程如下:When the alarm correlation analysis result is that the root alarm is not found, the controller determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy as follows:
首先,分析确定告警所在的业务;First, analyze and determine the service where the alarm is located;
如果告警所在业务的所有节点全部在本控制器的控制范围内,且告警的资源是该业务的中间点,则控制器根据预先配置的告警分析策略确定是否上报所述告警。If all the nodes of the service in the alarm are in the control range of the controller, and the alarm resource is the intermediate point of the service, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
如果告警所在业务的所有节点全部在本控制器的控制范围内,且告警的资源是该业务的源宿端点,则控制器将告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的中间节点中是否存在该告警引发的衍生告警,如果存在该告警引发的衍生告警,则控制器还需要将该中间节点的告警由上报状态修改为抑制状态。If all the nodes in the service of the alarm are in the control range of the controller, and the alarm resource is the source and sink endpoint of the service, the controller reports the alarm with the highest priority to the upper controller or application, and analyzes the alarm. If there is a derivative alarm triggered by the alarm, the controller needs to modify the alarm of the intermediate node from the reporting state to the suppression state.
如果告警所在业务的部分节点在本控制器的控制范围内,则需要进一步分析本告警资源的业务上游是否存在引发本告警的告警,如果存在,则抑制本告警,如果不存在,控制器再根据预先配置的告警分析策略确定是否上报所述告警。If the node where the alarm is located is in the control range of the controller, you need to further analyze whether the alarm is generated in the upstream of the service of the alarm resource. If it exists, the alarm is suppressed. If it does not exist, the controller then The pre-configured alarm analysis policy determines whether the alarm is reported.
需要说明的是,上述控制器根据预先配置的告警分析策略确定是否上报告警时,如果根据预先配置的告警分析策略中任一种信息确定需要上报告警 时,即可上报该告警。也可以是在符合预先配置的告警分析策略中所有上报条件时,才上报该告警。还可以是在符合预先配置的告警分析策略中多个上报条件时,即可上报该告警。即根据告警分析策略确定是否上报告警的方式可以是多种多样的,本实施例对此不作任何限制。It should be noted that, according to the pre-configured alarm analysis policy, the controller determines whether to report an alarm, and if it is determined according to any one of the pre-configured alarm analysis strategies, it is determined that the alarm needs to be reported. The alarm can be reported. The alarm is reported only when all the reporting conditions in the pre-configured alarm analysis policy are met. The alarm can be reported when the multiple reporting conditions in the pre-configured alarm analysis policy are met. That is, the manner of determining whether to report the alarm according to the alarm analysis policy may be various, and the embodiment does not impose any limitation on this.
另一些方案还提出,在上述方法的基础上,可以增加记录操作,以方便后续的告警管理操作。即在告警关联性分析结果为找到根源告警时,将告警与找到的根源告警记录为关联告警。Other solutions also propose that, based on the above method, the recording operation can be added to facilitate subsequent alarm management operations. That is, when the root cause alarm is found in the alarm correlation analysis result, the alarm and the found root alarm are recorded as associated alarms.
可选地,还可以提供查询功能,即控制器通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警即可。Optionally, the query function may also be provided, that is, the controller receives the network application APP or the command of the upper layer controller to query part of the alarm or all the alarms through the query interface, and returns a corresponding alarm according to the received command.
下面结合附图说明上述方法的实现过程。The implementation process of the above method will be described below with reference to the accompanying drawings.
首先结合图3所示,说明可选实施例中进行告警关联性处理的过程,该过程包括下面处理步骤:First, in conjunction with FIG. 3, a process for performing alarm correlation processing in an alternative embodiment is described. The process includes the following processing steps:
步骤301:网络应用或者上层控制器下发命令给本控制器配置告警分析策略;Step 301: The network application or the upper controller sends a command to the controller to configure an alarm analysis policy.
告警分析策略可以包括业务中间节点的告警是否上报,告警上报数量控制(包括例如:每业务上报的告警数量限制),告警上报优先级(包括例如某些,某类别的告警上报的优先级)。The alarm analysis policy may include whether the alarm of the service intermediate node is reported, the number of alarms reported (including, for example, the number of alarms reported by each service), and the alarm reporting priority (including, for example, the priority of certain types of alarm reporting).
步骤302:控制器收到南向接口上报的告警,告警可能来自设备网元或者下层控制器,收到告警后转交告警分析模块处理,上报的告警都有一个唯一的告警标识;Step 302: The controller receives the alarm reported by the southbound interface. The alarm may be sent from the device network element or the lower layer controller. After receiving the alarm, the alarm is forwarded to the alarm analysis module for processing. The reported alarm has a unique alarm identifier.
步骤303,告警分析模块把新收到的告警,在本控制的网络范围内对现有告警进行告警关联性分析;Step 303: The alarm analysis module performs alarm correlation analysis on the existing alarms in the network range of the control by using the newly received alarms;
上述步骤3包括下面的部分或者全部子步骤的灵活组合。 Step 3 above includes a flexible combination of some or all of the sub-steps below.
步骤303.1,首先从产生告警的资源开始,告警有可能是于该资源的服务层资源故障引发的。递归寻找服务层资源,检查服务层资源是否有告警和该告警是否为根源告警。一直往下直到已经没有更底层的服务资源和能够引发 本告警的告警为止。如果找到了则认为刚才找到的资源的告警是本次分析找到的告警源头。Step 303.1, starting from the resource generating the alarm, the alarm may be triggered by a service layer resource failure of the resource. Recursively search for service layer resources, check whether the service layer resources have alarms and whether the alarm is a root cause alarm. Going down until there is no more underlying service resources and can trigger The alarm of this alarm is up to now. If found, the alarm that the resource just found is the source of the alarm found in this analysis.
步骤303.2,分析得到告警所在的业务,是否所有节点全部在本控制器的控制范围。如果是的话,分析该告警的资源是否在业务的中间点,如果是中间点,根据步骤301的告警分析策略,可以是中间点不上报,或者中间点的告警严重性低于等于源宿端点的告警严重性则不继续上报,或者由于优先级而不上报,或者告警数量限制等,按照策略进行处理。In step 303.2, the service where the alarm is located is analyzed, and all nodes are in the control range of the controller. If yes, it is analyzed whether the resource of the alarm is in the middle of the service. If it is the intermediate point, according to the alarm analysis strategy of step 301, the intermediate point is not reported, or the alarm severity of the intermediate point is lower than or equal to the source and sink endpoints. If the severity of the alarm does not continue to be reported, or the priority is not reported, or the number of alarms is limited, the policy is processed according to the policy.
从业务的源宿端点的告警进行分析,看看端点是否存在引发本告警的告警。Analyze the alarms of the source and destination endpoints of the service to check whether the endpoint has an alarm that triggers the alarm.
记录找到的端点的告警标识,作为本此告警的根源告警。Record the alarm ID of the found endpoint as the root cause alarm for this alarm.
如果本次告警的资源是业务的端点,则根据步骤301的告警分析策略,把新收到的告警作为优先级更高的告警上报,分析业务的中间节点,是否存在本告警引发的衍生告警,如果存在则中间点的告警由上报状态变成抑制状态。If the resource of the alarm is the endpoint of the service, the alarm is sent according to the alarm analysis policy in step 301, and the newly received alarm is reported as a higher-priority alarm, and the intermediate node of the service is analyzed. If it exists, the alarm of the intermediate point changes from the reporting state to the suppression state.
步骤303.3,如果分析得到告警所在的业务只是部分在本控制器的控制范围。按照步骤303.1分析是否存在服务层告警引发本告警,并参考步骤303.3,分析本告警资源的业务上游有没有引发本告警。In step 303.3, if the analysis is that the service in which the alarm is located is only partially controlled by the controller. If the service layer alarm is generated according to step 303.1, the alarm is generated. If the alarm is generated, the upstream alarm is triggered.
步骤303.4,如果前面几个步骤的分析没有找到根源告警,也没有收到告警策略的限制,则直接上报本告警。如果前面的分析找到了根源告警,并记录为关联告警,并根据告警策略进行抑制,则不上报本告警。在抑制状态中,告警仍然存在,只是不主动上报。分析得到的互相有关联关系的告警打上标记把找到的告警源头的告警ID记录为关联告警。In step 303.4, if the root cause alarm is not found in the analysis of the previous steps, and the alarm policy is not received, the alarm is directly reported. If the root cause alarm is found in the previous analysis and is recorded as an associated alarm and is suppressed according to the alarm policy, the alarm is not reported. In the suppression state, the alarm still exists, but it is not reported automatically. The detected alarms associated with each other are marked with the alarm ID of the found alarm source as an associated alarm.
步骤304,如果本控制器管理多个下层控制器,而上报的告警所在的业务跨多个下层控制器,那么在分析得到根源告警后,可以下发命令给下层控制器,给出分析后的关联根源告警的告警标识,并指示下层控制器对衍生告警进行抑制。减少告警上报量。Step 304: If the controller manages multiple lower-layer controllers, and the reported alarm is located across multiple lower-layer controllers, after the root cause alarm is obtained, the command may be sent to the lower-layer controller to provide the analyzed Associate the alarm identifier of the root alarm and instruct the lower controller to suppress the derived alarm. Reduce the amount of alarm reporting.
步骤305,如果收到上层控制器发来的告警相关性信息,指出了本控制器上报的告警中找到了根源告警,那么本控制器对这些告警进行抑制。 Step 305: If the alarm correlation information sent by the upper controller is received, and the root source alarm is found in the alarm reported by the controller, the controller suppresses the alarm.
步骤306,网络应用APP或者上层控制器可以通过查询接口查询部分告警,或者所有告警,本控制器按照查询条件返回结果。前面的告警分析中抑制的告警也可以查询得到。Step 306, the network application APP or the upper layer controller can query part of the alarm or all the alarms through the query interface, and the controller returns the result according to the query condition. The alarms suppressed in the previous alarm analysis can also be queried.
下面以一个跨多SC的业务中产生告警为例,说明告警关联性处理方法的另一个实例。The following takes an alarm generated in a service spanning multiple SCs as an example to illustrate another example of the alarm association processing method.
如图4所示。连接NE1、NE2到NE6的连线表示一个APP关心的业务,业务A端点在NE1,Z端点在NE6,中间经过NE2、NE3、NE4、NE5,分别被DC1、DC2、DC3直接管理,而他们在上层则被一个SC管理,图中虚线表示管理关系。假设在网元1产生了一个告警Alarm1,从网元1上报到DC1,受到alarm1的影响,NE2,NE3,NE4也分别产生了告警Alarm2,Alarm3,Alarm4(图中粗箭头表示告警)。此场景下,告警关联性处理的过程如下:As shown in Figure 4. The connection between NE1, NE2 and NE6 indicates the service of an APP. The service A endpoint is at NE1, the Z endpoint is at NE6, and the NE2, NE3, NE4, and NE5 are directly managed by DC1, DC2, and DC3, respectively. The upper layer is managed by an SC, and the dotted line in the figure indicates the management relationship. Assume that an alarm Alarm1 is generated in the network element 1, and is reported from the network element 1 to the DC1, which is affected by the alarm1, and NE2, NE3, and NE4 also generate the alarms Alarm2, Alarm3, and Alarm4 respectively (the thick arrow in the figure indicates the alarm). In this scenario, the process of alarm correlation processing is as follows:
第1步:DC1在收到Alarm1的时候(图中1号箭头),分析发现没有找到服务层告警引发Alarm1,而且所在资源是业务的端点,那么这个告警没有根源告警,直接上报(图中2号箭头);Step 1: When DC1 receives Alarm1 (arrow No. 1 in the figure), the analysis finds that the service layer alarm is not found and Alarm1 is triggered, and the resource is the endpoint of the service, then the alarm has no root cause alarm and is directly reported (2 in the figure) Arrow)
第2步:DC1在收到alarm2的时候(图中3号箭头),分析发现NE2没有找到服务层告警引发Alarm2,但是业务端点NE1存在alarm1,会引发alarm2,那么记录Alarm1为关联告警,并且抑制Alarm2;Step 2: When DC1 receives alarm2 (arrow No. 3 in the figure), it is found that NE2 does not find the service layer alarm to trigger Alarm2, but the service endpoint NE1 has alarm1, which will trigger alarm2, then record Alarm1 as the associated alarm and suppress Alarm2;
第3步:DC2在收到Alarm3的时候(图中4号箭头),分析发现NE3没有找到服务层告警引发Alarm3,而且Alarm3不是在业务的端点,业务端点不在本控制器的管控范围,分析结果是没有找到根源告警,直接上报(图中6号箭头);Step 3: When DC2 receives Alarm3 (arrow No. 4 in the figure), it is found that NE3 does not find the service layer alarm and raises Alarm3, and Alarm3 is not at the end of the service. The service endpoint is not in the control scope of the controller. The root cause alarm was not found and reported directly (arrow No. 6 in the figure);
第4步:DC2在收到Alarm4的时候(图中5号箭头),分析发现NE4没有找到服务层告警引发Alarm4,而且Alarm4不是在业务的端点,业务端点不在本控制器的管控范围,分析结果是没有找到根源告警,直接上报(图中6号箭头);Step 4: When DC2 receives Alarm4 (arrow No. 5 in the figure), it is found that NE4 does not find the service layer alarm and raises Alarm4, and Alarm4 is not at the end of the service. The service endpoint is not in the control scope of the controller. The root cause alarm was not found and reported directly (arrow No. 6 in the figure);
第5步:SC收到告警Alarm3和alarm4后(图中6号箭头),分析发现NE3,NE4没有找到服务层告警引发Alarm3,Alarm4,但是业务端点NE1存在 alarm1,会引发alarm3,Alarm4。那么记录Alarm1为关联告警,并且抑制Alarm3,alarm4,同时通知DC2进行抑制(图中7号箭头);Step 5: After the SC receives the alarms Alarm3 and alarm4 (arrow No. 6 in the figure), the analysis finds that NE3 and NE4 have not found the service layer alarm and triggered Alarm3, Alarm4, but the service endpoint NE1 exists. Alarm1 will trigger alarm3, Alarm4. Then record Alarm1 as the associated alarm, and suppress Alarm3, alarm4, and notify DC2 to suppress (arrow No. 7 in the figure);
第6步:最终APP只收到NE1的alarm1(图中9号箭头),达到了找到根源告警和减少告警上报量的目的;Step 6: The final APP only receives the alarm1 of NE1 (the arrow No. 9 in the figure), and achieves the purpose of finding the root cause alarm and reducing the alarm reporting amount;
第7步:出于某种需要,APP关心某业务的时候,可能要查询所有涉及的告警,则可以下发查询命令,查询该业务所有告警,包括抑制的告警。控制器逐层返回应答,在SC汇总后报给APP。Step 7: For some kind of needs, when the APP cares about a certain service, it may need to query all the related alarms, and then send an inquiry command to query all the alarms of the service, including the suppressed alarm. The controller returns the response layer by layer and reports it to the APP after the SC is summarized.
实施例2Example 2
本实施例提供一种控制器,如图5所示,至少包括如下模块:This embodiment provides a controller, as shown in FIG. 5, including at least the following modules:
告警分析模块,设置为在本控制器收到南向接口上报的告警时,对该告警与本控制器的网络范围内的现有告警进行告警关联性分析;以及The alarm analysis module is configured to perform an alarm correlation analysis between the alarm and an existing alarm in the network scope of the controller when the controller receives the alarm reported by the southbound interface;
告警处理模块,设置为当告警关联性分析的结果为找到根源告警,则抑制告警的上报。The alarm processing module is configured to suppress the reporting of the alarm when the result of the alarm correlation analysis is that the root cause alarm is found.
另外,告警处理模块,还设置为在告警关联性分析的结果为没有找到根源告警时,可以将告警上报给上层控制器或应用,或者根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用。In addition, the alarm processing module is further configured to: when the result of the alarm correlation analysis is that the root cause alarm is not found, the alarm may be reported to the upper-layer controller or the application, or the alarm is analyzed according to the pre-configured alarm analysis policy. Upper controller or application.
其中,本实施例中所涉及的告警分析策略至少包括如下一种或几种信息:The alarm analysis strategy involved in the embodiment includes at least one or more of the following information:
业务中间节点的告警是否上报的信息,告警上报数量控制信息,告警上报优先级信息。Whether the alarms of the service intermediate nodes are reported, the alarms report the quantity control information, and the alarms report the priority information.
告警处理模块的处理包括:The processing of the alarm processing module includes:
首先分析确定告警所在的业务,如果告警所在业务的所有节点全部在本控制器的控制范围内,且该告警的资源是该业务的中间点,则根据预先配置的告警分析策略确定是否上报所述告警。First, the service of the alarm is determined. If all the nodes of the service are in the control range of the controller, and the alarm resource is the intermediate point of the service, determine whether to report the report according to the pre-configured alarm analysis policy. Alarm.
如果告警所在业务的所有节点全部在本控制器的控制范围内,且告警的资源是该业务的源宿端点,则将该告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的中间节点中是否存在该告警引发的衍生告警, 如果存在该告警引发的衍生告警,则将该中间节点的告警由上报状态修改为抑制状态。If all the nodes of the service are in the control range of the controller, and the alarm resource is the source and sink endpoint of the service, the alarm with the highest priority is reported to the upper controller or application, and analyzed. Whether there is a derivative alarm triggered by the alarm in the intermediate node of the service. If there is a derivative alarm triggered by the alarm, the alarm of the intermediate node is changed from the reporting state to the suppression state.
如果告警所在业务的部分节点在本控制器的控制范围内,则分析本告警资源的业务上游是否存在引发所述告警的告警,如果存在,则抑制该告警,如果不存在,则根据预先配置的告警分析策略确定是否上报该告警。If a part of the node where the alarm is located is within the control range of the controller, analyze whether there is an alarm that triggers the alarm in the upstream of the service of the alarm resource. If yes, the alarm is suppressed. If not, according to the pre-configured The alarm analysis policy determines whether the alarm is reported.
要说明的是,告警处理模块根据预先配置的告警分析策略确定是否上报所述告警时,可以是满足预先配置的告警分析策略中任一种上报条件即上报该告警。也可以是满足预先配置的告警分析策略中多个或者全部上报条件才上报该告警。本实施例对具体的上报原则不作限制。It is to be noted that, when the alarm processing module determines whether to report the alarm according to the pre-configured alarm analysis policy, the alarm processing module may report the alarm according to any one of the pre-configured alarm analysis policies. The alarm may be reported only when multiple or all of the pre-configured alarm analysis policies are met. This embodiment does not limit the specific reporting principle.
可选地,上述装置还可以包括告警记录模块,该模块设置为在告警关联性分析结果为找到根源告警时,将告警与找到的根源告警记录为关联告警。Optionally, the foregoing apparatus may further include an alarm recording module, where the module is configured to record the alarm and the found root source alarm as associated alarms when the root cause alarm is found in the alarm correlation analysis result.
上述装置还可以包括查询模块,设置为通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警。The device may further include a querying module, configured to receive a query for a part of the alarm or all the alarms initiated by the network application APP or the upper layer controller by using the query interface, and return a corresponding alarm according to the received command.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本申请不限制于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the steps described above can be accomplished by a program that instructs the associated hardware, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiment may be implemented in the form of hardware or in the form of a software function module. This application is not limited to any specific combination of hardware and software.
工业实用性Industrial applicability
本申请实施例技术方案大大降低了告警上报的数量,直接把最有可能的根故障原因找出来,从而提高了告警分析效率。 The technical solution of the embodiment of the present application greatly reduces the number of alarm reports, and directly finds out the most likely cause of root failure, thereby improving the efficiency of alarm analysis.

Claims (16)

  1. 一种告警关联性处理的方法,包括:A method for alarm correlation processing, including:
    控制器收到南向接口上报的告警时,对所述告警与本控制器的网络范围内的现有告警进行告警关联性分析;When receiving the alarm reported by the southbound interface, the controller performs alarm correlation analysis on the alarm and the existing alarm in the network range of the controller;
    当告警关联性分析的结果为找到根源告警,则所述控制器抑制所述告警的上报。When the result of the alarm correlation analysis is that the root cause alarm is found, the controller suppresses the reporting of the alarm.
  2. 如权利要求1所述的方法,该方法还包括:The method of claim 1 further comprising:
    当告警关联性分析的结果为没有找到根源告警,则所述控制器将所述告警上报给上层控制器或应用;或者When the result of the alarm correlation analysis is that the root cause alarm is not found, the controller reports the alarm to the upper controller or the application; or
    当告警关联性分析的结果为没有找到根源告警,则所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用。When the result of the alarm correlation analysis is that the root cause alarm is not found, the controller determines whether to report the alarm to the upper layer controller or the application according to the pre-configured alarm analysis policy.
  3. 如权利要求2所述的方法,其中,所述告警分析策略至少包括如下一种或几种信息:The method of claim 2 wherein said alert analysis strategy comprises at least one or more of the following:
    业务中间节点的告警是否上报的信息,告警上报数量控制信息,告警上报优先级信息。Whether the alarms of the service intermediate nodes are reported, the alarms report the quantity control information, and the alarms report the priority information.
  4. 如权利要求2或3所述的方法,其中,当告警关联性分析的结果为没有找到根源告警时,所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:The method of claim 2 or 3, wherein, when the result of the alarm correlation analysis is that the root cause alarm is not found, the controller determines whether to report the alarm to the upper controller or according to the pre-configured alarm analysis policy. The steps of the application include:
    分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的中间点,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the controller is configured according to the pre-configured The alarm analysis policy determines whether the alarm is reported.
  5. 如权利要求4所述的方法,其中,当告警关联性分析的结果为没有找到根源告警时,所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:The method of claim 4, wherein, when the result of the alarm correlation analysis is that the root cause alarm is not found, the controller determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy. The steps include:
    分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的源宿端点,则将所述告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的 中间节点中是否存在所述告警引发的衍生告警,如果存在所述告警引发的衍生告警,则所述控制器将该中间节点的告警由上报状态修改为抑制状态。The service of determining the alarm is determined. If all the nodes of the service in which the alarm is located are within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, the alarm is used as a priority. The highest alarm is reported to the upper controller or application and analyzed in the service. The intermediate node has a derivative alarm caused by the alarm. If there is a derivative alarm caused by the alarm, the controller changes the alarm of the intermediate node from the reporting state to the suppression state.
  6. 如权利要求4所述的方法,其中,当告警关联性分析的结果为没有找到根源告警时,所述控制器根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用的步骤包括:The method of claim 4, wherein, when the result of the alarm correlation analysis is that the root cause alarm is not found, the controller determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy. The steps include:
    分析确定所述告警所在的业务,如果所述告警所在业务的部分节点在本控制器的控制范围内,则分析本告警资源的业务上游是否存在引发所述告警的告警,如果存在,则抑制所述告警,如果不存在,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The analysis determines the service in which the alarm is located, and if some nodes of the service in which the alarm is located are within the control range of the controller, analyze whether there is an alarm that triggers the alarm in the upstream of the service of the alarm resource, and if so, the suppression If the alarm does not exist, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
  7. 如权利要求4或5或6所述的方法,所述方法还包括:The method of claim 4 or 5 or 6, further comprising:
    当告警关联性分析结果为找到根源告警时,将所述告警与找到的根源告警记录为关联告警。When the alarm correlation analysis result is that the root cause alarm is found, the alarm and the found root source alarm are recorded as associated alarms.
  8. 如权利要求7所述的方法,所述方法还包括:The method of claim 7 further comprising:
    控制器通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警。The controller receives the query for the partial part alarm or all the alarms initiated by the network application APP or the upper layer controller through the query interface, and returns a corresponding alarm according to the received command.
  9. 一种控制器,包括:A controller comprising:
    告警分析模块,设置为在本控制器收到南向接口上报的告警时,对所述告警与本控制器的网络范围内的现有告警进行告警关联性分析;以及The alarm analysis module is configured to perform an alarm correlation analysis between the alarm and an existing alarm in the network scope of the controller when the controller receives the alarm reported by the southbound interface;
    告警处理模块,设置为当告警关联性分析的结果为找到根源告警,则抑制所述告警的上报。The alarm processing module is configured to suppress the reporting of the alarm when the root cause alarm is found as a result of the alarm correlation analysis.
  10. 如权利要求9所述的控制器,The controller of claim 9
    所述告警处理模块,还设置为在告警关联性分析的结果为没有找到根源告警时,将所述告警上报给上层控制器或应用,或者根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用。The alarm processing module is further configured to report the alarm to the upper-layer controller or the application when the root cause alarm is not found, or determine whether to report the alarm according to the pre-configured alarm analysis policy. Give the upper controller or application.
  11. 如权利要求10所述的控制器,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指: The controller of claim 10, wherein the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the root cause alarm is not found. Means:
    所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的中间点,则所述根据预先配置的告警分析策略确定是否上报所述告警。The alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is an intermediate point of the service, the The pre-configured alarm analysis policy determines whether the alarm is reported.
  12. 如权利要求11所述的控制器,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指:The controller of claim 11, wherein the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found. Means:
    所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的所有节点全部在本控制器的控制范围内,且所述告警的资源是该业务的源宿端点,则将所述告警作为优先级最高的告警上报给上层控制器或应用,并分析在该业务的中间节点中是否存在所述告警引发的衍生告警,如果存在所述告警引发的衍生告警,则所述控制器将该中间节点的告警由上报状态修改为抑制状态。The alarm processing module analyzes and determines the service in which the alarm is located. If all the nodes of the service in which the alarm is located are all within the control range of the controller, and the resource of the alarm is the source and sink endpoint of the service, The alarm is reported to the upper-layer controller or the application as the highest-priority alarm, and the derivative alarm caused by the alarm is detected in the intermediate node of the service. If the alarm generated by the alarm is generated, the controller The alarm of the intermediate node is modified from the reporting state to the suppression state.
  13. 如权利要求11所述的控制器,所述告警处理模块在告警关联性分析的结果为没有找到根源告警时,根据预先配置的告警分析策略确定是否将所述告警上报给上层控制器或应用是指:The controller of claim 11, wherein the alarm processing module determines whether to report the alarm to the upper controller or the application according to the pre-configured alarm analysis policy when the result of the alarm correlation analysis is that the root alarm is not found. Means:
    所述告警处理模块分析确定所述告警所在的业务,如果所述告警所在业务的部分节点在本控制器的控制范围内,则分析本告警资源的业务上游是否存在引发所述告警的告警,如果存在,则抑制所述告警,如果不存在,则所述控制器根据预先配置的告警分析策略确定是否上报所述告警。The alarm processing module analyzes and determines the service in which the alarm is located. If some nodes of the service where the alarm is located are within the control range of the controller, analyze whether the alarm upstream of the service of the alarm resource has an alarm that triggers the alarm. If yes, the controller suppresses the alarm. If not, the controller determines whether to report the alarm according to the pre-configured alarm analysis policy.
  14. 如权利要求11或12或13所述的控制器,所述控制器还包括:The controller of claim 11 or 12 or 13, the controller further comprising:
    告警记录模块,设置为在告警关联性分析结果为找到根源告警时,将所述告警与找到的根源告警记录为关联告警。The alarm record module is configured to record the alarm and the found root cause alarm as associated alarms when the root cause alarm is found in the alarm correlation analysis result.
  15. 如权利要求14所述的控制器,所述控制器还包括:The controller of claim 14, the controller further comprising:
    查询模块,设置为通过查询接口接收网络应用APP或者上层控制器发起的查询部分告警或者所有告警的命令,并根据所收到的命令返回相应的告警。The query module is configured to receive a query for a part of the alarm or all alarms initiated by the network application APP or the upper layer controller through the query interface, and return a corresponding alarm according to the received command.
  16. 一种计算机可读存储介质,存储有程序指令,当该程序指令被执行时可实现权利要求1-8任一项所述的方法。 A computer readable storage medium storing program instructions that, when executed, implement the method of any of claims 1-8.
PCT/CN2015/078388 2014-12-18 2015-05-06 Controller and method for processing alarm relevance WO2016095408A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410802293.5A CN105790972B (en) 2014-12-18 2014-12-18 Controller and alarm correlation processing method
CN201410802293.5 2014-12-18

Publications (1)

Publication Number Publication Date
WO2016095408A1 true WO2016095408A1 (en) 2016-06-23

Family

ID=56125761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/078388 WO2016095408A1 (en) 2014-12-18 2015-05-06 Controller and method for processing alarm relevance

Country Status (2)

Country Link
CN (1) CN105790972B (en)
WO (1) WO2016095408A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107453906A (en) * 2017-08-01 2017-12-08 郑州云海信息技术有限公司 A kind of method to set up and device of storage management system monitoring alarm
WO2018010068A1 (en) * 2016-07-11 2018-01-18 华为技术有限公司 Method and device for providing alert in network function virtualization environment
CN109992440A (en) * 2019-04-02 2019-07-09 北京睿至大数据有限公司 A kind of IT root accident analysis recognition methods of knowledge based map and machine learning

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309577A (en) * 2017-07-27 2019-02-05 杭州达乎科技有限公司 Alert processing method, apparatus and system for SDN network
CN108156019B (en) * 2017-11-29 2022-10-25 全球能源互联网研究院有限公司 SDN-based network derived alarm filtering system and method
CN113132144B (en) * 2019-12-31 2022-05-31 华为技术有限公司 Alarm processing method and device and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111788A (en) * 2009-12-29 2011-06-29 中兴通讯股份有限公司 Alarm processing method and alarm management system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100479385C (en) * 2006-06-01 2009-04-15 华为技术有限公司 Integral maintaining method and system for multi-equipment
CN102006191B (en) * 2010-11-26 2014-12-10 中兴通讯股份有限公司 Method and device for realizing warning
CN104009854B (en) * 2013-02-21 2019-01-22 中兴通讯股份有限公司 A kind of alert processing method and device, alarm association information setting method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111788A (en) * 2009-12-29 2011-06-29 中兴通讯股份有限公司 Alarm processing method and alarm management system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018010068A1 (en) * 2016-07-11 2018-01-18 华为技术有限公司 Method and device for providing alert in network function virtualization environment
CN107453906A (en) * 2017-08-01 2017-12-08 郑州云海信息技术有限公司 A kind of method to set up and device of storage management system monitoring alarm
CN109992440A (en) * 2019-04-02 2019-07-09 北京睿至大数据有限公司 A kind of IT root accident analysis recognition methods of knowledge based map and machine learning

Also Published As

Publication number Publication date
CN105790972B (en) 2020-09-29
CN105790972A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
WO2016095408A1 (en) Controller and method for processing alarm relevance
CN108270669B (en) Service recovery device, main controller, system and method of SDN network
US11582115B2 (en) Dynamic intent assurance and programmability in computer networks
EP3180893B1 (en) Network device configuration framework
US9806983B2 (en) System and method for control flow management in software defined networks
US9461877B1 (en) Aggregating network resource allocation information and network resource configuration information
CA2676925C (en) Distributed network management system and method
US20150169353A1 (en) System and method for managing data center services
US20160142262A1 (en) Monitoring a computing network
US20150170508A1 (en) System and method for managing data center alarms
WO2014202026A1 (en) Method and system for virtual network mapping protection and computer storage medium
US10237124B2 (en) Network operation, administration, and maintenance (OAM) method, apparatus, and system
CN114697207A (en) Edge controller with network performance parameter support
US20170116526A1 (en) Automatic triggering of linear programming solvers using stream reasoning
US11805013B2 (en) Prioritizing policy intent enforcement on network devices
WO2018163259A1 (en) Monitoring processing program, monitoring processing method, and monitoring device
CN107018033B (en) Self-adjusting cloud management system
WO2016065925A1 (en) Controller replacing method and device
Li et al. Towards centralized and semi‐automatic VLAN management
US20160378816A1 (en) System and method of verifying provisioned virtual services
US9667554B2 (en) DS domain generating method, device and system
WO2023249506A1 (en) Replay of analytics for a network management system
TWI622282B (en) Automatic monitoring method of network topology
KR100608917B1 (en) Method for managing fault information of distributed forwarding architecture router
Miyazawa et al. RDStore: In-network resource datastore with distributed processing of resource graph

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15868921

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15868921

Country of ref document: EP

Kind code of ref document: A1