CORRELATION OF NETWORK ALARM MESSAGES BASED ON ALARM TIME

US 20120072782A1
Filed: 09/21/2010
Published: 03/22/2012
Est. Priority Date: 09/21/2010
Status: Active Grant

First Claim

Patent Images

1. A computing device-implemented method, comprising:

receiving, by the device, a plurality of alarm messages, indicating detection of an error condition in a network, from network devices in the network;

clustering, by the device, the alarm messages based on a time at which the alarm messages were generated, to obtain a cluster of alarm messages;

determining, by the device, a set of circuits in the network in which each circuit in the set of circuits is associated with at least one of the alarm messages in the cluster;

analyzing, by the device, overlap of circuits in the set of circuits to locate potential problems in the network; and

outputting, by the device, an indication of the potential problems.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Problems in a network may be diagnosed based on alarm messages received from devices in the network and based on logical circuit path information of the network. In one implementation, a device may log alarm messages, in which each of the logged alarm messages may identify a network device that generated the alarm message and each of the alarm messages are associated with a time value. The device may group the alarm messages in the log of alarm messages based on the time values of the alarm messages to obtain one or more alarm message clusters and analyze the alarm message clusters to locate potential causes of the logged alarm messages.

8 Citations

20 Claims

1. A computing device-implemented method, comprising:
- receiving, by the device, a plurality of alarm messages, indicating detection of an error condition in a network, from network devices in the network;
  
  clustering, by the device, the alarm messages based on a time at which the alarm messages were generated, to obtain a cluster of alarm messages;
  
  determining, by the device, a set of circuits in the network in which each circuit in the set of circuits is associated with at least one of the alarm messages in the cluster;
  
  analyzing, by the device, overlap of circuits in the set of circuits to locate potential problems in the network; and
  
  outputting, by the device, an indication of the potential problems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, where determining the set of circuits includes:
    - including a circuit in the set of circuits when at least one location associated with the circuit corresponds to a location associated with one of the network devices that generated an alarm message in the cluster.
  - 3. The method of claim 1, where each circuit includes a logical path through the network.
  - 4. The method of claim 3, where the logical path of each circuit through the network is specified as one or more geographic locations or network devices.
  - 5. The method of claim 1, further comprising:
    - logging each of the received plurality of alarm messages as a log entry that includes an identifier associated with the network device generating the alarm message, a timestamp value indicating when the alarm message was generated, and an error code that identifies a network error that caused the alarm message to be generated.
  - 6. The method of claim 1, where analyzing the overlapping of circuits to locate potential problems in the network additionally includes:
    - analyzing network topology information, describing a physical arrangement and capabilities of the network devices, when locating the potential problems in the network.
  - 7. The method of claim 1, where the clustering further includes:
    - including alarm messages that occur within a sliding time window in the cluster of alarm messages.
  - 8. The method of claim 1, further comprising:
    - assigning a value, to each of the potential problems, indicating a confidence level of the potential problem being a cause of one or more of the plurality of alarm messages.

9. A device comprising:
- one or more processors; and
  
  one or more memories, coupled to the one or more processors, the one or more memories storing instructions, that when executed by the one or more processors, cause the one or more processors to;
  
  log alarm messages, received from network devices in a network, indicating detection of an error condition in the network, each of the alarm messages identifying a network device that generated the alarm message and each of the alarm messages being associated with a time value,group the alarm messages in the log of alarm messages based on the time values of the alarm messages to obtain one or more alarm message clusters,analyze the alarm message clusters to locate potential causes of the logged alarm messages, andoutput the located potential causes of the logged alarm messages.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The device of claim 9, where the potential causes of the logged alarm messages are located as malfunctioning network devices or malfunctioning links between network devices.
  - 11. The device of claim 9, where the one or more processors additionally:
    - output the located potential causes of the logged alarm messages via a graphical interface in a network management center.
  - 12. The device of claim 9, where the time value includes a timestamp of when the corresponding alarm message was generated.
  - 13. The device of claim 9, where the network devices include one or more of routers, switches, bridges, or gateways.
  - 14. The device of claim 9, where the one or more processors additionally:
    - determine a set of circuits in the network for a first alarm message cluster in which each circuit in the set is associated with at least one of the alarm messages in the first alarm message cluster; and
      
      where the analysis of the alarm message clusters is based on overlap of network segments in the determined set of circuits.
  - 15. The device of claim 14, where analyzing the overlap in the determined set of circuits additionally includes:
    - analyzing network topology information that describes a physical arrangement and capabilities of the network devices.
  - 16. The device of claim 9, where each of the logged alarm messages additionally includes:
    - an error code that identifies a network error that caused the alarm message to be generated.
  - 17. The device of claim 9, further comprising:
    - assigning a value, to each of the potential causes of the logged alarm messages indicating a confidence level of the causes of the logged alarm messages.

18. A system comprising:
- an alarm log to store alarm messages that indicate an error condition was detected in a network that is being monitored;
  
  a network circuit information store to store information relating to circuits that represent logical paths through the network;
  
  an analysis component to;
  
  cluster the alarm messages based on a time at which the alarm messages were generated, to obtain a cluster of alarm messages,determine a set of circuits in the network circuit information store in which each circuit in the set of circuits is associated with at least one of the alarm messages in the cluster, andanalyze overlap of circuits in the set of circuits to locate potential problems in the network; and
  
  an output interface to output an indication of the potential problems to a user.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, where the analysis component additionally:
    - analyzes network topology information, describing a physical arrangement and capabilities of the network devices, when locating the potential problems in the network.
  - 20. The system of claim 18, where the analysis component additionally:
    - includes alarm messages that occur within a sliding time window in the cluster of alarm messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
HUGHES, George L., MULLA, Tahir G., SPIEKER, Jonathan L., TUROK, Michael L.

Granted Patent

US 8,245,079 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/57
CPC Class Codes

H04L 12/6418 Hybrid transport

CORRELATION OF NETWORK ALARM MESSAGES BASED ON ALARM TIME

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CORRELATION OF NETWORK ALARM MESSAGES BASED ON ALARM TIME

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links