Correlation of network alarm messages based on alarm time

US 8,245,079 B2
Filed: 09/21/2010
Issued: 08/14/2012
Est. Priority Date: 09/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a device and from network devices in a network, alarm messages that indicate a detection of an error condition in the network;

clustering, by the device, two or more of the alarm messages that occur within a sliding time window into a cluster of alarm messages,the sliding time window indicating a time when the two or more of the alarm messages, included in the cluster of the alarm messages, were generated;

determining, by the device, a set of circuits in the network for the cluster of alarm messages,each circuit in the set of circuits being associated with at least one alarm message in the cluster of alarm messages;

determining, by the device, an overlap of two or more circuits in the set of circuits;

identifying a potential problem in the network based on the overlap; and

outputting, by the device, an indication of the potential problem.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Problems in a network may be diagnosed based on alarm messages received from devices in the network and based on logical circuit path information of the network. In one implementation, a device may log alarm messages, in which each of the logged alarm messages may identify a network device that generated the alarm message and each of the alarm messages are associated with a time value. The device may group the alarm messages in the log of alarm messages based on the time values of the alarm messages to obtain one or more alarm message clusters and analyze the alarm message clusters to locate potential causes of the logged alarm messages.

12 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a device and from network devices in a network, alarm messages that indicate a detection of an error condition in the network;
  
  clustering, by the device, two or more of the alarm messages that occur within a sliding time window into a cluster of alarm messages,the sliding time window indicating a time when the two or more of the alarm messages, included in the cluster of the alarm messages, were generated;
  
  determining, by the device, a set of circuits in the network for the cluster of alarm messages,each circuit in the set of circuits being associated with at least one alarm message in the cluster of alarm messages;
  
  determining, by the device, an overlap of two or more circuits in the set of circuits;
  
  identifying a potential problem in the network based on the overlap; and
  
  outputting, by the device, an indication of the potential problem.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, where determining the set of circuits comprises:
    - including a circuit in the set of circuits when at least one location associated with the circuit corresponds to a location associated with one of the network devices that generated one of the two or more alarm messages in the cluster of alarm messages.
  - 3. The method of claim 1, where each circuit in the set of circuits includes a path through the network.
  - 4. The method of claim 3, where the path includes one of:
    - a path between two or more geographic locations, ora path between two or more of the network devices.
  - 5. The method of claim 1, further comprising:
    - logging a first alarm message of the alarm messages in a log entry that includes an identifier associated with one of the network devices that generated the first alarm message, a timestamp value indicating when the first alarm message was generated, and an error code that identifies a network error that caused the first alarm message to be generated.
  - 6. The method of claim 1, where identifying the potential problem comprises:
    - obtaining topology information associated with the network,the topology information describing a physical arrangement and capabilities of the network devices, anddetermining that the potential problem is consistent with the topology information.
  - 7. The method of claim 1, further comprising:
    - assigning a value, to the potential problem, that indicates a confidence level of the potential problem being a cause of one or more of the alarm messages.
  - 8. The method of claim 1, where the overlap is at a segment of the network or at one of the network devices that is traversed by the two or more circuits.
  - 9. The method of claim 1, where identifying the potential problem based on the overlap comprises:
    - determining a different overlap of two or more other circuits in the set of circuits,determining that a first quantity of the two or more circuits is greater than a second quantity of the two or more other circuits, andidentifying that the potential problem is associated with the overlap due to the first quantity being greater than the second quantity.

10. A device comprising:
- a memory; and
  
  one or more processors to;
  
  log alarm messages, received from network devices in a network, indicating detection of an error condition in the network,the alarm messages identifying the network devices that generated the alarm messages, andthe alarm messages being associated with time values,assign, based on the time values, two or more of the alarm messages that occur within a sliding time window to an alarm message cluster,analyze the two or more of the alarm messages, included in the alarm message cluster, to determine a potential cause of the alarm messages, andoutput the potential cause of the alarm messages.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The device of claim 10,where the potential cause of the alarm messages is one of:
    - a malfunctioning of one or more of the network devices, ora malfunctioning of a link that connects two of the network devices.
  - 12. The device of claim 10, where, when outputting the potential cause of the alarm messages, the one or more processors are to:
    - output the potential cause of the alarm messages via a graphical interface.
  - 13. The device of claim 10, where the time values include timestamps that indicate when the alarm messages were generated.
  - 14. The device of claim 10, where the network devices include one or more of routers, switches, bridges, or gateways.
  - 15. The device of claim 10, where, when analyzing the two or more of the alarm messages, the one or more processors are to:
    - determine paths in the network that are associated with the alarm message cluster,determine an overlap of two or more of the paths at a link of the network or at one of the network devices, andidentify the potential cause of the alarm messages based on the overlap.
  - 16. The device of claim 15, where, when identifying the potential cause of the alarm messages, the one or more processors are to:
    - obtain topology information that describes a physical arrangement and capabilities of the network devices, anddetermine that the potential cause of the alarm messages is consistent with the topology information.
  - 17. The device of claim 10, where each of the alarm messages includes:
    - an error code that identifies a network error that caused one or more of the alarm messages to be generated.
  - 18. The device of claim 10, where the one or more processors are further to:
    - assign a value, to the potential cause of the alarm messages, that indicates a confidence level of the potential cause being a cause of the alarm messages.

19. A non-transitory computer-readable storage medium containing instructions, the instructions comprising:
- one or more instructions, executable by one or more processors, to store alarm messages that indicate an error condition detected in a network that is being monitored;
  
  one or more instructions, executable by the one or more processors, to include, in a cluster of alarm messages, two or more of the alarm messages that occur within a sliding time window,the sliding time window indicating a time during which the two or more of the alarm messages were generated; and
  
  one or more instructions, executable by the one or more processors, to determine a set of circuits for the cluster of alarm messages,each circuit in the set of circuits being associated with at least one alarm message in the cluster of alarm messages, andone or more instructions, executable by the one or more processors, to determine an overlap of two or more circuits in the set of circuits;
  
  one or more instructions, executable by the one or more processors, to identify a potential problem in the network based on the overlap; and
  
  one or more instructions, executable by the one or more processors, to output an indication of the potential problem.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable storage medium of claim 19, where the one or more instructions to identify the potential problem comprise:
    - one or more instructions to determine that the potential problem is consistent with topology information,the topology information describing a physical arrangement and capabilities of network devices in the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Hughes, George L., Mulla, Tahir G., Spieker, Jonathan L., Turok, Michael L.
Primary Examiner(s)
Ehne, Charles

Application Number

US12/886,789
Publication Number

US 20120072782A1
Time in Patent Office

693 Days
Field of Search

714/4.1, 714/25, 714/26, 714/43, 714/49, 714/57
US Class Current

714/26
CPC Class Codes

H04L 12/6418 Hybrid transport

Correlation of network alarm messages based on alarm time

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Correlation of network alarm messages based on alarm time

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links