Using Fault Management Monitors
The Fault mode shows you information about the health of your network and changing conditions of your equipment. Use Fault mode to find problems with equipment, pinpoint security attacks, or to analyze trends and categories of errors.
This topic describes:
What Are Events and Alarms?
Activity on a network device consists of a series of events. A software component on the network device, called an entity, is responsible for running the Simple Network Management Protocol (SNMP) to log and monitor these events. When certain types of events are persistent, or when the condition causing the event crosses a threshold, SNMP sends a notification, also called a trap to Connectivity Services Director. Connectivity Services Director correlates traps, describing a condition, into an alarm . For example, multiple power supply traps coming from a device are correlated into a single power supply alarm for the device.
There are many types of alarms. An alarm can be as routine as when the device changes state or as serious as when a power supply has failed. When an alarm is sent, or raised, it stays raised until the triggering condition is resolved or cleared. The system can clear the alarm when the state changes again or an administrator can clear it manually, which indicates that the condition is now resolved.
SNMP also plays another role in Connectivity Services Director. Enabling devices for SNMP with the appropriate read-only V1/V2/V3 credentials, can speed up device discovery.
Alarm Severity
Alarms are ranked by their impact to the network. The following list shows the ranking of alarms in Connectivity Services Director from alarms that have the most impact to alarms that have the least impact on the network. It also shows the color scheme associated with each level of severity that is reflected in related graphs.
Critical (Red) | A critical condition exists; immediate action is necessary. |
Major (Orange) | A major error has occurred; escalate or notify as necessary. |
Minor (Yellow) | A minor error has occurred; notify or monitor the condition. |
Info (Blue) | An informational message; no action is necessary. Informational alarms do not necessarily indicate an error. It could indicate that a device or entity has changed state. |
Administrators can override the default severity of an alarm and set the severity to match their inhouse guidelines. Changing the severity level for an alarm is done on the Fault tab of System Preferences.
Alarm Classification
Connectivity Services Director organizes alarms into categories so you can view trends in the types of errors occurring on a network. These categories, shown in Table 1 are derived from the SNMP Management Information Base (MIB) that is the information database or module containing the trap information for the event.
Category |
Description |
---|---|
BFD |
Indicates alarms for Bidirectional Forwarding Detection sessions. These alarms are generated from routing devices. |
BGP |
Indicates alarms for BGP4. |
Chassis |
Indicates alarms for device hardware, in this case, routers. |
Cluster/Modo |
Indicates alarms about wireless network clusters and mobility domains. |
Configuration |
Indicates alarms for configuration management. |
Controllers |
Indicate device alarms. |
CoS |
Indicates class of service alarms. |
DHCP |
Indicates local server DHCP alarms. |
DOM |
Indicates Digital Optical Monitoring alarms that are generated from optical interfaces. |
General |
Indicates alarms that are common to all network devices, such as link up/down or authentication. |
L2ALD |
Indicates MAC address alarms generated from the Layer 2 Address Learning Daemon (L2ALD). |
L2CP |
Indicates alarms generated by Layer 2 Control Protocol features. |
MACFDB |
Indicates an alarm for when MAC addresses are learned or removed from the forwarding database of the monitored device. |
Misc |
Indicates alarms that do not fit into the other categories. |
Network Service |
Indicates alarms generated when LSP or VPN services are impacted |
PassiveMonitoring |
Indicates alarms that occur on a passive monitoring interface. |
Ping |
Indicates alarms that a generated during a Ping request. |
RMon |
Indicates RMON alarms |
Alarm State
Once an alarm is active, it has one of these states:
Active—Alarms that are current and not yet acknowledged or cleared.
Cleared—Alarms that are resolved and the device or entity has returned to normal operation.
Some alarm states go directly from active to cleared state and require little to no administrative effort. However, other alarms with a high severity should be acknowledged and investigated.
In addition to acknowledging and clearing an alarm, you can assign an alarm to someone and you can append a note or annotation to an alarm. Annotations are helpful for documenting the resolution of an alarm or time estimates for a fix. Changes to an alarm’s state are made through the Alarm State monitor in Fault mode.
Alarm Notifications
Alarms can be enabled for email notification. When an alarm with notification enabled is generated, an email is sent to a set of specified addresses. There is a list of global email addresses that receive notifications from all alarms with notification enabled. Each alarm type can also have a list of addresses that receive notification when that alarm type is generated. Administrators can enable notification for alarm types and specify addresses to receive email notifications. These tasks are done on the Fault tab of System Preferences.
Threshold Alarms
Threshold alarms are alarms that are generated when a monitored value crosses the configured threshold. They provide enhanced visibility into potential issues on the network. Administrators configure and manage threshold alarms the same way as other alarms, and can set the threshold level of individual threshold alarms on the Fault tab of System Preferences.