Congestion notification in leaf and spine networks
US-9246818-B2 · Jan 26, 2016 · US
Network assurance event aggregator
US10554477B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10554477-B2 |
| Application number | US-201715703029-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 13, 2017 |
| Priority date | Sep 13, 2017 |
| Publication date | Feb 4, 2020 |
| Grant date | Feb 4, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and computer-readable media for aggregating and presenting network events in a network environment. In some embodiments, a system can maintain event correlation rules for aggregating \network events occurring in a network based on characteristics of previously occurring network events. Network events occurring in the specific network environment can be identified. The network events can be aggregated to form an aggregated network event using the event correlation rules maintained based on the characteristics of previously occurring network events. The aggregated network event can subsequently be presented to a user.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: maintaining event correlation rules for aggregating network events occurring in a specific network environment, wherein the event correlation rules are maintained based on characteristics of previously occurring network events; maintaining event presentation rules that specify a threshold number of event instances to trigger presentation of at least a subset of the network events; identifying at least two network events of the network events in the specific network environment; aggregating the at least two network events based on the event correlation rules to form an aggregated network event; determining whether the at least two network events aggregated to form the aggregated network event meet a threshold number of event instances; and presenting the aggregated network event to a user if the at least two network events meet the threshold number of event instances. 2. The method of claim 1 , wherein the characteristics of the previously occurring network events include one or a combination of values of parameters of at least one network environment defining the previously occurring network events, event states of the previously occurring network events, event categories associated with the previously occurring network events and the event states of the previously occurring network events, times of the previously occurring network events actually occurred in the at least one network environment, and at least one relevant network state of the at least one network environment associated with the previously occurring network events. 3. The method of claim 1 , wherein the event correlation rules are specific to either or both temporal distances and spatial distances between the network events occurring in the specific network environment and the at least two network events are aggregated using the event correlation rules based on either or both a temporal distance and a spatial distance between the at least two network events. 4. The method of claim 1 , wherein the event correlation rules include logical operators defined by the user. 5. The method of claim 1 , wherein the threshold number of event instances is a variable threshold number of event instances that varies based on one or a combination of values of parameters of the specific network environment defining the network events in the specific network environment, event states of the network events, event categories associated with the network events and the event states of the network events, times of the network events actually occurred in the specific network environment, and at least one relevant network state of the specific network environment associated with the network events. 6. The method of claim 1 , further comprising: determining a rate limit for identifying the network events occurring in the specific network environment; and identifying the at least two network events according to the rate limit. 7. The method of claim 6 , wherein the rate limit is determined based on one or a combination of values of parameters of the specific network environment defining the network events in the specific network environment, event states of the network events, event categories associated with the network events and the event states of the network events, times of the network events actually occurred in the specific network environment, and at least one relevant network state of the specific network environment associated with the network events. 8. The method of claim 1 , further comprising: ranking the aggregated network event amongst at least a portion of the network events in the specific network environment based on an importance of the aggregated network event; determining whether to present the aggregated network event to the user based on a ranking of the aggregated network event amongst the at least the portion of the network events; and presenting the aggregated network event to the user, if it is determined to present the aggregated network event to the user based on the ranking of the aggregated network event. 9. The method of claim 8 , wherein the importance of the aggregated network event is based on a number of objects in the specific network environment associated with the at least two network events forming the aggregated network event. 10. The method of claim 1 , wherein the event correlation rules include logical operators specific to either or both temporal distances and spatial distances between the network events occurring in the specific network environment, the method further comprising applying the logical operators to the at least two network events according to either or both a temporal distance and a spatial distance between the at least two network events to aggregate the at least two network events based on either or both the temporal distance and the spatial distance between the at least two network events. 11. The method of claim 1 , wherein the at least two network events are identified from data collected from an assurance appliance. 12. The method of claim 1 , wherein one or a combination of event presentation rules for presenting the network events occurring in the specific network environment, a rate limit for identifying the network events occurring in the specific network environment, and the event correlation rules are defined by the user. 13. A system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: maintaining event correlation rules for aggregating network events occurring in a specific network environment, wherein the event correlation rules are maintained based on characteristics of previously occurring network events and input received from a user; maintaining event presentation rules that specify a threshold number of event instances to trigger presentation of at least a subset of the network events to the user; identifying at least two network events of the network events in the specific network environment; aggregating the at least two network events based on the event correlation rules to form an aggregated network event; determining whether the at least two network events aggregated to form the aggregated network event meet a threshold number of event instances; and presenting the aggregated network event to the user if the at least two network events meet the threshold number of event instances. 14. The system of claim 13 , wherein the characteristics of the previously occurring network events include one or a combination of values of parameters of at least one network environment defining the previously occurring network events, event states of the previously occurring network events, event categories associated with the previously occurring network events and the event states of the previously occurring network events, times of the previously occurring network events actually occurred in the at least one network environment, and at least one relevant network state of the at least one network environment associated with the previously occurring network events. 15. The system of claim 13 , wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising: determining a rate limit for identifying the network events occurring in the specific network environment, the rate limit specifying a frequency at which to identify the network events occurring in the specific network environment; an
Assignees
Inventors
Classifications
- H04L41/0604Primary
using filtering, e.g. reduction of information by using priority, element types, position or time · CPC title
Filtering policies (mail message filtering H04L51/212) · CPC title
Network utilisation, e.g. volume of load or congestion level · CPC title
using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10554477B2 cover?
- Systems, methods, and computer-readable media for aggregating and presenting network events in a network environment. In some embodiments, a system can maintain event correlation rules for aggregating \network events occurring in a network based on characteristics of previously occurring network events. Network events occurring in the specific network environment can be identified. The network …
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/0604. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 04 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).