Clustering should not be AFI agnostic #3
Assignees
Labels
Comments
|
Well, this was the original intention, usually when there is an issue, it is topology related and involves both AFIs, if there were to be two separate incidents, in separate AFI, and these were included with eachother in the cluster, then both would contribute to the culpability scoring algorithm. Now, my experience tells me that most culpability is determined in IPv4 traceroutes, usually because the algorithm only works when there are hops with packet loss (as opposed to lack of hops), and you tend to see this more with IPv4 because of hop hiding in IPv6 networks (i.e 6PE), so standalone IPv6 events are less useful and thus won't contribute as usefully in a mixed cluster event. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given that the IPv6 and IPv4 internet are disjoint, I think it would be better if event cluster detection is confined within a single AFI: IPv4 alarms should not contribute to IPv6 events and vice versa. Looking at http://sqa.ring.nlnog.net/event/91 I see both IPv4 and IPv6 alerts related to event
91.@lochiiconnectivity do you agree?
The text was updated successfully, but these errors were encountered: