No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


the diversion flow could not change the state from abnormal to attacked

Publication Date:  2013-12-10 Views:  499 Downloads:  0
Issue Description
ATIC detected that traffic was anomaly, and diversion, but the traffic state did not changed from the abnormal into the attacked.

Alarm Information
Handling Process
Check the cleaning device configuration and ATIC Server system, found the ATIC IP was modified, lead to the cleaning equipment log-server-ip does not corresponding with the actual ATIC IP, ATIC did not received the cleaning equipment’s log, and then the flow state could not change to attacked from abnormal.
Root Cause
The abnormal flow does not change into attacked, generally have the following two reasons.
(1) The flow is only overload to the threshold, not attack.
(2) The cleaning equipment could not communicate with ATIC, It is not because the interruption of link or route, therefore more subtle, although cleaning equipment is online, because the IP and port of the reporting attack is unreachable, it is easily overlooked.

Similarly, if the cleaning equipment in the log-server-ip configuration has been modified, will also lead to similar failures, although the  network element management state is online, because the system use different protocols to detect, so the management state online  could not explain the reported data to ATIC is normal.