Threshold violation

A KPI is considered to be in a violation state when it breaches the limits of traffic volume data for a specific number of times according to the configuration settings.

Threshold type

The severity of a violation is decided based on the violation against either on the upper or lower limit that is configured for a threshold.

If the threshold is configured to check for Over, then severity is determined as:
- If KPI value is greater than or equal to the Upper Limit, then the severity is Critical.
- If the KPI value is greater than or equal to the lower limit, but not exceeding the upper limit, then the severity is Major.
If the threshold is configured to check for Under, then severity is determined as:
- If the KPI value is lesser than or equal to the upper limit, but not dropping below the lower limit, then the severity is Major.
- If KPI value is lesser than or equal to the lower limit, then the severity is Critical.
If the threshold is configured to check for Band, then severity is determined as:
- If the KPI value is greater than or equal to the upper limit, then the severity is Critical.
- If KPI value is lesser than or equal to the lower limit, then the severity is Critical.

For example, if the limit type is Over, and the traffic volume data is greater than the upper limit, the severity of the threshold is set to Critical. If the traffic volume data is greater than the lower limit, the threshold severity is set to Major.

The following table summarizes how a threshold severity is set to either Major or Critical for different limit types:

Table 1. Threshold severity for limit types
Limit Type	Scenario	Severity
Over	Traffic volume data greater than the upper limit	Critical
Over	Traffic volume data greater than the lower limit	Major
Under	Traffic volume data lesser than upper limit	Major
Under	Traffic volume data lesser than the lower limit	Critical
Band	Traffic volume data greater than the upper limit	Critical
Band	Traffic volume data lesser than the lower limit	Critical

Note: For limit type Band, the severity is always set to Critical for any threshold violation scenarios.

Exiting a threshold violation

Exiting from a violation state is the action of setting the severity of an event to CLEAR. The severity is cleared after a KPI goes into a non-violation state. The threshold at which an event is raised then is cleared.

Non-Violation -> Major Violation -> CLEAR -> Non-Violation
Or
Non-Violation -> Critical Violation -> CLEAR -> Non-Violation

Network Performance Insight® supports system generated auto clear. The following table shows, when the system can set the severity to CLEAR.

Table 2. Scenarios for `CLEAR` severity.
Table that shows scenarios when `CLEAR` severity occurs
Limit Type	Current Severity	Scenario	New Severity
Over	KPI is either in Major or Critical level	Traffic volume data lesser than the lower limit	`CLEAR`
Under	KPI is either in Major or Critical level	Traffic volume data greater than upper limit	`CLEAR`
Band	KPI is in Critical level	Traffic volume data falls within the range of upper limit and lower limit	`CLEAR`

If an existing threshold configuration is modified, by changing any of the configuration values such as limit type, upper or lower limit, number of events or disable the threshold, the system sets the severity to CLEAR.

For more information about the configuration steps, see Configuring Flow thresholds.