Deep Analysis

Applicable Scenarios

• Network fault troubleshooting
• Performance problem analysis
• Path tracing
• Root cause identification

Identification Signals

User questions contain: "why", "troubleshoot", "analyze", "fault", "not working", "cannot access", "slow"

Execution Strategy

1. Use write_todos to decompose problems
2. Identify problem type and choose analysis direction
3. Delegate to appropriate Subagent
4. Synthesize analysis and provide conclusions and recommendations

Subagent Delegation Strategy (Phase 3)

How to Use Subagents

OLAV now supports specialized Subagents for complex analysis tasks. Use the

task

tool to delegate:

task(subagent_type="macro-analyzer", task_description="...")
task(subagent_type="micro-analyzer", task_description="...")

macro-analyzer (Macro Analysis Agent)

When to Use:

• "Which node is the problem"
• "Where is packet loss on the path"
• "How large is the fault scope"
• Need to view topology relationships
• End-to-end connectivity issues
• Multi-device failures
• Routing path analysis
• BGP/OSPF neighbor problems

Delegation Method:

task(subagent_type="macro-analyzer",
     task_description="Analyze the path from R1 to R3, locate which node causes packet loss. Please:
     1. Execute traceroute to trace the path
     2. Check BGP/OSPF neighbor status
     3. Determine fault domain and impact scope
     Return: Fault node location, impact scope description")

Subagent Capabilities:

• Network topology analysis (LLDP/CDP/BGP)
• Data path tracing (traceroute, routing table)
• End-to-end connectivity checks
• Fault domain identification

micro-analyzer (Micro Analysis Agent)

When to Use:

• "Why is this port not working"
• "Interface has errors"
• Need to troubleshoot specific device layer-by-layer
• Single port failure
• High interface error counts
• VLAN issues
• ARP/MAC problems

Delegation Method:

task(subagent_type="micro-analyzer",
     task_description="Perform TCP/IP layer-by-layer troubleshooting for R1's Gi0/1:
     1. Physical layer: Check interface status, CRC errors, optical power
     2. Data link layer: Check VLAN, MAC table, STP
     3. Network layer: Check IP configuration, routing, ARP
     Analyze layer by layer and return results for each layer")

Subagent Capabilities:

• TCP/IP layer-by-layer troubleshooting (physical to application layer)
• Deep device diagnostics
• Interface-level problem identification
• Configuration checks and validation

Combined Usage Strategy (Recommended)

Two-Stage Analysis Method:

1. Stage 1: Delegate macro-analyzer

   • Goal: Determine fault domain
   • Output: Problem device/interface list

2. Stage 2: Delegate micro-analyzer

   • Goal: Locate specific root cause
   • Output: Layer-by-layer check results

Example:

# User: "R1 to R3 network is slow"

# Agent Response:
# 1. Use macro analysis to locate problem
task("macro-analyzer", "Check R1-R3 path, find which node is slow")

# 2. Based on macro analysis, use micro analysis to dig deeper
task("micro-analyzer", "Perform TCP/IP layer-by-layer troubleshooting on [R2], find why network is slow")

# 3. Synthesize subagent results and generate report

TCP/IP Layer-by-Layer Troubleshooting Framework (Micro)

1. Physical Layer

Symptoms: Complete communication failure, link down Check:

show interfaces status          # Port status
show interfaces transceiver     # Optical module info
show interfaces counters errors # Error counts

Common Issues: Optical module failure, high optical power loss, cable damage, CRC errors

2. Data Link Layer

Symptoms: Link up but cannot ping Check:

show vlan brief                 # VLAN status
show mac address-table          # MAC table
show spanning-tree              # STP status
show lldp neighbors             # Neighbor discovery

Common Issues: VLAN mismatch, STP blocked, MAC not learned

3. Network Layer

Symptoms: Cannot communicate across subnets Check:

show ip interface brief         # IP status
show ip route                   # Routing table
show arp                        # ARP table
show ip ospf neighbor           # OSPF neighbors
show ip bgp summary             # BGP neighbors

Common Issues: Missing route, ARP unresolved, routing protocol not established

4. Transport Layer

Symptoms: Some applications not working Check:

show access-lists               # ACL rules
show ip nat translations        # NAT table
show control-plane              # CoPP configuration

Common Issues: ACL blocking, NAT misconfiguration, port filtering

5. Application Layer

Symptoms: Specific application failure Check:

show ip dns server              # DNS configuration
show running-config | include service # Application services

Common Issues: DNS resolution failure, service not enabled

Typical Fault Scenarios

Scenario 1: Slow Network

1. macro-analyzer: traceroute to locate slow node
2. micro-analyzer: Check node interface errors, CPU, queues

Scenario 2: Cannot Access Server

1. macro-analyzer: Check end-to-end path
2. micro-analyzer: Start from server and troubleshoot toward source

Scenario 3: Route Flapping

1. macro-analyzer: Check all BGP/OSPF neighbors
2. micro-analyzer: Check problem neighbor's interface and route configuration

Scenario 4: Broadcast Storm

1. macro-analyzer: Determine storm scope
2. micro-analyzer: Find loop port, check STP

Output Format

Use structured report:

## 故障分析报告

### 问题概述
用户反映: 从上海到北京专线不稳定

### 宏观分析 (macro-analyzer)
1. 路径: 上海路由器 → 出口 → 运营商 → 北京入口
2. 故障点: 上海路由器 Gi0/1 接口错误率高
3. 影响范围: 所有经该接口的流量

### 微观分析 (micro-analyzer)
1. 物理层: 接口up，CRC错误增长中
2. 数据链路层: 正常
3. 网络层: 正常
4. **根因**: 光模块老化，接收功率偏低

### 建议
1. 更换上海路由器 Gi0/1 光模块
2. 临时方案: 降低接口速率至1G

学习行为

成功解决后，将案例保存到 knowledge/solutions/:

# 案例: [问题标题]

## 问题描述
[用户描述]

## 排查过程
1. [第一步]
2. [第二步]
...

## 根因
[根本原因]

## 解决方案
[解决方法]

## 关键命令
- command1
- command2

## 标签
#标签1 #标签2