Lilly Tech Systems
Intermediate
Graph Analysis for RCA
Model network dependencies as graphs and leverage graph algorithms and Graph Neural Networks to trace fault propagation paths to their root causes.
Dependency Graphs
Networks are naturally graph-structured. Modeling devices, services, and their dependencies as a graph enables powerful analysis:
- Nodes: Devices (routers, switches, servers), services, applications, VLANs
- Edges: Physical links, logical connections, service dependencies, data flows
- Attributes: Health scores, alert counts, metric values, configuration state
Graph Algorithms for Fault Localization
| Algorithm | Purpose | RCA Application |
|---|---|---|
| PageRank | Node importance ranking | Identify most impactful failure points |
| Shortest path | Minimum hops between nodes | Trace fault propagation routes |
| Community detection | Find tightly connected groups | Identify blast radius of failures |
| Centrality analysis | Find critical nodes | Identify single points of failure |
Key insight: The node with the highest anomaly score is not always the root cause. Often, the root cause is an upstream node that appears healthy in isolation but whose failure propagates downstream. Graph traversal from symptomatic nodes upstream reveals the true origin.
Graph Neural Networks (GNNs)
GNNs learn representations of network topology and state for automated fault localization:
- Message passing: Each node aggregates information from its neighbors
- Graph convolution: Learn patterns across the network structure
- Node classification: Predict which nodes are root causes vs. symptoms
- Link prediction: Discover hidden dependencies not in the topology model
Building the Dependency Graph
- Topology discovery: LLDP, CDP, traceroute, and SNMP for physical/logical topology
- Service mapping: Application Performance Management (APM) tools for service dependencies
- Traffic analysis: NetFlow data reveals actual communication patterns
- Configuration parsing: Extract dependencies from routing tables, ACLs, and load balancer configs
Implementation tip: Use a graph database (Neo4j, Amazon Neptune) to store your dependency graph. This enables efficient graph queries and traversals during incident investigation, and integrates well with GNN frameworks like PyTorch Geometric or DGL.