Scribd
Upload
10K views

Batfish Cheat Sheet: Install Analyze Network Snapshots

Batfish builds vendor-independent models from network device configurations to analyze configuration settings, network behaviors like packet forwarding, and ensure correct network behavior before deploying configurations. Batfish questions query these models to examine configuration settings, network adjacencies at different layers, and perform flow path analysis including tracing routes and analyzing access control lists. Example questions include checking device configurations, routing protocols, and compatibility of configurations across snapshots.

Uploaded by

Mehrdad Mortazavi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
10K views

Batfish Cheat Sheet: Install Analyze Network Snapshots

Batfish builds vendor-independent models from network device configurations to analyze configuration settings, network behaviors like packet forwarding, and ensure correct network behavior before deploying configurations. Batfish questions query these models to examine configuration settings, network adjacencies at different layers, and perform flow path analysis including tracing routes and analyzing access control lists. Example questions include checking device configurations, routing protocols, and compatibility of configurations across snapshots.

Uploaded by

Mehrdad Mortazavi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Batfish cheat sheet

Batfish builds vendor independent models from vendor configs. The models cover configuration settings as well as network behaviors such as packet
forwarding and translation. Batfish questions enable you to query the models and ensure correct network behavior even before configuration is deployed.

Install Analyze network snapshots


$ docker pull batfish/allinone # Snapshot packaging instructions and examples
$ docker run -v batfish-data:/data -p 8888:8888 -p >>> bf_init_snapshot(“/path/to/snapshot”)
9997:9997 -p 9996:9996 batfish/allinone
$ python3 -m pip install --upgrade # Ask a question and get a Pandas dataframe
git+https://github.com/batfish/pybatfish.git >>> answer = bfq.nodeProperties().answer()
>>> answer_df = answer.frame()
Python imports
>>> from pybatfish.client.commands import * # See all columns and pull out values in a column.
>>> from pybatfish.question.question import load_questions >>> df.columns
>>> from pybatfish.question import bfq >>> answer_df[“NTP_Servers”]
>>> load_questions()

Batfish questions

Configuration data Network adjacencies Flow path analysis

nodeProperties edges(edgeType=Layer1) traceroute


Device-wide configuration settings edges(edgeType=Layer2) All paths of a flow from its source
edges(edgeType=Layer3)
interfaceProperties Network edges at different layers bidirectionalTraceroute
Configuration settings of interfaces All forward and reverse flow paths
edges(edgeType=BGP)
ipOwners edges(edgeType=EIGRP)
Where IP addresses are attached edges(edgeType=ISIS) ACL and firewall analysis
edges(edgeType=OSPF)
bgpProcessConfiguration edges(edgeType=RIP) testFilters
bgpPeerConfiguration Routing protocol adjacencies Test how a filter (ACL) treats a packet
Settings related to BGP
edges(edgeType=IPSec) searchFilters
ospfProcessConfiguration Configured IPSec tunnels Find packets that are permitted or denied
ospfInterfaceConfiguration by a filter
ospfAreaConfiguration edges(edgeType=VXLAN)
Settings related to OSPF VXLAN adjacencies compareFilters
Find how a filter differs across two
mlagProperties snapshots
MLAG configuration settings
filterLineReachability
switchedVlanProperties Configuration compatibility Find lines that will not match any packet
Settings of switched VLANs
bgpSessionCompatibility
vxlanVniProperties bgpSessionStatus
Settings of VXLAN VNIs
Analyze routing
BGP peering session compatibility
f5BigipVipConfiguration routes
ospfSessionCompatibility lpmRoutes
Settings of VIPs in F5 Big IP Compatibility of OSPF configuration Output RIBs
definedStructures ipsecSessionStatus
Structures defined in the configuration testRoutePolicies
Compatibility of IPSec tunnels Test how a routing policy treats a route
referencedStructures
Structures referenced in configurations
Search across all flows
viModel
Get the full vendor-independent model reachability
Find flows matching path and header
criteria

detectLoops
Configuration hygiene Find flows that will loop

undefinedReferences multipathConsistency
References to undefined structures Find flows treated differently along
different paths
unusedStructures
differentialReachability
Defined but not used structures
Find flows treated differently in two
snapshots

You might also like