use of com.google.common.graph.ValueGraph in project batfish by batfish.
the class IpsecUtil method retainCompatibleTunnelEdges.
/**
* Given an {@link IpsecTopology}, returns a new {@link IpsecTopology} containing only the edges
* which use tunnel interfaces and are compatible
*
* @param ipsecTopology {@link IpsecTopology} corresponding to the compatible IPsec edges
* established between Tunnel interfaces
* @param configurations {@link Map} of {@link Configuration} to configuration names
* @return {@link IpsecTopology}
*/
public static IpsecTopology retainCompatibleTunnelEdges(IpsecTopology ipsecTopology, Map<String, Configuration> configurations) {
NetworkConfigurations networkConfigurations = NetworkConfigurations.of(configurations);
MutableValueGraph<IpsecPeerConfigId, IpsecSession> prunedIpsecTopology = ValueGraphBuilder.directed().allowsSelfLoops(false).build();
ValueGraph<IpsecPeerConfigId, IpsecSession> ipsecGraph = ipsecTopology.getGraph();
for (IpsecPeerConfigId endPointU : ipsecGraph.nodes()) {
IpsecPeerConfig ipsecPeerU = networkConfigurations.getIpsecPeerConfig(endPointU);
// not considering endpoints not based on Tunnel interfaces
if (ipsecPeerU == null || ipsecPeerU.getTunnelInterface() == null) {
continue;
}
for (IpsecPeerConfigId endPointV : ipsecGraph.adjacentNodes(endPointU)) {
IpsecPeerConfig ipsecPeerV = networkConfigurations.getIpsecPeerConfig(endPointV);
// not considering endpoints not based on Tunnel interfaces
if (ipsecPeerV == null || ipsecPeerV.getTunnelInterface() == null) {
continue;
}
// checking IPsec session and adding edge
ipsecGraph.edgeValue(endPointU, endPointV).filter(ipsecSession -> ipsecSession.getNegotiatedIpsecP2Proposal() != null).ifPresent(ipsecSession -> prunedIpsecTopology.putEdgeValue(endPointU, endPointV, ipsecSession));
}
}
MutableValueGraph<IpsecPeerConfigId, IpsecSession> bidirCompatibleEdges = ValueGraphBuilder.directed().allowsSelfLoops(false).build();
for (EndpointPair<IpsecPeerConfigId> endpointPair : prunedIpsecTopology.edges()) {
// if reverse edge exists
IpsecPeerConfigId nodeU = endpointPair.nodeU();
IpsecPeerConfigId nodeV = endpointPair.nodeV();
if (prunedIpsecTopology.hasEdgeConnecting(nodeV, nodeU)) {
bidirCompatibleEdges.putEdgeValue(nodeU, nodeV, prunedIpsecTopology.edgeValue(nodeU, nodeV).get());
}
}
return new IpsecTopology(bidirCompatibleEdges);
}
use of com.google.common.graph.ValueGraph in project batfish by batfish.
the class FrrGrammarTest method testBgpNeighborCompatiblity.
@Test
public void testBgpNeighborCompatiblity() throws IOException {
String snapshotName = "bgp-neighbor-compatibility";
/*
There are two nodes in the snapshot, each with XX interfaces
u swp1: both nodes have an interface neighbor with no IP address
n swp2: both nodes have an interface neighbor with a /31 address (same subnet)
u swp3: both nodes have an interface neighbor with a /24 address (same subnet)
u swp4: both nodes have an interface neighbor with a /31 and a /24 address
- swp5: node1 has an interface neighbor with /31 and node2 has an interface neighbor with no IP address
u swp6: node1 has an interface neighbor with /24 and node2 has an interface neighbor with no IP address
u swp7: node1 has an interface neighbor with /31 and /24 addresses and node 2 has an interface neighbor with no IP address
n swp8: node1 has an interface neighbor with /31 and node2 has an IP neighbor in the same subnet
- swp9: node1 has an interface neighbor with /24 and node2 has an IP neighbor in the same subnet
n swp10: both nodes have an interface neighbor with /30 addresses (host addresses in same subnet)
The layer1 topology file connects matching swpX interfaces on each node (swp1<>swp1, ...)
Combinations marked 'u' should be unnumbered sessions, combinations marked 'n' should be numbered sessions, and those marked '-' are invalid combinations.
*/
List<String> configurationNames = ImmutableList.of("node1", "node2");
Batfish batfish = BatfishTestUtils.getBatfishFromTestrigText(TestrigText.builder().setConfigurationFiles(SNAPSHOTS_PREFIX + snapshotName, configurationNames).setLayer1TopologyPrefix(SNAPSHOTS_PREFIX + snapshotName).build(), _folder);
batfish.computeDataPlane(batfish.getSnapshot());
ValueGraph<BgpPeerConfigId, BgpSessionProperties> bgpGraph = batfish.getTopologyProvider().getBgpTopology(batfish.getSnapshot()).getGraph();
// unnumbered sessions
assertThat(bgpGraph.edges().stream().map(e -> e.nodeU().getPeerInterface()).filter(Objects::nonNull).collect(Collectors.toSet()), containsInAnyOrder("swp1", "swp3", "swp4", "swp6", "swp7"));
// numbered sessions: swp2 and swp8
assertThat(bgpGraph.edges().stream().map(e -> e.nodeU().getRemotePeerPrefix()).filter(Objects::nonNull).collect(Collectors.toSet()), containsInAnyOrder(Prefix.parse("2.2.2.0/32"), Prefix.parse("2.2.2.1/32"), Prefix.parse("8.8.8.0/32"), Prefix.parse("8.8.8.1/32"), Prefix.parse("10.10.10.1/32"), Prefix.parse("10.10.10.2/32")));
}
use of com.google.common.graph.ValueGraph in project batfish by batfish.
the class IpsecSessionStatusAnswerer method answer.
@Override
public AnswerElement answer(NetworkSnapshot snapshot) {
IpsecSessionStatusQuestion question = (IpsecSessionStatusQuestion) _question;
Map<String, Configuration> configurations = _batfish.loadConfigurations(snapshot);
NetworkConfigurations networkConfigurations = NetworkConfigurations.of(configurations);
ValueGraph<IpsecPeerConfigId, IpsecSession> ipsecTopology = IpsecUtil.initIpsecTopology(configurations).getGraph();
Set<String> initiatorNodes = SpecifierFactories.getNodeSpecifierOrDefault(question.getNodes(), AllNodesNodeSpecifier.INSTANCE).resolve(_batfish.specifierContext(snapshot));
Set<String> responderNodes = SpecifierFactories.getNodeSpecifierOrDefault(question.getRemoteNodes(), AllNodesNodeSpecifier.INSTANCE).resolve(_batfish.specifierContext(snapshot));
Set<IpsecSessionStatus> statuses = SpecifierFactories.getEnumSetSpecifierOrDefault(question.getStatus(), Grammar.IPSEC_SESSION_STATUS_SPECIFIER, new ConstantEnumSetSpecifier<>(ImmutableSet.copyOf(IpsecSessionStatus.values()))).resolve();
TableAnswerElement answerElement = new TableAnswerElement(createTableMetaData(question));
Multiset<IpsecSessionInfo> ipsecSessionInfos = rawAnswer(networkConfigurations, ipsecTopology, initiatorNodes, responderNodes);
answerElement.postProcessAnswer(question, ipsecSessionInfos.stream().filter(ipsecSessionInfo -> statuses.contains(ipsecSessionInfo.getIpsecSessionStatus())).map(IpsecSessionStatusAnswerer::toRow).collect(ImmutableList.toImmutableList()));
return answerElement;
}
use of com.google.common.graph.ValueGraph in project batfish by batfish.
the class EdgesAnswerer method getIpsecEdges.
@VisibleForTesting
static Multiset<Row> getIpsecEdges(ValueGraph<IpsecPeerConfigId, IpsecSession> ipsecTopology, Map<String, Configuration> configurations) {
NetworkConfigurations nf = NetworkConfigurations.of(configurations);
Multiset<Row> rows = HashMultiset.create();
ipsecTopology.edges().stream().filter(// only considering endpoints with established IPsec session
endpoint -> {
Optional<IpsecSession> ipsecSession = ipsecTopology.edgeValue(endpoint.nodeU(), endpoint.nodeV());
return ipsecSession.isPresent() && ipsecSession.get().getNegotiatedIpsecP2Proposal() != null;
}).forEach(endpoint -> {
IpsecPeerConfig ipsecPeerConfigU = nf.getIpsecPeerConfig(endpoint.nodeU());
IpsecPeerConfig ipsecPeerConfigV = nf.getIpsecPeerConfig(endpoint.nodeV());
if (ipsecPeerConfigU == null || ipsecPeerConfigV == null) {
return;
}
rows.add(getIpsecEdge(endpoint.nodeU().getHostName(), ipsecPeerConfigU, endpoint.nodeV().getHostName(), ipsecPeerConfigV));
});
return rows;
}
Aggregations