Search in sources :

Example 1 with FlowProcessor

use of org.batfish.common.plugin.FlowProcessor in project batfish by batfish.

the class CommonUtil method initRemoteBgpNeighbors.

/**
 * Initialize BGP neighbors for all nodes.
 *
 * @param configurations map of all configurations, keyed by hostname
 * @param ipOwners mapping of Ips to a set of nodes (hostnames) that owns those IPs
 * @param checkReachability whether bgp neighbor reachability should be checked
 * @param flowProcessor dataplane plugin to use to check reachability. Must not be {@code null} if
 *     {@code checkReachability = true}
 * @param dp dataplane to use to check reachability. Must not be {@code null} if {@code
 *     checkReachability = true}
 */
public static void initRemoteBgpNeighbors(Map<String, Configuration> configurations, Map<Ip, Set<String>> ipOwners, boolean checkReachability, @Nullable FlowProcessor flowProcessor, @Nullable DataPlane dp) {
    // TODO: handle duplicate ips on different vrfs
    Map<BgpNeighbor, Ip> remoteAddresses = new IdentityHashMap<>();
    Map<Ip, Set<BgpNeighbor>> localAddresses = new HashMap<>();
    /*
     * Construct maps indicating which neighbor owns which Ip Address
     */
    for (Configuration node : configurations.values()) {
        String hostname = node.getHostname();
        for (Vrf vrf : node.getVrfs().values()) {
            BgpProcess proc = vrf.getBgpProcess();
            if (proc == null) {
                // nothing to do if no bgp process on this VRF
                continue;
            }
            for (BgpNeighbor bgpNeighbor : proc.getNeighbors().values()) {
                /*
           * Begin by initializing candidate neighbors to an empty set
           */
                bgpNeighbor.initCandidateRemoteBgpNeighbors();
                // Skip things we don't handle
                if (bgpNeighbor.getPrefix().getPrefixLength() < Prefix.MAX_PREFIX_LENGTH) {
                    throw new BatfishException(hostname + ": Do not support dynamic bgp sessions at this time: " + bgpNeighbor.getPrefix());
                }
                Ip remoteAddress = bgpNeighbor.getAddress();
                if (remoteAddress == null) {
                    throw new BatfishException(hostname + ": Could not determine remote address of bgp neighbor: " + bgpNeighbor);
                }
                Ip localAddress = bgpNeighbor.getLocalIp();
                if (localAddress == null || !ipOwners.containsKey(localAddress) || !ipOwners.get(localAddress).contains(hostname)) {
                    // Local address is not owned by anybody
                    continue;
                }
                remoteAddresses.put(bgpNeighbor, remoteAddress);
                // Add this neighbor as owner of its local address
                localAddresses.computeIfAbsent(localAddress, k -> Collections.newSetFromMap(new IdentityHashMap<>())).add(bgpNeighbor);
            }
        }
    }
    /*
     * For each neighbor, construct the set of candidate neighbors, then filter out impossible
     * sessions.
     */
    for (Entry<BgpNeighbor, Ip> e : remoteAddresses.entrySet()) {
        BgpNeighbor bgpNeighbor = e.getKey();
        Ip remoteAddress = e.getValue();
        Ip localAddress = bgpNeighbor.getLocalIp();
        int localLocalAs = bgpNeighbor.getLocalAs();
        int localRemoteAs = bgpNeighbor.getRemoteAs();
        /*
       * Let the set of candidate neighbors be set of neighbors that own the remoteAddress
       */
        Set<BgpNeighbor> remoteBgpNeighborCandidates = localAddresses.get(remoteAddress);
        if (remoteBgpNeighborCandidates == null) {
            // No possible remote neighbors
            continue;
        }
        /*
       * Filter the set of candidate neighbors based on these checks:
       * - Remote neighbor's remote address is the same as our local address
       * - Remote neighbor's remote AS is the same as our local AS (and vice-versa)
       */
        for (BgpNeighbor remoteBgpNeighborCandidate : remoteBgpNeighborCandidates) {
            int remoteLocalAs = remoteBgpNeighborCandidate.getLocalAs();
            int remoteRemoteAs = remoteBgpNeighborCandidate.getRemoteAs();
            Ip reciprocalRemoteIp = remoteBgpNeighborCandidate.getAddress();
            if (localAddress.equals(reciprocalRemoteIp) && localLocalAs == remoteRemoteAs && localRemoteAs == remoteLocalAs) {
                /*
           * Fairly confident establishing the session is possible here, but still check
           * reachability if needed.
           * We should check reachability only for eBgp multihop or iBgp
           */
                if (checkReachability && (bgpNeighbor.getEbgpMultihop() || localLocalAs == remoteLocalAs)) {
                    /*
             * Ensure that the session can be established by running traceroute in both directions
             */
                    if (flowProcessor == null || dp == null) {
                        throw new BatfishException("Cannot compute neighbor reachability without a dataplane");
                    }
                    Flow.Builder fb = new Flow.Builder();
                    fb.setIpProtocol(IpProtocol.TCP);
                    fb.setTag("neighbor-resolution");
                    fb.setIngressNode(bgpNeighbor.getOwner().getHostname());
                    fb.setSrcIp(localAddress);
                    fb.setDstIp(remoteAddress);
                    fb.setSrcPort(NamedPort.EPHEMERAL_LOWEST.number());
                    fb.setDstPort(NamedPort.BGP.number());
                    Flow forwardFlow = fb.build();
                    fb.setIngressNode(remoteBgpNeighborCandidate.getOwner().getHostname());
                    fb.setSrcIp(forwardFlow.getDstIp());
                    fb.setDstIp(forwardFlow.getSrcIp());
                    fb.setSrcPort(forwardFlow.getDstPort());
                    fb.setDstPort(forwardFlow.getSrcPort());
                    Flow backwardFlow = fb.build();
                    SortedMap<Flow, Set<FlowTrace>> traces = flowProcessor.processFlows(dp, ImmutableSet.of(forwardFlow, backwardFlow));
                    if (traces.values().stream().map(fts -> fts.stream().allMatch(ft -> ft.getDisposition() != FlowDisposition.ACCEPTED)).anyMatch(Predicate.isEqual(true))) {
                        /*
               * If either flow has all traceroutes fail, do not consider the neighbor valid
               */
                        continue;
                    }
                    bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
                } else {
                    bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
                }
            }
        }
        Set<BgpNeighbor> finalCandidates = bgpNeighbor.getCandidateRemoteBgpNeighbors();
        if (finalCandidates.size() > 1) {
            /* If we still have not narrowed it down to a single neighbor,
         * pick based on sorted hostnames
         */
            SortedMap<String, BgpNeighbor> hostnameToNeighbor = finalCandidates.stream().collect(ImmutableSortedMap.toImmutableSortedMap(String::compareTo, k -> k.getOwner().getHostname(), Function.identity()));
            bgpNeighbor.setRemoteBgpNeighbor(hostnameToNeighbor.get(hostnameToNeighbor.firstKey()));
        } else if (finalCandidates.size() == 1) {
            bgpNeighbor.setRemoteBgpNeighbor(finalCandidates.iterator().next());
        } else {
            bgpNeighbor.setRemoteBgpNeighbor(null);
        }
    }
}
Also used : SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator) SSLContext(javax.net.ssl.SSLContext) FileTime(java.nio.file.attribute.FileTime) StringUtils(org.apache.commons.lang3.StringUtils) Configurations(org.apache.commons.configuration2.builder.fluent.Configurations) Interface(org.batfish.datamodel.Interface) DirectoryStream(java.nio.file.DirectoryStream) BfConsts(org.batfish.common.BfConsts) Flow(org.batfish.datamodel.Flow) Topology(org.batfish.datamodel.Topology) Map(java.util.Map) ResourceConfig(org.glassfish.jersey.server.ResourceConfig) Pair(org.batfish.common.Pair) Path(java.nio.file.Path) DataPlane(org.batfish.datamodel.DataPlane) VrrpGroup(org.batfish.datamodel.VrrpGroup) ClientTracingFeature(io.opentracing.contrib.jaxrs2.client.ClientTracingFeature) Set(java.util.Set) FileAttribute(java.nio.file.attribute.FileAttribute) StandardCharsets(java.nio.charset.StandardCharsets) DirectoryIteratorException(java.nio.file.DirectoryIteratorException) IOUtils(org.apache.commons.io.IOUtils) Stream(java.util.stream.Stream) Supplier(java.util.function.Supplier) TreeSet(java.util.TreeSet) JSONAssert(org.skyscreamer.jsonassert.JSONAssert) MustBeClosed(com.google.errorprone.annotations.MustBeClosed) SSLSession(javax.net.ssl.SSLSession) FlowProcessor(org.batfish.common.plugin.FlowProcessor) BiConsumer(java.util.function.BiConsumer) SSLContextConfigurator(org.glassfish.grizzly.ssl.SSLContextConfigurator) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) Nullable(javax.annotation.Nullable) Files(java.nio.file.Files) Route(org.batfish.datamodel.Route) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) FileUtils(org.apache.commons.io.FileUtils) KeyManager(javax.net.ssl.KeyManager) TreeMap(java.util.TreeMap) Paths(java.nio.file.Paths) X509TrustManager(javax.net.ssl.X509TrustManager) BufferedReader(java.io.BufferedReader) X509Certificate(java.security.cert.X509Certificate) IpsecVpn(org.batfish.datamodel.IpsecVpn) NoSuchFileException(java.nio.file.NoSuchFileException) IpProtocol(org.batfish.datamodel.IpProtocol) SortedSet(java.util.SortedSet) URL(java.net.URL) TrustManager(javax.net.ssl.TrustManager) FlowTrace(org.batfish.datamodel.FlowTrace) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) OspfNeighbor(org.batfish.datamodel.OspfNeighbor) Edge(org.batfish.datamodel.Edge) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) OspfProcess(org.batfish.datamodel.OspfProcess) URI(java.net.URI) HostnameVerifier(javax.net.ssl.HostnameVerifier) NamedPort(org.batfish.datamodel.NamedPort) Vrf(org.batfish.datamodel.Vrf) OspfArea(org.batfish.datamodel.OspfArea) ImmutableSetMultimap(com.google.common.collect.ImmutableSetMultimap) ImmutableSet(com.google.common.collect.ImmutableSet) IdentityHashMap(java.util.IdentityHashMap) PatternSyntaxException(java.util.regex.PatternSyntaxException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) Collection(java.util.Collection) FlowDisposition(org.batfish.datamodel.FlowDisposition) KeyStore(java.security.KeyStore) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) FileNotFoundException(java.io.FileNotFoundException) List(java.util.List) Entry(java.util.Map.Entry) Pattern(java.util.regex.Pattern) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) SortedMap(java.util.SortedMap) IpWildcard(org.batfish.datamodel.IpWildcard) Ip(org.batfish.datamodel.Ip) NodeInterfacePair(org.batfish.datamodel.collections.NodeInterfacePair) Hashing(com.google.common.hash.Hashing) HashMap(java.util.HashMap) BatfishException(org.batfish.common.BatfishException) BgpProcess(org.batfish.datamodel.BgpProcess) Function(java.util.function.Function) HashSet(java.util.HashSet) ClientBuilder(javax.ws.rs.client.ClientBuilder) Configuration(org.batfish.datamodel.Configuration) OutputStreamWriter(java.io.OutputStreamWriter) OutputStream(java.io.OutputStream) IpLink(org.batfish.datamodel.IpLink) Iterator(java.util.Iterator) MalformedURLException(java.net.MalformedURLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) GlobalTracer(io.opentracing.util.GlobalTracer) FileInputStream(java.io.FileInputStream) SetMultimap(com.google.common.collect.SetMultimap) Consumer(java.util.function.Consumer) GrizzlyHttpServerFactory(org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Collections(java.util.Collections) InputStream(java.io.InputStream) Prefix(org.batfish.datamodel.Prefix) BatfishException(org.batfish.common.BatfishException) Set(java.util.Set) TreeSet(java.util.TreeSet) SortedSet(java.util.SortedSet) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) Configuration(org.batfish.datamodel.Configuration) IdentityHashMap(java.util.IdentityHashMap) HashMap(java.util.HashMap) BgpProcess(org.batfish.datamodel.BgpProcess) Ip(org.batfish.datamodel.Ip) IdentityHashMap(java.util.IdentityHashMap) ClientBuilder(javax.ws.rs.client.ClientBuilder) Vrf(org.batfish.datamodel.Vrf) Flow(org.batfish.datamodel.Flow) BgpNeighbor(org.batfish.datamodel.BgpNeighbor)

Aggregations

VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 ImmutableSetMultimap (com.google.common.collect.ImmutableSetMultimap)1 ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)1 SetMultimap (com.google.common.collect.SetMultimap)1 Sets (com.google.common.collect.Sets)1 Hashing (com.google.common.hash.Hashing)1 MustBeClosed (com.google.errorprone.annotations.MustBeClosed)1 ClientTracingFeature (io.opentracing.contrib.jaxrs2.client.ClientTracingFeature)1 GlobalTracer (io.opentracing.util.GlobalTracer)1 BufferedReader (java.io.BufferedReader)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileOutputStream (java.io.FileOutputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 OutputStreamWriter (java.io.OutputStreamWriter)1 MalformedURLException (java.net.MalformedURLException)1