Examples with TracerouteEngine org.batfish.common.plugin.TracerouteEngine used on opensource projects

Example 1 with TracerouteEngine

use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.

the class BgpTopologyUtils method addActivePeerEdges.

private static void addActivePeerEdges(BgpPeerConfigId neighborId, MutableValueGraph<BgpPeerConfigId, BgpSessionProperties> graph, NetworkConfigurations nc, Map<Ip, Map<String, Set<String>>> ipOwners, Map<String, Multimap<String, BgpPeerConfigId>> receivers, Set<Ip> potentialLocalIps, boolean checkReachability, TracerouteEngine tracerouteEngine) {
    BgpActivePeerConfig neighbor = nc.getBgpPointToPointPeerConfig(neighborId);
    if (neighbor == null || potentialLocalIps.isEmpty() || neighbor.getLocalAs() == null || neighbor.getPeerAddress() == null || neighbor.getRemoteAsns().isEmpty()) {
        return;
    }
    // Find nodes that own the neighbor's peer address
    Map<String, Set<String>> possibleVrfs = ipOwners.get(neighbor.getPeerAddress());
    if (possibleVrfs == null) {
        return;
    }
    Set<BgpPeerConfigId> alreadyEstablished = graph.adjacentNodes(neighborId);
    for (Entry<String, Set<String>> entry : possibleVrfs.entrySet()) {
        String node = entry.getKey();
        Set<String> vrfs = entry.getValue();
        Multimap<String, BgpPeerConfigId> receiversByVrf = receivers.get(node);
        if (receiversByVrf == null) {
            continue;
        }
        for (String vrf : vrfs) {
            receiversByVrf.get(vrf).stream().filter(candidateId -> !alreadyEstablished.contains(candidateId)).forEach(candidateId -> {
                // Ensure candidate has compatible local/remote AS, isn't in same vrf as initiator
                BgpPeerConfig candidate = nc.getBgpPeerConfig(candidateId);
                if (!bgpCandidatePassesSanityChecks(neighborId, neighbor, candidateId, candidate)) {
                    return;
                }
                // Check if neighbor has any feasible local IPs compatible with this candidate
                Set<Ip> feasibleLocalIpsForPeeringWithCandidate = getFeasibleLocalIps(potentialLocalIps, candidate);
                if (feasibleLocalIpsForPeeringWithCandidate.isEmpty()) {
                    return;
                }
                if (!checkReachability) {
                    feasibleLocalIpsForPeeringWithCandidate.forEach(ip -> addEdges(neighbor, neighborId, ip, candidateId, graph, nc));
                } else {
                    initiateBgpSessions(neighborId, candidateId, neighbor, feasibleLocalIpsForPeeringWithCandidate, tracerouteEngine).stream().filter(BgpSessionInitiationResult::isSuccessful).map(initiationResult -> initiationResult.getFlow().getSrcIp()).forEach(srcIp -> addEdges(neighbor, neighborId, srcIp, candidateId, graph, nc));
                }
            });
        }
    }
}

Example 2 with TracerouteEngine

use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.

the class BgpTopologyUtils method initBgpTopology.

/**
 * Compute the BGP topology -- a network of {@link BgpPeerConfigId}s connected by {@link
 * BgpSessionProperties}.
 *
 * @param configurations node configurations, keyed by hostname
 * @param ipVrfOwners network Ip owners (see {@link IpOwners#computeIpNodeOwners(Map, boolean)}
 *     for reference)
 * @param keepInvalid whether to keep improperly configured neighbors. If performing configuration
 *     checks, you probably want this set to {@code true}, otherwise (e.g., computing dataplane)
 *     you want this to be {@code false}.
 * @param checkReachability whether to perform dataplane-level checks to ensure that neighbors are
 *     reachable and sessions can be established correctly. <b>Note:</b> this is different from
 *     {@code keepInvalid=false}, which only does filters invalid neighbors at the control-plane
 *     level
 * @param tracerouteEngine an instance of {@link TracerouteEngine} for doing reachability checks.
 * @param l3Adjacencies {@link L3Adjacencies} of the network, for checking BGP unnumbered
 *     reachability.
 * @return A graph ({@link Network}) representing all BGP peerings.
 */
@Nonnull
public static BgpTopology initBgpTopology(Map<String, Configuration> configurations, Map<Ip, Map<String, Set<String>>> ipVrfOwners, boolean keepInvalid, boolean checkReachability, @Nullable TracerouteEngine tracerouteEngine, Map<String, Map<String, Fib>> fibs, L3Adjacencies l3Adjacencies) {
    checkArgument(!checkReachability || !keepInvalid, "Cannot check reachability while keeping invalid peers");
    checkArgument(!checkReachability || tracerouteEngine != null, "Cannot check reachability without a traceroute engine");
    // TODO: handle duplicate ips on different vrfs
    NetworkConfigurations networkConfigurations = NetworkConfigurations.of(configurations);
    /*
     * First pass: identify all addresses "owned" by BgpNeighbors, add neighbor ids as vertices to
     * the graph; dynamically determine local IPs as needed
     */
    MutableValueGraph<BgpPeerConfigId, BgpSessionProperties> graph = ValueGraphBuilder.directed().allowsSelfLoops(false).build();
    /*
     * Multimap of active peers' BgpPeerConfigIds to all IPs that each peer may use as local IP
     * when initiating a session. For a peer with an explicitly configured local IP, that IP is
     * the only value associated with the peer in this map. Otherwise:
     * - If FIBs are provided, the map contains all local IPs with which the peer may initiate,
     *   as inferred by getPotentialSrcIps().
     * - Else no IPs are associated with the peer.
     */
    ImmutableSetMultimap.Builder<BgpPeerConfigId, Ip> localIpsBuilder = ImmutableSetMultimap.builder();
    for (Configuration node : configurations.values()) {
        String hostname = node.getHostname();
        for (Vrf vrf : node.getVrfs().values()) {
            String vrfName = vrf.getName();
            BgpProcess proc = vrf.getBgpProcess();
            if (proc == null) {
                // nothing to do if no bgp process on this VRF
                continue;
            }
            Fib fib = fibs.getOrDefault(hostname, ImmutableMap.of()).get(vrfName);
            for (Entry<Ip, BgpActivePeerConfig> e : proc.getActiveNeighbors().entrySet()) {
                Ip peerAddress = e.getKey();
                BgpActivePeerConfig config = e.getValue();
                if (!keepInvalid && !bgpConfigPassesSanityChecks(config, hostname, vrfName, ipVrfOwners)) {
                    continue;
                }
                BgpPeerConfigId neighborId = new BgpPeerConfigId(hostname, vrfName, peerAddress.toPrefix(), false);
                graph.addNode(neighborId);
                if (config.getLocalIp() != null) {
                    localIpsBuilder.put(neighborId, config.getLocalIp());
                } else if (fib != null) {
                    // No explicitly configured local IP. Check for dynamically resolvable local IPs.
                    localIpsBuilder.putAll(neighborId, getPotentialSrcIps(peerAddress, fib, node));
                }
            }
            // Dynamic peers: map of prefix to BgpPassivePeerConfig
            proc.getPassiveNeighbors().entrySet().stream().filter(entry -> keepInvalid || bgpConfigPassesSanityChecks(entry.getValue(), hostname, vrfName, ipVrfOwners)).forEach(entry -> graph.addNode(new BgpPeerConfigId(hostname, vrfName, entry.getKey(), true)));
            // Unnumbered BGP peers: map of interface name to BgpUnnumberedPeerConfig
            proc.getInterfaceNeighbors().entrySet().stream().filter(e -> keepInvalid || bgpConfigPassesSanityChecks(e.getValue(), hostname, vrfName, ipVrfOwners)).forEach(e -> graph.addNode(new BgpPeerConfigId(hostname, vrf.getName(), e.getKey())));
        }
    }
    // Second pass: add edges to the graph. Note, these are directed edges.
    Map<String, Multimap<String, BgpPeerConfigId>> receivers = new HashMap<>();
    for (BgpPeerConfigId peer : graph.nodes()) {
        if (peer.getType() == BgpPeerConfigType.UNNUMBERED) {
            // Unnumbered configs only form sessions with each other
            continue;
        }
        Multimap<String, BgpPeerConfigId> vrf = receivers.computeIfAbsent(peer.getHostname(), name -> LinkedListMultimap.create());
        vrf.put(peer.getVrfName(), peer);
    }
    SetMultimap<BgpPeerConfigId, Ip> localIps = localIpsBuilder.build();
    for (BgpPeerConfigId neighborId : graph.nodes()) {
        switch(neighborId.getType()) {
            case DYNAMIC:
                // Passive end of the peering cannot initiate a connection
                continue;
            case ACTIVE:
                addActivePeerEdges(neighborId, graph, networkConfigurations, ipVrfOwners, receivers, localIps.get(neighborId), checkReachability, tracerouteEngine);
                break;
            case UNNUMBERED:
                addUnnumberedPeerEdges(neighborId, graph, networkConfigurations, l3Adjacencies);
                break;
            default:
                throw new IllegalArgumentException(String.format("Unrecognized peer type: %s", neighborId));
        }
    }
    return new BgpTopology(graph);
}

Example 3 with TracerouteEngine

use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.

the class BidirectionalTracerouteAnswererTest method testMultipath.

@Test
public void testMultipath() {
    Trace forwardTrace1 = new Trace(ACCEPTED, ImmutableList.of());
    Trace forwardTrace2 = new Trace(DENIED_IN, ImmutableList.of());
    Trace forwardTrace3 = new Trace(DELIVERED_TO_SUBNET, ImmutableList.of());
    TraceAndReverseFlow forwardTarf1 = new TraceAndReverseFlow(forwardTrace1, REVERSE_FLOW, ImmutableSet.of());
    TraceAndReverseFlow forwardTarf2 = new TraceAndReverseFlow(forwardTrace2, null, ImmutableSet.of());
    TraceAndReverseFlow forwardTarf3 = new TraceAndReverseFlow(forwardTrace3, REVERSE_FLOW, ImmutableSet.of());
    Trace reverseTrace1 = new Trace(DENIED_IN, ImmutableList.of());
    Trace reverseTrace2 = new Trace(EXITS_NETWORK, ImmutableList.of());
    TraceAndReverseFlow reverseTarf1 = new TraceAndReverseFlow(reverseTrace1, null, ImmutableSet.of());
    TraceAndReverseFlow reverseTarf2 = new TraceAndReverseFlow(reverseTrace2, FORWARD_FLOW, ImmutableSet.of());
    TracerouteEngine tracerouteEngine = forFlows(ImmutableMap.of(FORWARD_FLOW, ImmutableList.of(forwardTarf1, forwardTarf2, forwardTarf3), REVERSE_FLOW, ImmutableList.of(reverseTarf1, reverseTarf2)));
    List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(ImmutableSet.of(FORWARD_FLOW), tracerouteEngine, false);
    assertThat(bidirectionalTraces, contains(new BidirectionalTrace(FORWARD_FLOW, forwardTrace1, ImmutableSet.of(), REVERSE_FLOW, reverseTrace1), new BidirectionalTrace(FORWARD_FLOW, forwardTrace1, ImmutableSet.of(), REVERSE_FLOW, reverseTrace2), new BidirectionalTrace(FORWARD_FLOW, forwardTrace2, ImmutableSet.of(), null, null), new BidirectionalTrace(FORWARD_FLOW, forwardTrace3, ImmutableSet.of(), REVERSE_FLOW, reverseTrace1), new BidirectionalTrace(FORWARD_FLOW, forwardTrace3, ImmutableSet.of(), REVERSE_FLOW, reverseTrace2)));
}

Example 4 with TracerouteEngine

use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.

the class BidirectionalTracerouteAnswererTest method testSessions.

/**
 * Make sure we don't mix traces and sessions.
 */
@Test
public void testSessions() {
    Trace sessionForwardTrace = new Trace(ACCEPTED, ImmutableList.of());
    Trace noSessionForwardTrace = new Trace(DELIVERED_TO_SUBNET, ImmutableList.of());
    FirewallSessionTraceInfo session = new FirewallSessionTraceInfo("session", Accept.INSTANCE, ImmutableSet.of(), DUMMY_SESSION_FLOW, null);
    TraceAndReverseFlow sessionForwardTarf = new TraceAndReverseFlow(sessionForwardTrace, REVERSE_FLOW, ImmutableList.of(session));
    TraceAndReverseFlow noSessionForwardTarf = new TraceAndReverseFlow(noSessionForwardTrace, REVERSE_FLOW, ImmutableList.of());
    Trace sessionReverseTrace = new Trace(DENIED_IN, ImmutableList.of());
    Trace noSessionReverseTrace = new Trace(DENIED_OUT, ImmutableList.of());
    TraceAndReverseFlow sessionReverseTarf = new TraceAndReverseFlow(sessionReverseTrace, null, ImmutableList.of());
    TraceAndReverseFlow noSessionReverseTarf = new TraceAndReverseFlow(noSessionReverseTrace, null, ImmutableList.of());
    TracerouteEngine tracerouteEngine = forSessions(ImmutableMap.of(ImmutableSet.of(), ImmutableMap.of(FORWARD_FLOW, ImmutableList.of(sessionForwardTarf, noSessionForwardTarf), REVERSE_FLOW, ImmutableList.of(noSessionReverseTarf)), ImmutableSet.of(session), ImmutableMap.of(REVERSE_FLOW, ImmutableList.of(sessionReverseTarf))));
    List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(ImmutableSet.of(FORWARD_FLOW), tracerouteEngine, false);
    assertThat(bidirectionalTraces, containsInAnyOrder(new BidirectionalTrace(FORWARD_FLOW, sessionForwardTrace, ImmutableSet.of(session), REVERSE_FLOW, sessionReverseTrace), new BidirectionalTrace(FORWARD_FLOW, noSessionForwardTrace, ImmutableSet.of(), REVERSE_FLOW, noSessionReverseTrace)));
}

Example 5 with TracerouteEngine

use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.

the class BidirectionalTracerouteAnswerer method bidirectionalTracerouteAnswerElement.

public static AnswerElement bidirectionalTracerouteAnswerElement(Question question, Set<Flow> flows, TracerouteEngine tracerouteEngine, boolean ignoreFilters, @Nullable Integer maxTraces) {
    List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(flows, tracerouteEngine, ignoreFilters);
    List<BidirectionalTrace> prunedTraces = maxTraces == null ? bidirectionalTraces : prune(bidirectionalTraces, maxTraces);
    ImmutableMultiset<Row> rows = groupTraces(prunedTraces).entrySet().stream().map(entry -> toRow(entry.getKey(), entry.getValue())).collect(ImmutableMultiset.toImmutableMultiset());
    TableAnswerElement table = new TableAnswerElement(metadata());
    table.postProcessAnswer(question, rows);
    return table;
}