use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.
the class BgpTopologyUtils method addActivePeerEdges.
private static void addActivePeerEdges(BgpPeerConfigId neighborId, MutableValueGraph<BgpPeerConfigId, BgpSessionProperties> graph, NetworkConfigurations nc, Map<Ip, Map<String, Set<String>>> ipOwners, Map<String, Multimap<String, BgpPeerConfigId>> receivers, Set<Ip> potentialLocalIps, boolean checkReachability, TracerouteEngine tracerouteEngine) {
BgpActivePeerConfig neighbor = nc.getBgpPointToPointPeerConfig(neighborId);
if (neighbor == null || potentialLocalIps.isEmpty() || neighbor.getLocalAs() == null || neighbor.getPeerAddress() == null || neighbor.getRemoteAsns().isEmpty()) {
return;
}
// Find nodes that own the neighbor's peer address
Map<String, Set<String>> possibleVrfs = ipOwners.get(neighbor.getPeerAddress());
if (possibleVrfs == null) {
return;
}
Set<BgpPeerConfigId> alreadyEstablished = graph.adjacentNodes(neighborId);
for (Entry<String, Set<String>> entry : possibleVrfs.entrySet()) {
String node = entry.getKey();
Set<String> vrfs = entry.getValue();
Multimap<String, BgpPeerConfigId> receiversByVrf = receivers.get(node);
if (receiversByVrf == null) {
continue;
}
for (String vrf : vrfs) {
receiversByVrf.get(vrf).stream().filter(candidateId -> !alreadyEstablished.contains(candidateId)).forEach(candidateId -> {
// Ensure candidate has compatible local/remote AS, isn't in same vrf as initiator
BgpPeerConfig candidate = nc.getBgpPeerConfig(candidateId);
if (!bgpCandidatePassesSanityChecks(neighborId, neighbor, candidateId, candidate)) {
return;
}
// Check if neighbor has any feasible local IPs compatible with this candidate
Set<Ip> feasibleLocalIpsForPeeringWithCandidate = getFeasibleLocalIps(potentialLocalIps, candidate);
if (feasibleLocalIpsForPeeringWithCandidate.isEmpty()) {
return;
}
if (!checkReachability) {
feasibleLocalIpsForPeeringWithCandidate.forEach(ip -> addEdges(neighbor, neighborId, ip, candidateId, graph, nc));
} else {
initiateBgpSessions(neighborId, candidateId, neighbor, feasibleLocalIpsForPeeringWithCandidate, tracerouteEngine).stream().filter(BgpSessionInitiationResult::isSuccessful).map(initiationResult -> initiationResult.getFlow().getSrcIp()).forEach(srcIp -> addEdges(neighbor, neighborId, srcIp, candidateId, graph, nc));
}
});
}
}
}
use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.
the class BgpTopologyUtils method initBgpTopology.
/**
* Compute the BGP topology -- a network of {@link BgpPeerConfigId}s connected by {@link
* BgpSessionProperties}.
*
* @param configurations node configurations, keyed by hostname
* @param ipVrfOwners network Ip owners (see {@link IpOwners#computeIpNodeOwners(Map, boolean)}
* for reference)
* @param keepInvalid whether to keep improperly configured neighbors. If performing configuration
* checks, you probably want this set to {@code true}, otherwise (e.g., computing dataplane)
* you want this to be {@code false}.
* @param checkReachability whether to perform dataplane-level checks to ensure that neighbors are
* reachable and sessions can be established correctly. <b>Note:</b> this is different from
* {@code keepInvalid=false}, which only does filters invalid neighbors at the control-plane
* level
* @param tracerouteEngine an instance of {@link TracerouteEngine} for doing reachability checks.
* @param l3Adjacencies {@link L3Adjacencies} of the network, for checking BGP unnumbered
* reachability.
* @return A graph ({@link Network}) representing all BGP peerings.
*/
@Nonnull
public static BgpTopology initBgpTopology(Map<String, Configuration> configurations, Map<Ip, Map<String, Set<String>>> ipVrfOwners, boolean keepInvalid, boolean checkReachability, @Nullable TracerouteEngine tracerouteEngine, Map<String, Map<String, Fib>> fibs, L3Adjacencies l3Adjacencies) {
checkArgument(!checkReachability || !keepInvalid, "Cannot check reachability while keeping invalid peers");
checkArgument(!checkReachability || tracerouteEngine != null, "Cannot check reachability without a traceroute engine");
// TODO: handle duplicate ips on different vrfs
NetworkConfigurations networkConfigurations = NetworkConfigurations.of(configurations);
/*
* First pass: identify all addresses "owned" by BgpNeighbors, add neighbor ids as vertices to
* the graph; dynamically determine local IPs as needed
*/
MutableValueGraph<BgpPeerConfigId, BgpSessionProperties> graph = ValueGraphBuilder.directed().allowsSelfLoops(false).build();
/*
* Multimap of active peers' BgpPeerConfigIds to all IPs that each peer may use as local IP
* when initiating a session. For a peer with an explicitly configured local IP, that IP is
* the only value associated with the peer in this map. Otherwise:
* - If FIBs are provided, the map contains all local IPs with which the peer may initiate,
* as inferred by getPotentialSrcIps().
* - Else no IPs are associated with the peer.
*/
ImmutableSetMultimap.Builder<BgpPeerConfigId, Ip> localIpsBuilder = ImmutableSetMultimap.builder();
for (Configuration node : configurations.values()) {
String hostname = node.getHostname();
for (Vrf vrf : node.getVrfs().values()) {
String vrfName = vrf.getName();
BgpProcess proc = vrf.getBgpProcess();
if (proc == null) {
// nothing to do if no bgp process on this VRF
continue;
}
Fib fib = fibs.getOrDefault(hostname, ImmutableMap.of()).get(vrfName);
for (Entry<Ip, BgpActivePeerConfig> e : proc.getActiveNeighbors().entrySet()) {
Ip peerAddress = e.getKey();
BgpActivePeerConfig config = e.getValue();
if (!keepInvalid && !bgpConfigPassesSanityChecks(config, hostname, vrfName, ipVrfOwners)) {
continue;
}
BgpPeerConfigId neighborId = new BgpPeerConfigId(hostname, vrfName, peerAddress.toPrefix(), false);
graph.addNode(neighborId);
if (config.getLocalIp() != null) {
localIpsBuilder.put(neighborId, config.getLocalIp());
} else if (fib != null) {
// No explicitly configured local IP. Check for dynamically resolvable local IPs.
localIpsBuilder.putAll(neighborId, getPotentialSrcIps(peerAddress, fib, node));
}
}
// Dynamic peers: map of prefix to BgpPassivePeerConfig
proc.getPassiveNeighbors().entrySet().stream().filter(entry -> keepInvalid || bgpConfigPassesSanityChecks(entry.getValue(), hostname, vrfName, ipVrfOwners)).forEach(entry -> graph.addNode(new BgpPeerConfigId(hostname, vrfName, entry.getKey(), true)));
// Unnumbered BGP peers: map of interface name to BgpUnnumberedPeerConfig
proc.getInterfaceNeighbors().entrySet().stream().filter(e -> keepInvalid || bgpConfigPassesSanityChecks(e.getValue(), hostname, vrfName, ipVrfOwners)).forEach(e -> graph.addNode(new BgpPeerConfigId(hostname, vrf.getName(), e.getKey())));
}
}
// Second pass: add edges to the graph. Note, these are directed edges.
Map<String, Multimap<String, BgpPeerConfigId>> receivers = new HashMap<>();
for (BgpPeerConfigId peer : graph.nodes()) {
if (peer.getType() == BgpPeerConfigType.UNNUMBERED) {
// Unnumbered configs only form sessions with each other
continue;
}
Multimap<String, BgpPeerConfigId> vrf = receivers.computeIfAbsent(peer.getHostname(), name -> LinkedListMultimap.create());
vrf.put(peer.getVrfName(), peer);
}
SetMultimap<BgpPeerConfigId, Ip> localIps = localIpsBuilder.build();
for (BgpPeerConfigId neighborId : graph.nodes()) {
switch(neighborId.getType()) {
case DYNAMIC:
// Passive end of the peering cannot initiate a connection
continue;
case ACTIVE:
addActivePeerEdges(neighborId, graph, networkConfigurations, ipVrfOwners, receivers, localIps.get(neighborId), checkReachability, tracerouteEngine);
break;
case UNNUMBERED:
addUnnumberedPeerEdges(neighborId, graph, networkConfigurations, l3Adjacencies);
break;
default:
throw new IllegalArgumentException(String.format("Unrecognized peer type: %s", neighborId));
}
}
return new BgpTopology(graph);
}
use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.
the class BidirectionalTracerouteAnswererTest method testMultipath.
@Test
public void testMultipath() {
Trace forwardTrace1 = new Trace(ACCEPTED, ImmutableList.of());
Trace forwardTrace2 = new Trace(DENIED_IN, ImmutableList.of());
Trace forwardTrace3 = new Trace(DELIVERED_TO_SUBNET, ImmutableList.of());
TraceAndReverseFlow forwardTarf1 = new TraceAndReverseFlow(forwardTrace1, REVERSE_FLOW, ImmutableSet.of());
TraceAndReverseFlow forwardTarf2 = new TraceAndReverseFlow(forwardTrace2, null, ImmutableSet.of());
TraceAndReverseFlow forwardTarf3 = new TraceAndReverseFlow(forwardTrace3, REVERSE_FLOW, ImmutableSet.of());
Trace reverseTrace1 = new Trace(DENIED_IN, ImmutableList.of());
Trace reverseTrace2 = new Trace(EXITS_NETWORK, ImmutableList.of());
TraceAndReverseFlow reverseTarf1 = new TraceAndReverseFlow(reverseTrace1, null, ImmutableSet.of());
TraceAndReverseFlow reverseTarf2 = new TraceAndReverseFlow(reverseTrace2, FORWARD_FLOW, ImmutableSet.of());
TracerouteEngine tracerouteEngine = forFlows(ImmutableMap.of(FORWARD_FLOW, ImmutableList.of(forwardTarf1, forwardTarf2, forwardTarf3), REVERSE_FLOW, ImmutableList.of(reverseTarf1, reverseTarf2)));
List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(ImmutableSet.of(FORWARD_FLOW), tracerouteEngine, false);
assertThat(bidirectionalTraces, contains(new BidirectionalTrace(FORWARD_FLOW, forwardTrace1, ImmutableSet.of(), REVERSE_FLOW, reverseTrace1), new BidirectionalTrace(FORWARD_FLOW, forwardTrace1, ImmutableSet.of(), REVERSE_FLOW, reverseTrace2), new BidirectionalTrace(FORWARD_FLOW, forwardTrace2, ImmutableSet.of(), null, null), new BidirectionalTrace(FORWARD_FLOW, forwardTrace3, ImmutableSet.of(), REVERSE_FLOW, reverseTrace1), new BidirectionalTrace(FORWARD_FLOW, forwardTrace3, ImmutableSet.of(), REVERSE_FLOW, reverseTrace2)));
}
use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.
the class BidirectionalTracerouteAnswererTest method testSessions.
/**
* Make sure we don't mix traces and sessions.
*/
@Test
public void testSessions() {
Trace sessionForwardTrace = new Trace(ACCEPTED, ImmutableList.of());
Trace noSessionForwardTrace = new Trace(DELIVERED_TO_SUBNET, ImmutableList.of());
FirewallSessionTraceInfo session = new FirewallSessionTraceInfo("session", Accept.INSTANCE, ImmutableSet.of(), DUMMY_SESSION_FLOW, null);
TraceAndReverseFlow sessionForwardTarf = new TraceAndReverseFlow(sessionForwardTrace, REVERSE_FLOW, ImmutableList.of(session));
TraceAndReverseFlow noSessionForwardTarf = new TraceAndReverseFlow(noSessionForwardTrace, REVERSE_FLOW, ImmutableList.of());
Trace sessionReverseTrace = new Trace(DENIED_IN, ImmutableList.of());
Trace noSessionReverseTrace = new Trace(DENIED_OUT, ImmutableList.of());
TraceAndReverseFlow sessionReverseTarf = new TraceAndReverseFlow(sessionReverseTrace, null, ImmutableList.of());
TraceAndReverseFlow noSessionReverseTarf = new TraceAndReverseFlow(noSessionReverseTrace, null, ImmutableList.of());
TracerouteEngine tracerouteEngine = forSessions(ImmutableMap.of(ImmutableSet.of(), ImmutableMap.of(FORWARD_FLOW, ImmutableList.of(sessionForwardTarf, noSessionForwardTarf), REVERSE_FLOW, ImmutableList.of(noSessionReverseTarf)), ImmutableSet.of(session), ImmutableMap.of(REVERSE_FLOW, ImmutableList.of(sessionReverseTarf))));
List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(ImmutableSet.of(FORWARD_FLOW), tracerouteEngine, false);
assertThat(bidirectionalTraces, containsInAnyOrder(new BidirectionalTrace(FORWARD_FLOW, sessionForwardTrace, ImmutableSet.of(session), REVERSE_FLOW, sessionReverseTrace), new BidirectionalTrace(FORWARD_FLOW, noSessionForwardTrace, ImmutableSet.of(), REVERSE_FLOW, noSessionReverseTrace)));
}
use of org.batfish.common.plugin.TracerouteEngine in project batfish by batfish.
the class BidirectionalTracerouteAnswerer method bidirectionalTracerouteAnswerElement.
public static AnswerElement bidirectionalTracerouteAnswerElement(Question question, Set<Flow> flows, TracerouteEngine tracerouteEngine, boolean ignoreFilters, @Nullable Integer maxTraces) {
List<BidirectionalTrace> bidirectionalTraces = computeBidirectionalTraces(flows, tracerouteEngine, ignoreFilters);
List<BidirectionalTrace> prunedTraces = maxTraces == null ? bidirectionalTraces : prune(bidirectionalTraces, maxTraces);
ImmutableMultiset<Row> rows = groupTraces(prunedTraces).entrySet().stream().map(entry -> toRow(entry.getKey(), entry.getValue())).collect(ImmutableMultiset.toImmutableMultiset());
TableAnswerElement table = new TableAnswerElement(metadata());
table.postProcessAnswer(question, rows);
return table;
}
Aggregations