Examples with BgpProcess org.batfish.datamodel.BgpProcess used on opensource projects

Example 1 with BgpProcess

use of org.batfish.datamodel.BgpProcess in project batfish by batfish.

the class CommonUtil method initRemoteBgpNeighbors.

/**
 * Initialize BGP neighbors for all nodes.
 *
 * @param configurations map of all configurations, keyed by hostname
 * @param ipOwners mapping of Ips to a set of nodes (hostnames) that owns those IPs
 * @param checkReachability whether bgp neighbor reachability should be checked
 * @param flowProcessor dataplane plugin to use to check reachability. Must not be {@code null} if
 *     {@code checkReachability = true}
 * @param dp dataplane to use to check reachability. Must not be {@code null} if {@code
 *     checkReachability = true}
 */
public static void initRemoteBgpNeighbors(Map<String, Configuration> configurations, Map<Ip, Set<String>> ipOwners, boolean checkReachability, @Nullable FlowProcessor flowProcessor, @Nullable DataPlane dp) {
    // TODO: handle duplicate ips on different vrfs
    Map<BgpNeighbor, Ip> remoteAddresses = new IdentityHashMap<>();
    Map<Ip, Set<BgpNeighbor>> localAddresses = new HashMap<>();
    /*
     * Construct maps indicating which neighbor owns which Ip Address
     */
    for (Configuration node : configurations.values()) {
        String hostname = node.getHostname();
        for (Vrf vrf : node.getVrfs().values()) {
            BgpProcess proc = vrf.getBgpProcess();
            if (proc == null) {
                // nothing to do if no bgp process on this VRF
                continue;
            }
            for (BgpNeighbor bgpNeighbor : proc.getNeighbors().values()) {
                /*
           * Begin by initializing candidate neighbors to an empty set
           */
                bgpNeighbor.initCandidateRemoteBgpNeighbors();
                // Skip things we don't handle
                if (bgpNeighbor.getPrefix().getPrefixLength() < Prefix.MAX_PREFIX_LENGTH) {
                    throw new BatfishException(hostname + ": Do not support dynamic bgp sessions at this time: " + bgpNeighbor.getPrefix());
                }
                Ip remoteAddress = bgpNeighbor.getAddress();
                if (remoteAddress == null) {
                    throw new BatfishException(hostname + ": Could not determine remote address of bgp neighbor: " + bgpNeighbor);
                }
                Ip localAddress = bgpNeighbor.getLocalIp();
                if (localAddress == null || !ipOwners.containsKey(localAddress) || !ipOwners.get(localAddress).contains(hostname)) {
                    // Local address is not owned by anybody
                    continue;
                }
                remoteAddresses.put(bgpNeighbor, remoteAddress);
                // Add this neighbor as owner of its local address
                localAddresses.computeIfAbsent(localAddress, k -> Collections.newSetFromMap(new IdentityHashMap<>())).add(bgpNeighbor);
            }
        }
    }
    /*
     * For each neighbor, construct the set of candidate neighbors, then filter out impossible
     * sessions.
     */
    for (Entry<BgpNeighbor, Ip> e : remoteAddresses.entrySet()) {
        BgpNeighbor bgpNeighbor = e.getKey();
        Ip remoteAddress = e.getValue();
        Ip localAddress = bgpNeighbor.getLocalIp();
        int localLocalAs = bgpNeighbor.getLocalAs();
        int localRemoteAs = bgpNeighbor.getRemoteAs();
        /*
       * Let the set of candidate neighbors be set of neighbors that own the remoteAddress
       */
        Set<BgpNeighbor> remoteBgpNeighborCandidates = localAddresses.get(remoteAddress);
        if (remoteBgpNeighborCandidates == null) {
            // No possible remote neighbors
            continue;
        }
        /*
       * Filter the set of candidate neighbors based on these checks:
       * - Remote neighbor's remote address is the same as our local address
       * - Remote neighbor's remote AS is the same as our local AS (and vice-versa)
       */
        for (BgpNeighbor remoteBgpNeighborCandidate : remoteBgpNeighborCandidates) {
            int remoteLocalAs = remoteBgpNeighborCandidate.getLocalAs();
            int remoteRemoteAs = remoteBgpNeighborCandidate.getRemoteAs();
            Ip reciprocalRemoteIp = remoteBgpNeighborCandidate.getAddress();
            if (localAddress.equals(reciprocalRemoteIp) && localLocalAs == remoteRemoteAs && localRemoteAs == remoteLocalAs) {
                /*
           * Fairly confident establishing the session is possible here, but still check
           * reachability if needed.
           * We should check reachability only for eBgp multihop or iBgp
           */
                if (checkReachability && (bgpNeighbor.getEbgpMultihop() || localLocalAs == remoteLocalAs)) {
                    /*
             * Ensure that the session can be established by running traceroute in both directions
             */
                    if (flowProcessor == null || dp == null) {
                        throw new BatfishException("Cannot compute neighbor reachability without a dataplane");
                    }
                    Flow.Builder fb = new Flow.Builder();
                    fb.setIpProtocol(IpProtocol.TCP);
                    fb.setTag("neighbor-resolution");
                    fb.setIngressNode(bgpNeighbor.getOwner().getHostname());
                    fb.setSrcIp(localAddress);
                    fb.setDstIp(remoteAddress);
                    fb.setSrcPort(NamedPort.EPHEMERAL_LOWEST.number());
                    fb.setDstPort(NamedPort.BGP.number());
                    Flow forwardFlow = fb.build();
                    fb.setIngressNode(remoteBgpNeighborCandidate.getOwner().getHostname());
                    fb.setSrcIp(forwardFlow.getDstIp());
                    fb.setDstIp(forwardFlow.getSrcIp());
                    fb.setSrcPort(forwardFlow.getDstPort());
                    fb.setDstPort(forwardFlow.getSrcPort());
                    Flow backwardFlow = fb.build();
                    SortedMap<Flow, Set<FlowTrace>> traces = flowProcessor.processFlows(dp, ImmutableSet.of(forwardFlow, backwardFlow));
                    if (traces.values().stream().map(fts -> fts.stream().allMatch(ft -> ft.getDisposition() != FlowDisposition.ACCEPTED)).anyMatch(Predicate.isEqual(true))) {
                        /*
               * If either flow has all traceroutes fail, do not consider the neighbor valid
               */
                        continue;
                    }
                    bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
                } else {
                    bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
                }
            }
        }
        Set<BgpNeighbor> finalCandidates = bgpNeighbor.getCandidateRemoteBgpNeighbors();
        if (finalCandidates.size() > 1) {
            /* If we still have not narrowed it down to a single neighbor,
         * pick based on sorted hostnames
         */
            SortedMap<String, BgpNeighbor> hostnameToNeighbor = finalCandidates.stream().collect(ImmutableSortedMap.toImmutableSortedMap(String::compareTo, k -> k.getOwner().getHostname(), Function.identity()));
            bgpNeighbor.setRemoteBgpNeighbor(hostnameToNeighbor.get(hostnameToNeighbor.firstKey()));
        } else if (finalCandidates.size() == 1) {
            bgpNeighbor.setRemoteBgpNeighbor(finalCandidates.iterator().next());
        } else {
            bgpNeighbor.setRemoteBgpNeighbor(null);
        }
    }
}

Example 2 with BgpProcess

use of org.batfish.datamodel.BgpProcess in project batfish by batfish.

the class BdpEngine method computeDependentRoutesIteration.

private void computeDependentRoutesIteration(Map<String, Node> nodes, Topology topology, BdpDataPlane dp, int dependentRoutesIterations, SortedSet<Prefix> oscillatingPrefixes) {
    // (Re)initialization of dependent route calculation
    AtomicInteger reinitializeDependentCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Reinitialize dependent routes", nodes.size());
    try (ActiveSpan computeDependentRoutesSpan = GlobalTracer.get().buildSpan(String.format("Compute dependent routes, iteration:%d", dependentRoutesIterations)).startActive()) {
        // avoid unused warning
        assert computeDependentRoutesSpan != null;
        try (ActiveSpan moveRibsSpan = GlobalTracer.get().buildSpan("Move dependent routes").startActive()) {
            // avoid unused warning
            assert moveRibsSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    /*
                     * For RIBs that require comparision to previous version,
                     * call a function that stores existing ribs
                     * as previous RIBs, then re-initializes current RIBs
                     */
                    vr.moveRibs();
                    /*
                     * For RIBs that do not require comparison to previous version, just re-init
                     */
                    vr.reinitRibsNewIteration();
                }
                reinitializeDependentCompleted.incrementAndGet();
            });
        }
        try (ActiveSpan activeStaticRoutesSpan = GlobalTracer.get().buildSpan("Activate static routes").startActive()) {
            // avoid unused warning
            assert activeStaticRoutesSpan != null;
            // Static nextHopIp routes
            AtomicInteger recomputeStaticCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Recompute static routes with next-hop IP", nodes.size());
            nodes.values().parallelStream().forEach(n -> {
                boolean staticChanged;
                do {
                    staticChanged = false;
                    for (VirtualRouter vr : n._virtualRouters.values()) {
                        staticChanged |= vr.activateStaticRoutes();
                    }
                } while (staticChanged);
                recomputeStaticCompleted.incrementAndGet();
            });
        }
        // Generated/aggregate routes
        AtomicInteger recomputeAggregateCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Recompute aggregate/generated routes", nodes.size());
        try (ActiveSpan activeGeneratedRoutesSpan = GlobalTracer.get().buildSpan("Activate generated routes").startActive()) {
            // avoid unused warning
            assert activeGeneratedRoutesSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    vr._generatedRib = new Rib(vr);
                    while (vr.activateGeneratedRoutes()) {
                    }
                    vr.importRib(vr._mainRib, vr._generatedRib);
                }
                recomputeAggregateCompleted.incrementAndGet();
            });
        }
        // recompute exports
        try (ActiveSpan initOspfExportsSpan = GlobalTracer.get().buildSpan("Initialize OSPF exports").startActive()) {
            // avoid unused warning
            assert initOspfExportsSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    vr.initOspfExports();
                }
            });
        }
        // repropagate exports
        AtomicBoolean ospfExternalChanged = new AtomicBoolean(true);
        int ospfExternalSubIterations = 0;
        try (ActiveSpan repropagateOspfExportsSpan = GlobalTracer.get().buildSpan("Repropagate OSPF exports").startActive()) {
            // avoid unused warning
            assert repropagateOspfExportsSpan != null;
            while (ospfExternalChanged.get()) {
                ospfExternalSubIterations++;
                AtomicInteger propagateOspfExternalCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Propagate OSPF external routes: subIteration: " + ospfExternalSubIterations, nodes.size());
                ospfExternalChanged.set(false);
                nodes.values().parallelStream().forEach(n -> {
                    for (VirtualRouter vr : n._virtualRouters.values()) {
                        if (vr.propagateOspfExternalRoutes(nodes, topology)) {
                            ospfExternalChanged.set(true);
                        }
                    }
                    propagateOspfExternalCompleted.incrementAndGet();
                });
                AtomicInteger unstageOspfExternalCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Unstage OSPF external routes: subIteration: " + ospfExternalSubIterations, nodes.size());
                nodes.values().parallelStream().forEach(n -> {
                    for (VirtualRouter vr : n._virtualRouters.values()) {
                        vr.unstageOspfExternalRoutes();
                    }
                    unstageOspfExternalCompleted.incrementAndGet();
                });
            }
        }
        AtomicInteger importOspfExternalCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Unstage OSPF external routes", nodes.size());
        try (ActiveSpan importOspfExternalRoutesSpan = GlobalTracer.get().buildSpan("Import OSPF external routes").startActive()) {
            // avoid unused warning
            assert importOspfExternalRoutesSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    vr.importRib(vr._ospfRib, vr._ospfExternalType1Rib);
                    vr.importRib(vr._ospfRib, vr._ospfExternalType2Rib);
                    vr.importRib(vr._mainRib, vr._ospfRib);
                }
                importOspfExternalCompleted.incrementAndGet();
            });
        }
        // first let's initialize nodes-level generated/aggregate routes
        try (ActiveSpan initBgpAggregateRoutesSpan = GlobalTracer.get().buildSpan("Initialize BGP aggregate routes").startActive()) {
            // avoid unused warning
            assert initBgpAggregateRoutesSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    if (vr._vrf.getBgpProcess() != null) {
                        vr.initBgpAggregateRoutes();
                    }
                }
            });
        }
        AtomicInteger propagateBgpCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Propagate BGP routes", nodes.size());
        try (ActiveSpan propagateBgpRoutesSpan = GlobalTracer.get().buildSpan("Propagate BGP routes").startActive()) {
            // avoid unused warning
            assert propagateBgpRoutesSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    vr.propagateBgpRoutes(dp.getIpOwners(), dependentRoutesIterations, oscillatingPrefixes, nodes);
                }
                propagateBgpCompleted.incrementAndGet();
            });
        }
        AtomicInteger importBgpCompleted = _newBatch.apply("Iteration " + dependentRoutesIterations + ": Import BGP routes into respective RIBs", nodes.size());
        try (ActiveSpan finalizeBgpRoutesSpan = GlobalTracer.get().buildSpan("Finalize BGP routes").startActive()) {
            // avoid unused warning
            assert finalizeBgpRoutesSpan != null;
            nodes.values().parallelStream().forEach(n -> {
                for (VirtualRouter vr : n._virtualRouters.values()) {
                    BgpProcess proc = vr._vrf.getBgpProcess();
                    if (proc != null) {
                        vr.finalizeBgpRoutes(proc.getMultipathEbgp(), proc.getMultipathIbgp());
                    }
                }
                importBgpCompleted.incrementAndGet();
            });
        }
    }
}

Example 3 with BgpProcess

use of org.batfish.datamodel.BgpProcess in project batfish by batfish.

the class VpnConnection method applyToVpnGateway.

public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
    if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
        warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
        return;
    }
    Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
    for (int i = 0; i < _ipsecTunnels.size(); i++) {
        int idNum = i + 1;
        String vpnId = _vpnConnectionId + "-" + idNum;
        IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
        if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
            throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
        }
        // create representation structures and add to configuration node
        IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
        vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
        IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
        vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
        ipsecVpn.setIpsecPolicy(ipsecPolicy);
        IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
        vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
        ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
        IkeGateway ikeGateway = new IkeGateway(vpnId);
        vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
        ipsecVpn.setIkeGateway(ikeGateway);
        IkePolicy ikePolicy = new IkePolicy(vpnId);
        vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
        ikeGateway.setIkePolicy(ikePolicy);
        IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
        vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
        ikePolicy.getProposals().put(vpnId, ikeProposal);
        String externalInterfaceName = "external" + idNum;
        InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
        Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
        String vpnInterfaceName = "vpn" + idNum;
        InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
        Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
        // Set fields within representation structures
        // ipsec
        ipsecVpn.setBindInterface(vpnInterface);
        ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
        ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
        ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
        ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
        ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
        // ike
        ikeGateway.setExternalInterface(externalInterface);
        ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
        ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
        if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
            ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
            ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
        }
        ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
        ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
        ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
        ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
        // bgp (if configured)
        if (ipsecTunnel.getVgwBgpAsn() != -1) {
            BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
            if (proc == null) {
                proc = new BgpProcess();
                proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
                proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
                vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
            }
            BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
            cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
            cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
            cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
            cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            cgBgpNeighbor.setSendCommunity(false);
            VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
            List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
            if (attachmentVpcIds.size() != 1) {
                throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
            }
            String vpcId = attachmentVpcIds.get(0);
            // iBGP connection to VPC
            Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
            Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
            Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
            BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
            proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
            vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
            vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vgwToVpcBgpNeighbor.setSendCommunity(true);
            // iBGP connection from VPC
            BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
            BgpProcess vpcProc = new BgpProcess();
            vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
            vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
            vpcProc.setRouterId(vpcIfaceAddress);
            vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
            vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
            vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vpcToVgwBgpNeighbor.setSendCommunity(true);
            String rpRejectAllName = "~REJECT_ALL~";
            String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
            If acceptIffEbgp = new If();
            acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
            acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
            RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
            vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
            vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
            RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
            vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
            String rpAcceptAllName = "~ACCEPT_ALL~";
            RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
            vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
            RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
            vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
            Vpc vpc = region.getVpcs().get(vpcId);
            String originationPolicyName = vpnId + "_origination";
            RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
            cgBgpNeighbor.setExportPolicy(originationPolicyName);
            If originationIf = new If();
            List<Statement> statements = originationRoutingPolicy.getStatements();
            statements.add(originationIf);
            statements.add(Statements.ExitReject.toStaticStatement());
            originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
            originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
            RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
            vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
            vpc.getCidrBlockAssociations().forEach(prefix -> {
                RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
                originationRouteFilter.addLine(matchOutgoingPrefix);
            });
            Conjunction conj = new Conjunction();
            originationIf.setGuard(conj);
            conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
            conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
        }
        // static routes (if configured)
        for (Prefix staticRoutePrefix : _routes) {
            StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
            vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
        }
    }
}

Example 4 with BgpProcess

use of org.batfish.datamodel.BgpProcess in project batfish by batfish.

the class Graph method initEbgpNeighbors.

/*
   * Initialize external eBGP neighbors by looking for BGP neighbors
   * where their is no neighbor in the configurations, and the IPs align.
   */
private void initEbgpNeighbors() {
    Map<String, List<Ip>> ips = new HashMap<>();
    Map<String, List<BgpNeighbor>> neighbors = new HashMap<>();
    for (Entry<String, Configuration> entry : _configurations.entrySet()) {
        String router = entry.getKey();
        Configuration conf = entry.getValue();
        List<Ip> ipList = new ArrayList<>();
        List<BgpNeighbor> ns = new ArrayList<>();
        ips.put(router, ipList);
        neighbors.put(router, ns);
        if (conf.getDefaultVrf().getBgpProcess() != null) {
            BgpProcess bgp = conf.getDefaultVrf().getBgpProcess();
            for (BgpNeighbor neighbor : bgp.getNeighbors().values()) {
                ipList.add(neighbor.getAddress());
                ns.add(neighbor);
            }
        }
    }
    for (Entry<String, Configuration> entry : _configurations.entrySet()) {
        String router = entry.getKey();
        Configuration conf = entry.getValue();
        List<Ip> ipList = ips.get(router);
        List<BgpNeighbor> ns = neighbors.get(router);
        if (conf.getDefaultVrf().getBgpProcess() != null) {
            List<GraphEdge> edges = _edgeMap.get(router);
            for (GraphEdge ge : edges) {
                for (int i = 0; i < ipList.size(); i++) {
                    Ip ip = ipList.get(i);
                    BgpNeighbor n = ns.get(i);
                    Interface iface = ge.getStart();
                    if (ip != null && iface.getAddress().getPrefix().containsIp(ip)) {
                        _ebgpNeighbors.put(ge, n);
                    }
                }
            }
        }
    }
}

Example 5 with BgpProcess

use of org.batfish.datamodel.BgpProcess in project batfish by batfish.

the class AbstractionBuilder method createAbstractConfig.

/*
   * Creates a new Configuration from an old one for an abstract router
   * by copying the old configuration, but removing any concrete interfaces,
   * neighbors etc that do not correpond to any abstract neighbors.
   */
private Configuration createAbstractConfig(Set<String> abstractRouters, Configuration conf) {
    Configuration abstractConf = new Configuration(conf.getHostname(), conf.getConfigurationFormat());
    abstractConf.setDnsServers(conf.getDnsServers());
    abstractConf.setDnsSourceInterface(conf.getDnsSourceInterface());
    abstractConf.setDomainName(conf.getDomainName());
    abstractConf.setAuthenticationKeyChains(conf.getAuthenticationKeyChains());
    abstractConf.setIkeGateways(conf.getIkeGateways());
    abstractConf.setDefaultCrossZoneAction(conf.getDefaultCrossZoneAction());
    abstractConf.setIkePolicies(conf.getIkePolicies());
    abstractConf.setIkeProposals(conf.getIkeProposals());
    abstractConf.setDefaultInboundAction(conf.getDefaultInboundAction());
    abstractConf.setIpAccessLists(conf.getIpAccessLists());
    abstractConf.setIp6AccessLists(conf.getIp6AccessLists());
    abstractConf.setRouteFilterLists(conf.getRouteFilterLists());
    abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
    abstractConf.setIpsecPolicies(conf.getIpsecPolicies());
    abstractConf.setIpsecProposals(conf.getIpsecProposals());
    abstractConf.setIpsecVpns(conf.getIpsecVpns());
    abstractConf.setLoggingServers(conf.getLoggingServers());
    abstractConf.setLoggingSourceInterface(conf.getLoggingSourceInterface());
    abstractConf.setNormalVlanRange(conf.getNormalVlanRange());
    abstractConf.setNtpServers(conf.getNtpServers());
    abstractConf.setNtpSourceInterface(conf.getNtpSourceInterface());
    abstractConf.setRoles(conf.getRoles());
    abstractConf.setSnmpSourceInterface(conf.getSnmpSourceInterface());
    abstractConf.setSnmpTrapServers(conf.getSnmpTrapServers());
    abstractConf.setTacacsServers(conf.getTacacsServers());
    abstractConf.setTacacsSourceInterface(conf.getTacacsSourceInterface());
    abstractConf.setVendorFamily(conf.getVendorFamily());
    abstractConf.setZones(conf.getZones());
    abstractConf.setCommunityLists(conf.getCommunityLists());
    abstractConf.setRoutingPolicies(conf.getRoutingPolicies());
    abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
    SortedSet<Interface> toRetain = new TreeSet<>();
    SortedSet<IpLink> ipNeighbors = new TreeSet<>();
    SortedSet<BgpNeighbor> bgpNeighbors = new TreeSet<>();
    List<GraphEdge> edges = _graph.getEdgeMap().get(conf.getName());
    for (GraphEdge ge : edges) {
        boolean leavesNetwork = (ge.getPeer() == null);
        if (leavesNetwork || (abstractRouters.contains(ge.getRouter()) && abstractRouters.contains(ge.getPeer()))) {
            toRetain.add(ge.getStart());
            Ip start = ge.getStart().getAddress().getIp();
            if (!leavesNetwork) {
                Ip end = ge.getEnd().getAddress().getIp();
                ipNeighbors.add(new IpLink(start, end));
            }
            BgpNeighbor n = _graph.getEbgpNeighbors().get(ge);
            if (n != null) {
                bgpNeighbors.add(n);
            }
        }
    }
    // Update interfaces
    NavigableMap<String, Interface> abstractInterfaces = new TreeMap<>();
    for (Entry<String, Interface> entry : conf.getInterfaces().entrySet()) {
        String name = entry.getKey();
        Interface iface = entry.getValue();
        if (toRetain.contains(iface)) {
            abstractInterfaces.put(name, iface);
        }
    }
    abstractConf.setInterfaces(abstractInterfaces);
    // Update VRFs
    Map<String, Vrf> abstractVrfs = new HashMap<>();
    for (Entry<String, Vrf> entry : conf.getVrfs().entrySet()) {
        String name = entry.getKey();
        Vrf vrf = entry.getValue();
        Vrf abstractVrf = new Vrf(name);
        abstractVrf.setStaticRoutes(vrf.getStaticRoutes());
        abstractVrf.setIsisProcess(vrf.getIsisProcess());
        abstractVrf.setRipProcess(vrf.getRipProcess());
        abstractVrf.setSnmpServer(vrf.getSnmpServer());
        NavigableMap<String, Interface> abstractVrfInterfaces = new TreeMap<>();
        for (Entry<String, Interface> entry2 : vrf.getInterfaces().entrySet()) {
            String iname = entry2.getKey();
            Interface iface = entry2.getValue();
            if (toRetain.contains(iface)) {
                abstractVrfInterfaces.put(iname, iface);
            }
        }
        abstractVrf.setInterfaces(abstractVrfInterfaces);
        abstractVrf.setInterfaceNames(new TreeSet<>(abstractVrfInterfaces.keySet()));
        OspfProcess ospf = vrf.getOspfProcess();
        if (ospf != null) {
            OspfProcess abstractOspf = new OspfProcess();
            abstractOspf.setAreas(ospf.getAreas());
            abstractOspf.setExportPolicy(ospf.getExportPolicy());
            abstractOspf.setReferenceBandwidth(ospf.getReferenceBandwidth());
            abstractOspf.setRouterId(ospf.getRouterId());
            // Copy over neighbors
            Map<IpLink, OspfNeighbor> abstractNeighbors = new HashMap<>();
            if (ospf.getOspfNeighbors() != null) {
                for (Entry<IpLink, OspfNeighbor> entry2 : ospf.getOspfNeighbors().entrySet()) {
                    IpLink link = entry2.getKey();
                    OspfNeighbor neighbor = entry2.getValue();
                    if (ipNeighbors.contains(link)) {
                        abstractNeighbors.put(link, neighbor);
                    }
                }
            }
            abstractOspf.setOspfNeighbors(abstractNeighbors);
            abstractVrf.setOspfProcess(abstractOspf);
        }
        BgpProcess bgp = vrf.getBgpProcess();
        if (bgp != null) {
            BgpProcess abstractBgp = new BgpProcess();
            abstractBgp.setMultipathEbgp(bgp.getMultipathEbgp());
            abstractBgp.setMultipathIbgp(bgp.getMultipathIbgp());
            abstractBgp.setRouterId(bgp.getRouterId());
            abstractBgp.setOriginationSpace(bgp.getOriginationSpace());
            // TODO: set bgp neighbors accordingly
            // Copy over neighbors
            SortedMap<Prefix, BgpNeighbor> abstractBgpNeighbors = new TreeMap<>();
            if (bgp.getNeighbors() != null) {
                for (Entry<Prefix, BgpNeighbor> entry2 : bgp.getNeighbors().entrySet()) {
                    Prefix prefix = entry2.getKey();
                    BgpNeighbor neighbor = entry2.getValue();
                    if (bgpNeighbors.contains(neighbor)) {
                        abstractBgpNeighbors.put(prefix, neighbor);
                    }
                }
            }
            abstractBgp.setNeighbors(abstractBgpNeighbors);
            abstractVrf.setBgpProcess(abstractBgp);
        }
        abstractVrfs.put(name, abstractVrf);
    }
    abstractConf.setVrfs(abstractVrfs);
    return abstractConf;
}