Example 26 with Configuration
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Region method toConfigurationNodes.
public void toConfigurationNodes(AwsConfiguration awsConfiguration, Map<String, Configuration> configurationNodes) {
// updates the Ips which have been allocated already in subnets of all interfaces
updateAllocatedIps();
for (Vpc vpc : getVpcs().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = vpc.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (ElasticsearchDomain elasticsearchDomain : getElasticSearchDomains().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = elasticsearchDomain.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (InternetGateway igw : getInternetGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = igw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (NatGateway ngw : getNatGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
warnings.redFlag("NAT functionality not yet implemented for " + ngw.getId());
Configuration cfgNode = ngw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (VpnGateway vgw : getVpnGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = vgw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (Instance instance : getInstances().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = instance.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (RdsInstance rdsInstance : getRdsInstances().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = rdsInstance.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (Subnet subnet : getSubnets().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = subnet.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (VpnConnection vpnConnection : getVpnConnections().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
vpnConnection.applyToVpnGateway(awsConfiguration, this, warnings);
awsConfiguration.getWarningsByHost().put(vpnConnection.getId(), warnings);
}
applySecurityGroupsAcls(configurationNodes);
// TODO: for now, set all interfaces to have the same bandwidth
for (Configuration cfgNode : configurationNodes.values()) {
for (Vrf vrf : cfgNode.getVrfs().values()) {
for (Interface iface : vrf.getInterfaces().values()) {
iface.setBandwidth(1E12d);
}
}
}
}
Also used :
Configuration(org.batfish.datamodel.Configuration)
Vrf(org.batfish.datamodel.Vrf)
Warnings(org.batfish.common.Warnings)
Interface(org.batfish.datamodel.Interface)
Example 27 with Configuration
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Route method toStaticRoute.
@Nullable
public StaticRoute toStaticRoute(AwsConfiguration awsConfiguration, Region region, Ip vpcAddress, @Nullable Ip igwAddress, @Nullable Ip vgwAddress, Subnet subnet, Configuration subnetCfgNode, Warnings warnings) {
// setting the common properties
StaticRoute.Builder srBuilder = StaticRoute.builder().setNetwork(_destinationCidrBlock).setAdministrativeCost(DEFAULT_STATIC_ROUTE_ADMIN).setMetric(DEFAULT_STATIC_ROUTE_COST);
if (_state == State.BLACKHOLE) {
srBuilder.setNextHopInterface(Interface.NULL_INTERFACE_NAME);
} else {
switch(_targetType) {
case Gateway:
if (_target.equals("local")) {
// send to the vpc router
srBuilder.setNextHopIp(vpcAddress);
} else {
// exception
if (_target.equals(subnet.getInternetGatewayId())) {
srBuilder.setNextHopIp(igwAddress);
} else if (_target.equals(subnet.getVpnGatewayId())) {
srBuilder.setNextHopIp(vgwAddress);
} else {
throw new BatfishException("Internet gateway \"" + _target + "\" specified in this route not accessible from this subnet");
}
}
break;
case NatGateway:
// TODO: it is NOT clear that this is the right thing to do
// for NATs with multiple interfaces, we should probably match on private IPs?
srBuilder.setNextHopIp(region.getNatGateways().get(_target).getNatGatewayAddresses().get(0)._privateIp);
break;
case NetworkInterface:
NetworkInterface networkInterface = region.getNetworkInterfaces().get(_target);
String networkInterfaceSubnetId = networkInterface.getSubnetId();
if (networkInterfaceSubnetId.equals(subnet.getId())) {
Set<Ip> networkInterfaceIps = new TreeSet<>();
networkInterfaceIps.addAll(networkInterface.getIpAddressAssociations().keySet());
Ip lowestIp = networkInterfaceIps.toArray(new Ip[] {})[0];
if (!subnet.getCidrBlock().containsIp(lowestIp)) {
throw new BatfishException("Ip of network interface specified in static route not in containing subnet");
}
srBuilder.setNextHopIp(lowestIp);
} else {
String networkInterfaceVpcId = region.getSubnets().get(networkInterfaceSubnetId).getVpcId();
String vpcId = subnet.getVpcId();
if (!vpcId.equals(networkInterfaceVpcId)) {
throw new BatfishException("Cannot peer with interface on different VPC");
}
// need to create a link between subnet on which route is created
// and instance containing network interface
String subnetIfaceName = _target;
Pair<InterfaceAddress, InterfaceAddress> instanceLink = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress subnetIfaceAddress = instanceLink.getFirst();
Utils.newInterface(subnetIfaceName, subnetCfgNode, subnetIfaceAddress);
// set up instance interface
String instanceId = networkInterface.getAttachmentInstanceId();
String instanceIfaceName = subnet.getId();
Configuration instanceCfgNode = awsConfiguration.getConfigurationNodes().get(instanceId);
InterfaceAddress instanceIfaceAddress = instanceLink.getSecond();
Interface instanceIface = Utils.newInterface(instanceIfaceName, instanceCfgNode, instanceIfaceAddress);
instanceIface.setIncomingFilter(instanceCfgNode.getIpAccessLists().getOrDefault(Region.SG_INGRESS_ACL_NAME, new IpAccessList(Region.SG_INGRESS_ACL_NAME, new LinkedList<>())));
instanceIface.setOutgoingFilter(instanceCfgNode.getIpAccessLists().getOrDefault(Region.SG_EGRESS_ACL_NAME, new IpAccessList(Region.SG_EGRESS_ACL_NAME, new LinkedList<>())));
Ip nextHopIp = instanceIfaceAddress.getIp();
srBuilder.setNextHopIp(nextHopIp);
}
break;
case VpcPeeringConnection:
// create route for vpc peering connection
String vpcPeeringConnectionid = _target;
VpcPeeringConnection vpcPeeringConnection = region.getVpcPeeringConnections().get(vpcPeeringConnectionid);
String localVpcId = subnet.getVpcId();
String accepterVpcId = vpcPeeringConnection.getAccepterVpcId();
String requesterVpcId = vpcPeeringConnection.getRequesterVpcId();
String remoteVpcId = localVpcId.equals(accepterVpcId) ? requesterVpcId : accepterVpcId;
Configuration remoteVpcCfgNode = awsConfiguration.getConfigurationNodes().get(remoteVpcId);
if (remoteVpcCfgNode == null) {
warnings.redFlag("VPC \"" + localVpcId + "\" cannot peer with non-existent VPC: \"" + remoteVpcId + "\"");
return null;
}
// set up subnet interface if necessary
String subnetIfaceName = remoteVpcId;
String remoteVpcIfaceName = subnet.getId();
Ip remoteVpcIfaceIp;
if (!subnetCfgNode.getDefaultVrf().getInterfaces().containsKey(subnetIfaceName)) {
// create prefix on which subnet and remote vpc router will
// connect
Pair<InterfaceAddress, InterfaceAddress> peeringLink = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress subnetIfaceAddress = peeringLink.getFirst();
Utils.newInterface(subnetIfaceName, subnetCfgNode, subnetIfaceAddress);
// set up remote vpc router interface
InterfaceAddress remoteVpcIfaceAddress = peeringLink.getSecond();
Interface remoteVpcIface = new Interface(remoteVpcIfaceName, remoteVpcCfgNode);
remoteVpcCfgNode.getInterfaces().put(remoteVpcIfaceName, remoteVpcIface);
remoteVpcCfgNode.getDefaultVrf().getInterfaces().put(remoteVpcIfaceName, remoteVpcIface);
remoteVpcIface.setAddress(remoteVpcIfaceAddress);
remoteVpcIface.getAllAddresses().add(remoteVpcIfaceAddress);
}
// interface pair exists now, so just retrieve existing information
remoteVpcIfaceIp = remoteVpcCfgNode.getDefaultVrf().getInterfaces().get(remoteVpcIfaceName).getAddress().getIp();
// initialize static route on new link
srBuilder.setNextHopIp(remoteVpcIfaceIp);
break;
case Instance:
// TODO: create route for instance
warnings.redFlag("Skipping creating route to " + _destinationCidrBlock + " for instance: \"" + _target + "\"");
return null;
default:
throw new BatfishException("Unsupported target type: " + _targetType);
}
}
return srBuilder.build();
}
Also used :
BatfishException(org.batfish.common.BatfishException)
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Ip(org.batfish.datamodel.Ip)
TreeSet(java.util.TreeSet)
IpAccessList(org.batfish.datamodel.IpAccessList)
Interface(org.batfish.datamodel.Interface)
Nullable(javax.annotation.Nullable)
Example 28 with Configuration
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class HostConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
if (_underlayConfiguration != null) {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(_underlayConfiguration.canonicalizeInterfaceName(name)));
} else {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(name));
}
String hostname = getHostname();
_c = new Configuration(hostname, ConfigurationFormat.HOST);
_c.setDefaultCrossZoneAction(LineAction.ACCEPT);
_c.setDefaultInboundAction(LineAction.ACCEPT);
_c.setRoles(_roles);
_c.getVrfs().put(Configuration.DEFAULT_VRF_NAME, new Vrf(Configuration.DEFAULT_VRF_NAME));
// add interfaces
_hostInterfaces.values().forEach(hostInterface -> {
String canonicalName = hostInterface.getCanonicalName();
Interface newIface = hostInterface.toInterface(_c, _w);
_c.getInterfaces().put(canonicalName, newIface);
_c.getDefaultVrf().getInterfaces().put(canonicalName, newIface);
});
// add iptables
if (_iptablesVendorConfig != null) {
_iptablesVendorConfig.addAsIpAccessLists(_c, this, _w);
}
// apply acls to interfaces
if (simple()) {
for (Interface iface : _c.getDefaultVrf().getInterfaces().values()) {
iface.setIncomingFilter(_c.getIpAccessLists().get(FILTER_INPUT));
iface.setOutgoingFilter(_c.getIpAccessLists().get(FILTER_OUTPUT));
}
} else {
_w.unimplemented("Do not support complicated iptables rules yet");
}
_c.getDefaultVrf().getStaticRoutes().addAll(_staticRoutes.stream().map(hsr -> hsr.toStaticRoute()).collect(Collectors.toSet()));
Set<StaticRoute> staticRoutes = _c.getDefaultVrf().getStaticRoutes();
for (HostInterface iface : _hostInterfaces.values()) {
Ip gateway = iface.getGateway();
if (gateway != null) {
staticRoutes.add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopIp(gateway).setNextHopInterface(iface.getName()).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
break;
}
}
if (_staticRoutes.isEmpty() && staticRoutes.isEmpty() && !_c.getInterfaces().isEmpty()) {
String ifaceName = _c.getInterfaces().values().iterator().next().getName();
_c.getDefaultVrf().getStaticRoutes().add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopInterface(ifaceName).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
}
return _c;
}
Also used :
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
IptablesVendorConfiguration(org.batfish.representation.iptables.IptablesVendorConfiguration)
VendorConfiguration(org.batfish.vendor.VendorConfiguration)
Ip(org.batfish.datamodel.Ip)
Vrf(org.batfish.datamodel.Vrf)
Interface(org.batfish.datamodel.Interface)
Example 29 with Configuration
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Graph method initAreaIds.
/*
* Initialize each routers set of area IDs for OSPF
*/
private void initAreaIds() {
for (Entry<String, Configuration> entry : _configurations.entrySet()) {
String router = entry.getKey();
Configuration conf = entry.getValue();
Set<Long> areaIds = new HashSet<>();
OspfProcess p = conf.getDefaultVrf().getOspfProcess();
if (p != null) {
p.getAreas().forEach((id, area) -> areaIds.add(id));
}
_areaIds.put(router, areaIds);
}
}
Also used :
Configuration(org.batfish.datamodel.Configuration)
OspfProcess(org.batfish.datamodel.OspfProcess)
HashSet(java.util.HashSet)
Example 30 with Configuration
use of org.batfish.datamodel.Configuration in project batfish by batfish.
the class Graph method initNamedCommunities.
/*
* Map named community sets that contain a single match
* back to the community/regex value. This makes it
* easier to provide intuitive counter examples.
*/
private void initNamedCommunities() {
_namedCommunities = new HashMap<>();
for (Configuration conf : getConfigurations().values()) {
for (Entry<String, CommunityList> entry : conf.getCommunityLists().entrySet()) {
String name = entry.getKey();
CommunityList cl = entry.getValue();
if (cl != null && cl.getLines().size() == 1) {
CommunityListLine line = cl.getLines().get(0);
_namedCommunities.put(line.getRegex(), name);
}
}
}
}
Also used :
Configuration(org.batfish.datamodel.Configuration)
CommunityListLine(org.batfish.datamodel.CommunityListLine)
CommunityList(org.batfish.datamodel.CommunityList)
Aggregations
Configuration (org.batfish.datamodel.Configuration)170
Test (org.junit.Test)69
Interface (org.batfish.datamodel.Interface)55
Ip (org.batfish.datamodel.Ip)49
Vrf (org.batfish.datamodel.Vrf)45
HashMap (java.util.HashMap)44
Topology (org.batfish.datamodel.Topology)38
VendorConfiguration (org.batfish.vendor.VendorConfiguration)35
Prefix (org.batfish.datamodel.Prefix)33
Edge (org.batfish.datamodel.Edge)32
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)30
Map (java.util.Map)29
Set (java.util.Set)29
TreeMap (java.util.TreeMap)29
BatfishException (org.batfish.common.BatfishException)28
IpAccessList (org.batfish.datamodel.IpAccessList)26
ArrayList (java.util.ArrayList)25
HashSet (java.util.HashSet)25
List (java.util.List)25
SortedSet (java.util.SortedSet)24
