use of org.batfish.datamodel.InterfaceAddress in project batfish by batfish.
the class ElasticsearchDomain method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsVpcConfig, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_domainName, "aws");
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
// create an interface per subnet
for (String subnetId : _subnets) {
Subnet subnet = region.getSubnets().get(subnetId);
if (subnet == null) {
warnings.redFlag(String.format("Subnet \"%s\" for Elasticsearch domain \"%s\" not found", subnetId, _domainName));
continue;
}
String instancesIfaceName = String.format("%s-%s", _domainName, subnetId);
Ip instancesIfaceIp = subnet.getNextIp();
InterfaceAddress instancesIfaceAddress = new InterfaceAddress(instancesIfaceIp, subnet.getCidrBlock().getPrefixLength());
Utils.newInterface(instancesIfaceName, cfgNode, instancesIfaceAddress);
Ip defaultGatewayAddress = subnet.computeInstancesIfaceIp();
StaticRoute defaultRoute = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).setNextHopIp(defaultGatewayAddress).setNetwork(Prefix.ZERO).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
}
Utils.processSecurityGroups(region, cfgNode, _securityGroups, warnings);
return cfgNode;
}
use of org.batfish.datamodel.InterfaceAddress in project batfish by batfish.
the class Instance method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsVpcConfig, Region region, Warnings warnings) {
String name = _tags.getOrDefault("Name", _instanceId);
Configuration cfgNode = Utils.newAwsConfiguration(name, "aws");
for (String interfaceId : _networkInterfaces) {
NetworkInterface netInterface = region.getNetworkInterfaces().get(interfaceId);
if (netInterface == null) {
warnings.redFlag(String.format("Network interface \"%s\" for instance \"%s\" not found", interfaceId, _instanceId));
continue;
}
ImmutableSortedSet.Builder<InterfaceAddress> ifaceAddressesBuilder = new ImmutableSortedSet.Builder<>(Comparator.naturalOrder());
Subnet subnet = region.getSubnets().get(netInterface.getSubnetId());
Prefix ifaceSubnet = subnet.getCidrBlock();
Ip defaultGatewayAddress = subnet.computeInstancesIfaceIp();
StaticRoute defaultRoute = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).setNextHopIp(defaultGatewayAddress).setNetwork(Prefix.ZERO).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
for (Ip ip : netInterface.getIpAddressAssociations().keySet()) {
if (!ifaceSubnet.containsIp(ip)) {
warnings.pedantic(String.format("Instance subnet \"%s\" does not contain private ip: \"%s\"", ifaceSubnet, ip));
continue;
}
if (ip.equals(ifaceSubnet.getEndIp())) {
warnings.pedantic(String.format("Expected end address \"%s\" to be used by generated subnet node", ip));
continue;
}
InterfaceAddress address = new InterfaceAddress(ip, ifaceSubnet.getPrefixLength());
ifaceAddressesBuilder.add(address);
}
SortedSet<InterfaceAddress> ifaceAddresses = ifaceAddressesBuilder.build();
Interface iface = Utils.newInterface(interfaceId, cfgNode, ifaceAddresses.first());
iface.setAllAddresses(ifaceAddresses);
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setSubnetId(_subnetId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
}
Utils.processSecurityGroups(region, cfgNode, _securityGroups, warnings);
return cfgNode;
}
use of org.batfish.datamodel.InterfaceAddress in project batfish by batfish.
the class InternetGateway method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_internetGatewayId, "aws");
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
for (String vpcId : _attachmentVpcIds) {
String igwIfaceName = vpcId;
Pair<InterfaceAddress, InterfaceAddress> igwAddresses = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress igwIfaceAddress = igwAddresses.getFirst();
Utils.newInterface(igwIfaceName, cfgNode, igwIfaceAddress);
// add the interface to the vpc router
Configuration vpcConfigNode = awsConfiguration.getConfigurationNodes().get(vpcId);
String vpcIfaceName = _internetGatewayId;
InterfaceAddress vpcIfaceAddress = igwAddresses.getSecond();
Utils.newInterface(vpcIfaceName, vpcConfigNode, vpcIfaceAddress);
// associate this gateway with the vpc
region.getVpcs().get(vpcId).setInternetGatewayId(_internetGatewayId);
// add a route on the gateway to the vpc
Vpc vpc = region.getVpcs().get(vpcId);
vpc.getCidrBlockAssociations().forEach(prefix -> {
StaticRoute igwVpcRoute = StaticRoute.builder().setNetwork(prefix).setNextHopIp(vpcIfaceAddress.getIp()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(igwVpcRoute);
});
}
return cfgNode;
}
use of org.batfish.datamodel.InterfaceAddress in project batfish by batfish.
the class OspfProcess method computeNetworks.
public void computeNetworks(Collection<Interface> interfaces) {
for (Interface i : interfaces) {
InterfaceAddress address = i.getAddress();
if (address == null) {
continue;
}
for (OspfWildcardNetwork wn : _wildcardNetworks) {
// first we check if the interface ip address matches the ospf
// network when the wildcard is ORed to both
long wildcardLong = wn.getWildcard().asLong();
long ospfNetworkLong = wn.getNetworkAddress().asLong();
long intIpLong = address.getIp().asLong();
long wildcardedOspfNetworkLong = ospfNetworkLong | wildcardLong;
long wildcardedIntIpLong = intIpLong | wildcardLong;
if (wildcardedOspfNetworkLong == wildcardedIntIpLong) {
// since we have a match, we add the INTERFACE network, ignoring
// the wildcard stuff from before
Prefix newOspfNetwork = address.getPrefix();
_networks.add(new OspfNetwork(newOspfNetwork, wn.getArea()));
break;
}
}
}
}
use of org.batfish.datamodel.InterfaceAddress in project batfish by batfish.
the class JuniperConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
String hostname = getHostname();
_c = new Configuration(hostname, _vendor);
_c.setAuthenticationKeyChains(convertAuthenticationKeyChains(_authenticationKeyChains));
_c.setRoles(_roles);
_c.setDnsServers(_dnsServers);
_c.setDomainName(_defaultRoutingInstance.getDomainName());
_c.setLoggingServers(_syslogHosts);
_c.setNtpServers(_ntpServers);
_c.setTacacsServers(_tacplusServers);
_c.getVendorFamily().setJuniper(_jf);
for (String riName : _routingInstances.keySet()) {
_c.getVrfs().put(riName, new Vrf(riName));
}
// convert prefix lists to route filter lists
for (Entry<String, PrefixList> e : _prefixLists.entrySet()) {
String name = e.getKey();
PrefixList pl = e.getValue();
RouteFilterList rfl = new RouteFilterList(name);
for (Prefix prefix : pl.getPrefixes()) {
int prefixLength = prefix.getPrefixLength();
org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefixLength, prefixLength));
rfl.addLine(line);
}
_c.getRouteFilterLists().put(name, rfl);
}
// remove ipv6 lines from firewall filters
for (FirewallFilter filter : _filters.values()) {
Set<String> toRemove = new HashSet<>();
for (Entry<String, FwTerm> e2 : filter.getTerms().entrySet()) {
String termName = e2.getKey();
FwTerm term = e2.getValue();
if (term.getIpv6()) {
toRemove.add(termName);
}
}
for (String termName : toRemove) {
filter.getTerms().remove(termName);
}
}
// remove empty firewall filters (ipv6-only filters)
Map<String, FirewallFilter> allFilters = new LinkedHashMap<>();
allFilters.putAll(_filters);
for (Entry<String, FirewallFilter> e : allFilters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getTerms().size() == 0) {
_filters.remove(name);
}
}
// convert firewall filters to ipaccesslists
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
IpAccessList list = toIpAccessList(filter);
_c.getIpAccessLists().put(name, list);
}
// objects
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getRoutingPolicy()) {
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
RoutingPolicy routingPolicy = toRoutingPolicy(filter);
_c.getRoutingPolicies().put(name, routingPolicy);
}
}
// convert route filters to route filter lists
for (Entry<String, RouteFilter> e : _routeFilters.entrySet()) {
String name = e.getKey();
RouteFilter rf = e.getValue();
if (rf.getIpv4()) {
RouteFilterList rfl = new RouteFilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRouteFilterLists().put(name, rfl);
}
if (rf.getIpv6()) {
Route6FilterList rfl = new Route6FilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRoute6FilterLists().put(name, rfl);
}
}
// convert community lists
for (Entry<String, CommunityList> e : _communityLists.entrySet()) {
String name = e.getKey();
CommunityList cl = e.getValue();
org.batfish.datamodel.CommunityList newCl = toCommunityList(cl);
_c.getCommunityLists().put(name, newCl);
}
// convert policy-statements to RoutingPolicy objects
for (Entry<String, PolicyStatement> e : _policyStatements.entrySet()) {
String name = e.getKey();
PolicyStatement ps = e.getValue();
RoutingPolicy routingPolicy = toRoutingPolicy(ps);
_c.getRoutingPolicies().put(name, routingPolicy);
}
// convert interfaces
Map<String, Interface> allInterfaces = new LinkedHashMap<>();
for (Interface iface : _interfaces.values()) {
allInterfaces.putAll(iface.getUnits());
}
for (NodeDevice nd : _nodeDevices.values()) {
for (Interface iface : nd.getInterfaces().values()) {
allInterfaces.putAll(iface.getUnits());
}
}
for (Entry<String, Interface> eUnit : allInterfaces.entrySet()) {
String unitName = eUnit.getKey();
Interface unitIface = eUnit.getValue();
unitIface.inheritUnsetFields();
org.batfish.datamodel.Interface newUnitIface = toInterface(unitIface);
_c.getInterfaces().put(unitName, newUnitIface);
Vrf vrf = newUnitIface.getVrf();
String vrfName = vrf.getName();
vrf.getInterfaces().put(unitName, newUnitIface);
_routingInstances.get(vrfName).getInterfaces().put(unitName, unitIface);
}
// set router-id
if (_defaultRoutingInstance.getRouterId() == null) {
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
InterfaceAddress address = loopback0unit0.getPrimaryAddress();
if (address != null) {
// now we should set router-id
Ip routerId = address.getIp();
_defaultRoutingInstance.setRouterId(routerId);
}
}
}
}
// copy ike proposals
_c.getIkeProposals().putAll(_ikeProposals);
// convert ike policies
for (Entry<String, IkePolicy> e : _ikePolicies.entrySet()) {
String name = e.getKey();
IkePolicy oldIkePolicy = e.getValue();
org.batfish.datamodel.IkePolicy newPolicy = toIkePolicy(oldIkePolicy);
_c.getIkePolicies().put(name, newPolicy);
}
// convert ike gateways
for (Entry<String, IkeGateway> e : _ikeGateways.entrySet()) {
String name = e.getKey();
IkeGateway oldIkeGateway = e.getValue();
org.batfish.datamodel.IkeGateway newIkeGateway = toIkeGateway(oldIkeGateway);
_c.getIkeGateways().put(name, newIkeGateway);
}
// copy ipsec proposals
_c.getIpsecProposals().putAll(_ipsecProposals);
// convert ipsec policies
for (Entry<String, IpsecPolicy> e : _ipsecPolicies.entrySet()) {
String name = e.getKey();
IpsecPolicy oldIpsecPolicy = e.getValue();
org.batfish.datamodel.IpsecPolicy newPolicy = toIpsecPolicy(oldIpsecPolicy);
_c.getIpsecPolicies().put(name, newPolicy);
}
// convert ipsec vpns
for (Entry<String, IpsecVpn> e : _ipsecVpns.entrySet()) {
String name = e.getKey();
IpsecVpn oldIpsecVpn = e.getValue();
org.batfish.datamodel.IpsecVpn newIpsecVpn = toIpsecVpn(oldIpsecVpn);
_c.getIpsecVpns().put(name, newIpsecVpn);
}
// zones
for (Zone zone : _zones.values()) {
org.batfish.datamodel.Zone newZone = toZone(zone);
_c.getZones().put(zone.getName(), newZone);
}
// default zone behavior
_c.setDefaultCrossZoneAction(_defaultCrossZoneAction);
_c.setDefaultInboundAction(_defaultInboundAction);
for (Entry<String, RoutingInstance> e : _routingInstances.entrySet()) {
String riName = e.getKey();
RoutingInstance ri = e.getValue();
Vrf vrf = _c.getVrfs().get(riName);
// dhcp relay
for (Entry<String, DhcpRelayGroup> e2 : ri.getDhcpRelayGroups().entrySet()) {
DhcpRelayGroup rg = e2.getValue();
List<org.batfish.datamodel.Interface> interfaces = new ArrayList<>();
if (rg.getAllInterfaces()) {
interfaces.addAll(_c.getInterfaces().values());
} else {
for (String ifaceName : rg.getInterfaces()) {
org.batfish.datamodel.Interface iface = _c.getInterfaces().get(ifaceName);
interfaces.add(iface);
}
}
String asgName = rg.getActiveServerGroup();
if (asgName != null) {
DhcpRelayServerGroup asg = ri.getDhcpRelayServerGroups().get(asgName);
if (asg == null) {
int asgLine = rg.getActiveServerGroupLine();
undefined(JuniperStructureType.DHCP_RELAY_SERVER_GROUP, asgName, JuniperStructureUsage.DHCP_RELAY_GROUP_ACTIVE_SERVER_GROUP, asgLine);
} else {
for (org.batfish.datamodel.Interface iface : interfaces) {
iface.getDhcpRelayAddresses().addAll(asg.getServers());
}
}
}
}
// snmp
SnmpServer snmpServer = ri.getSnmpServer();
vrf.setSnmpServer(snmpServer);
if (snmpServer != null) {
for (SnmpCommunity community : snmpServer.getCommunities().values()) {
String listName = community.getAccessList();
if (listName != null) {
int listLine = community.getAccessListLine();
PrefixList prefixList = _prefixLists.get(listName);
if (prefixList != null) {
prefixList.getReferers().put(community, "prefix-list for community: " + community.getName());
} else {
undefined(JuniperStructureType.PREFIX_LIST, listName, JuniperStructureUsage.SNMP_COMMUNITY_PREFIX_LIST, listLine);
}
}
}
}
// static routes
for (StaticRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getStaticRoutes().values()) {
org.batfish.datamodel.StaticRoute newStaticRoute = toStaticRoute(route);
vrf.getStaticRoutes().add(newStaticRoute);
}
// aggregate routes
for (AggregateRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getAggregateRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newAggregateRoute = toAggregateRoute(route);
vrf.getGeneratedRoutes().add(newAggregateRoute);
}
// generated routes
for (GeneratedRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getGeneratedRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newGeneratedRoute = toGeneratedRoute(route);
vrf.getGeneratedRoutes().add(newGeneratedRoute);
}
// create ospf process
if (ri.getOspfAreas().size() > 0) {
OspfProcess oproc = createOspfProcess(ri);
vrf.setOspfProcess(oproc);
}
// create is-is process
// is-is runs only if iso address is configured on lo0 unit 0
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
IsoAddress isisNet = loopback0unit0.getIsoAddress();
if (isisNet != null) {
// now we should create is-is process
IsisProcess proc = createIsisProcess(ri, isisNet);
vrf.setIsisProcess(proc);
}
}
}
// create bgp process
if (ri.getNamedBgpGroups().size() > 0 || ri.getIpBgpGroups().size() > 0) {
BgpProcess proc = createBgpProcess(ri);
vrf.setBgpProcess(proc);
}
}
// mark forwarding table export policy if it exists
String forwardingTableExportPolicyName = _defaultRoutingInstance.getForwardingTableExportPolicy();
if (forwardingTableExportPolicyName != null) {
int forwardingTableExportPolicyLine = _defaultRoutingInstance.getForwardingTableExportPolicyLine();
PolicyStatement forwardingTableExportPolicy = _policyStatements.get(forwardingTableExportPolicyName);
if (forwardingTableExportPolicy != null) {
setPolicyStatementReferent(forwardingTableExportPolicyName, _defaultRoutingInstance, "Forwarding-table export policy");
} else {
undefined(JuniperStructureType.POLICY_STATEMENT, forwardingTableExportPolicyName, JuniperStructureUsage.FORWARDING_TABLE_EXPORT_POLICY, forwardingTableExportPolicyLine);
}
}
// mark references to authentication key chain that may not appear in data model
markAuthenticationKeyChains(JuniperStructureUsage.AUTHENTICATION_KEY_CHAINS_POLICY, _c);
markStructure(JuniperStructureType.FIREWALL_FILTER, JuniperStructureUsage.INTERFACE_FILTER, _filters);
// warn about unreferenced data structures
warnUnreferencedAuthenticationKeyChains();
warnUnreferencedBgpGroups();
warnUnreferencedDhcpRelayServerGroups();
warnUnreferencedPolicyStatements();
warnUnreferencedFirewallFilters();
warnUnreferencedIkeProposals();
warnUnreferencedIkePolicies();
warnUnreferencedIkeGateways();
warnUnreferencedIpsecProposals();
warnUnreferencedIpsecPolicies();
warnUnusedPrefixLists();
warnEmptyPrefixLists();
warnAndDisableUnreferencedStInterfaces();
_c.computeRoutingPolicySources(_w);
return _c;
}
Aggregations