Examples with RouteFilterLine org.batfish.datamodel.RouteFilterLine used on opensource projects

Example 1 with RouteFilterLine

use of org.batfish.datamodel.RouteFilterLine in project batfish by batfish.

the class CiscoConfiguration method toOspfProcess.

private org.batfish.datamodel.OspfProcess toOspfProcess(OspfProcess proc, String vrfName, Configuration c, CiscoConfiguration oldConfig) {
    org.batfish.datamodel.OspfProcess newProcess = new org.batfish.datamodel.OspfProcess();
    org.batfish.datamodel.Vrf vrf = c.getVrfs().get(vrfName);
    if (proc.getMaxMetricRouterLsa()) {
        newProcess.setMaxMetricTransitLinks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        if (proc.getMaxMetricIncludeStub()) {
            newProcess.setMaxMetricStubNetworks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        }
        newProcess.setMaxMetricExternalNetworks(proc.getMaxMetricExternalLsa());
        newProcess.setMaxMetricSummaryNetworks(proc.getMaxMetricSummaryLsa());
    }
    newProcess.setProcessId(proc.getName());
    // establish areas and associated interfaces
    Map<Long, OspfArea> areas = newProcess.getAreas();
    Map<Long, ImmutableSortedSet.Builder<String>> areaInterfacesBuilders = new HashMap<>();
    List<OspfNetwork> networks = new ArrayList<>();
    networks.addAll(proc.getNetworks());
    Collections.sort(networks, new Comparator<OspfNetwork>() {

        // sort so longest prefixes are first
        @Override
        public int compare(OspfNetwork lhs, OspfNetwork rhs) {
            int lhsPrefixLength = lhs.getPrefix().getPrefixLength();
            int rhsPrefixLength = rhs.getPrefix().getPrefixLength();
            // intentionally swapped
            int result = Integer.compare(rhsPrefixLength, lhsPrefixLength);
            if (result == 0) {
                long lhsIp = lhs.getPrefix().getStartIp().asLong();
                long rhsIp = rhs.getPrefix().getStartIp().asLong();
                result = Long.compare(lhsIp, rhsIp);
            }
            return result;
        }
    });
    // Set RFC 1583 compatibility
    newProcess.setRfc1583Compatible(proc.getRfc1583Compatible());
    for (Entry<String, org.batfish.datamodel.Interface> e : vrf.getInterfaces().entrySet()) {
        String ifaceName = e.getKey();
        org.batfish.datamodel.Interface iface = e.getValue();
        InterfaceAddress interfaceAddress = iface.getAddress();
        if (interfaceAddress == null) {
            continue;
        }
        for (OspfNetwork network : networks) {
            Prefix networkPrefix = network.getPrefix();
            Ip networkAddress = networkPrefix.getStartIp();
            Ip maskedInterfaceAddress = interfaceAddress.getIp().getNetworkAddress(networkPrefix.getPrefixLength());
            if (maskedInterfaceAddress.equals(networkAddress)) {
                // we have a longest prefix match
                long areaNum = network.getArea();
                OspfArea newArea = areas.computeIfAbsent(areaNum, OspfArea::new);
                ImmutableSortedSet.Builder<String> newAreaInterfacesBuilder = areaInterfacesBuilders.computeIfAbsent(areaNum, n -> ImmutableSortedSet.naturalOrder());
                newAreaInterfacesBuilder.add(ifaceName);
                iface.setOspfArea(newArea);
                iface.setOspfEnabled(true);
                boolean passive = proc.getPassiveInterfaceList().contains(iface.getName()) || (proc.getPassiveInterfaceDefault() && !proc.getActiveInterfaceList().contains(iface.getName()));
                iface.setOspfPassive(passive);
                break;
            }
        }
        areaInterfacesBuilders.forEach((areaNum, interfacesBuilder) -> areas.get(areaNum).setInterfaces(interfacesBuilder.build()));
    }
    // create summarization filters for inter-area routes
    for (Entry<Long, Map<Prefix, OspfAreaSummary>> e1 : proc.getSummaries().entrySet()) {
        long areaLong = e1.getKey();
        Map<Prefix, OspfAreaSummary> summaries = e1.getValue();
        OspfArea area = areas.get(areaLong);
        String summaryFilterName = "~OSPF_SUMMARY_FILTER:" + vrfName + ":" + areaLong + "~";
        RouteFilterList summaryFilter = new RouteFilterList(summaryFilterName);
        c.getRouteFilterLists().put(summaryFilterName, summaryFilter);
        if (area == null) {
            area = new OspfArea(areaLong);
            areas.put(areaLong, area);
        }
        area.setSummaryFilter(summaryFilterName);
        for (Entry<Prefix, OspfAreaSummary> e2 : summaries.entrySet()) {
            Prefix prefix = e2.getKey();
            OspfAreaSummary summary = e2.getValue();
            int prefixLength = prefix.getPrefixLength();
            int filterMinPrefixLength = summary.getAdvertised() ? Math.min(Prefix.MAX_PREFIX_LENGTH, prefixLength + 1) : prefixLength;
            summaryFilter.addLine(new RouteFilterLine(LineAction.REJECT, prefix, new SubRange(filterMinPrefixLength, Prefix.MAX_PREFIX_LENGTH)));
        }
        area.setSummaries(ImmutableSortedMap.copyOf(summaries));
        summaryFilter.addLine(new RouteFilterLine(LineAction.ACCEPT, Prefix.ZERO, new SubRange(0, Prefix.MAX_PREFIX_LENGTH)));
    }
    String ospfExportPolicyName = "~OSPF_EXPORT_POLICY:" + vrfName + "~";
    RoutingPolicy ospfExportPolicy = new RoutingPolicy(ospfExportPolicyName, c);
    c.getRoutingPolicies().put(ospfExportPolicyName, ospfExportPolicy);
    List<Statement> ospfExportStatements = ospfExportPolicy.getStatements();
    newProcess.setExportPolicy(ospfExportPolicyName);
    // policy map for default information
    if (proc.getDefaultInformationOriginate()) {
        If ospfExportDefault = new If();
        ospfExportStatements.add(ospfExportDefault);
        ospfExportDefault.setComment("OSPF export default route");
        Conjunction ospfExportDefaultConditions = new Conjunction();
        List<Statement> ospfExportDefaultStatements = ospfExportDefault.getTrueStatements();
        ospfExportDefaultConditions.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0)))))));
        long metric = proc.getDefaultInformationMetric();
        ospfExportDefaultStatements.add(new SetMetric(new LiteralLong(metric)));
        OspfMetricType metricType = proc.getDefaultInformationMetricType();
        ospfExportDefaultStatements.add(new SetOspfMetricType(metricType));
        // add default export map with metric
        String defaultOriginateMapName = proc.getDefaultInformationOriginateMap();
        boolean useAggregateDefaultOnly;
        if (defaultOriginateMapName != null) {
            int defaultOriginateMapLine = proc.getDefaultInformationOriginateMapLine();
            useAggregateDefaultOnly = true;
            RoutingPolicy ospfDefaultGenerationPolicy = c.getRoutingPolicies().get(defaultOriginateMapName);
            if (ospfDefaultGenerationPolicy == null) {
                undefined(CiscoStructureType.ROUTE_MAP, defaultOriginateMapName, CiscoStructureUsage.OSPF_DEFAULT_ORIGINATE_ROUTE_MAP, defaultOriginateMapLine);
            } else {
                RouteMap generationRouteMap = _routeMaps.get(defaultOriginateMapName);
                generationRouteMap.getReferers().put(proc, "ospf default-originate route-map");
                GeneratedRoute.Builder route = new GeneratedRoute.Builder();
                route.setNetwork(Prefix.ZERO);
                route.setAdmin(MAX_ADMINISTRATIVE_COST);
                route.setGenerationPolicy(defaultOriginateMapName);
                newProcess.getGeneratedRoutes().add(route.build());
            }
        } else if (proc.getDefaultInformationOriginateAlways()) {
            useAggregateDefaultOnly = true;
            // add generated aggregate with no precondition
            GeneratedRoute.Builder route = new GeneratedRoute.Builder();
            route.setNetwork(Prefix.ZERO);
            route.setAdmin(MAX_ADMINISTRATIVE_COST);
            newProcess.getGeneratedRoutes().add(route.build());
        } else {
            // do not generate an aggregate default route;
            // just redistribute any existing default route with the new metric
            useAggregateDefaultOnly = false;
        }
        if (useAggregateDefaultOnly) {
            ospfExportDefaultConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.AGGREGATE));
        }
        ospfExportDefaultStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportDefault.setGuard(ospfExportDefaultConditions);
    }
    // policy for redistributing connected routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rcp = proc.getRedistributionPolicies().get(RoutingProtocol.CONNECTED);
    if (rcp != null) {
        If ospfExportConnected = new If();
        ospfExportConnected.setComment("OSPF export connected routes");
        Conjunction ospfExportConnectedConditions = new Conjunction();
        ospfExportConnectedConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.CONNECTED));
        List<Statement> ospfExportConnectedStatements = ospfExportConnected.getTrueStatements();
        Long metric = rcp.getMetric();
        OspfMetricType metricType = rcp.getMetricType();
        ospfExportConnectedStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.CONNECTED);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportConnected);
        // add default export map with metric
        String exportConnectedRouteMapName = rcp.getRouteMap();
        if (exportConnectedRouteMapName != null) {
            int exportConnectedRouteMapLine = rcp.getRouteMapLine();
            RouteMap exportConnectedRouteMap = _routeMaps.get(exportConnectedRouteMapName);
            if (exportConnectedRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportConnectedRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_CONNECTED_MAP, exportConnectedRouteMapLine);
            } else {
                exportConnectedRouteMap.getReferers().put(proc, "ospf redistribute connected route-map");
                ospfExportConnectedConditions.getConjuncts().add(new CallExpr(exportConnectedRouteMapName));
            }
        }
        ospfExportConnectedStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportConnected.setGuard(ospfExportConnectedConditions);
    }
    // policy map for redistributing static routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rsp = proc.getRedistributionPolicies().get(RoutingProtocol.STATIC);
    if (rsp != null) {
        If ospfExportStatic = new If();
        ospfExportStatic.setComment("OSPF export static routes");
        Conjunction ospfExportStaticConditions = new Conjunction();
        ospfExportStaticConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
        List<Statement> ospfExportStaticStatements = ospfExportStatic.getTrueStatements();
        ospfExportStaticConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rsp.getMetric();
        OspfMetricType metricType = rsp.getMetricType();
        ospfExportStaticStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.STATIC);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportStatic);
        // add export map with metric
        String exportStaticRouteMapName = rsp.getRouteMap();
        if (exportStaticRouteMapName != null) {
            int exportStaticRouteMapLine = rsp.getRouteMapLine();
            RouteMap exportStaticRouteMap = _routeMaps.get(exportStaticRouteMapName);
            if (exportStaticRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportStaticRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_STATIC_MAP, exportStaticRouteMapLine);
            } else {
                exportStaticRouteMap.getReferers().put(proc, "ospf redistribute static route-map");
                ospfExportStaticConditions.getConjuncts().add(new CallExpr(exportStaticRouteMapName));
            }
        }
        ospfExportStaticStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportStatic.setGuard(ospfExportStaticConditions);
    }
    // policy map for redistributing bgp routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rbp = proc.getRedistributionPolicies().get(RoutingProtocol.BGP);
    if (rbp != null) {
        If ospfExportBgp = new If();
        ospfExportBgp.setComment("OSPF export bgp routes");
        Conjunction ospfExportBgpConditions = new Conjunction();
        ospfExportBgpConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
        List<Statement> ospfExportBgpStatements = ospfExportBgp.getTrueStatements();
        ospfExportBgpConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rbp.getMetric();
        OspfMetricType metricType = rbp.getMetricType();
        ospfExportBgpStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.BGP);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportBgp);
        // add export map with metric
        String exportBgpRouteMapName = rbp.getRouteMap();
        if (exportBgpRouteMapName != null) {
            int exportBgpRouteMapLine = rbp.getRouteMapLine();
            RouteMap exportBgpRouteMap = _routeMaps.get(exportBgpRouteMapName);
            if (exportBgpRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportBgpRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_BGP_MAP, exportBgpRouteMapLine);
            } else {
                exportBgpRouteMap.getReferers().put(proc, "ospf redistribute bgp route-map");
                ospfExportBgpConditions.getConjuncts().add(new CallExpr(exportBgpRouteMapName));
            }
        }
        ospfExportBgpStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportBgp.setGuard(ospfExportBgpConditions);
    }
    newProcess.setReferenceBandwidth(proc.getReferenceBandwidth());
    Ip routerId = proc.getRouterId();
    if (routerId == null) {
        Map<String, Interface> interfacesToCheck;
        Map<String, Interface> allInterfaces = oldConfig.getInterfaces();
        Map<String, Interface> loopbackInterfaces = new HashMap<>();
        for (Entry<String, Interface> e : allInterfaces.entrySet()) {
            String ifaceName = e.getKey();
            Interface iface = e.getValue();
            if (ifaceName.toLowerCase().startsWith("loopback") && iface.getActive() && iface.getAddress() != null) {
                loopbackInterfaces.put(ifaceName, iface);
            }
        }
        if (loopbackInterfaces.isEmpty()) {
            interfacesToCheck = allInterfaces;
        } else {
            interfacesToCheck = loopbackInterfaces;
        }
        Ip highestIp = Ip.ZERO;
        for (Interface iface : interfacesToCheck.values()) {
            if (!iface.getActive()) {
                continue;
            }
            for (InterfaceAddress address : iface.getAllAddresses()) {
                Ip ip = address.getIp();
                if (highestIp.asLong() < ip.asLong()) {
                    highestIp = ip;
                }
            }
        }
        if (highestIp == Ip.ZERO) {
            _w.redFlag("No candidates for OSPF router-id");
            return null;
        }
        routerId = highestIp;
    }
    newProcess.setRouterId(routerId);
    return newProcess;
}

Example 2 with RouteFilterLine

use of org.batfish.datamodel.RouteFilterLine in project batfish by batfish.

the class CiscoConfiguration method toRouteFilterList.

private RouteFilterList toRouteFilterList(PrefixList list) {
    RouteFilterList newRouteFilterList = new RouteFilterList(list.getName());
    List<RouteFilterLine> newLines = list.getLines().stream().map(l -> new RouteFilterLine(l.getAction(), l.getPrefix(), l.getLengthRange())).collect(ImmutableList.toImmutableList());
    newRouteFilterList.setLines(newLines);
    return newRouteFilterList;
}

Example 3 with RouteFilterLine

use of org.batfish.datamodel.RouteFilterLine in project batfish by batfish.

the class CiscoConfiguration method toRouteFilterList.

private RouteFilterList toRouteFilterList(ExtendedAccessList eaList) {
    String name = eaList.getName();
    RouteFilterList newList = new RouteFilterList(name);
    for (ExtendedAccessListLine fromLine : eaList.getLines()) {
        RouteFilterLine newLine = toRouteFilterLine(fromLine);
        newList.addLine(newLine);
    }
    return newList;
}

Example 4 with RouteFilterLine

use of org.batfish.datamodel.RouteFilterLine in project batfish by batfish.

the class VpnConnection method applyToVpnGateway.

public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
    if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
        warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
        return;
    }
    Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
    for (int i = 0; i < _ipsecTunnels.size(); i++) {
        int idNum = i + 1;
        String vpnId = _vpnConnectionId + "-" + idNum;
        IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
        if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
            throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
        }
        // create representation structures and add to configuration node
        IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
        vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
        IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
        vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
        ipsecVpn.setIpsecPolicy(ipsecPolicy);
        IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
        vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
        ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
        IkeGateway ikeGateway = new IkeGateway(vpnId);
        vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
        ipsecVpn.setIkeGateway(ikeGateway);
        IkePolicy ikePolicy = new IkePolicy(vpnId);
        vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
        ikeGateway.setIkePolicy(ikePolicy);
        IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
        vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
        ikePolicy.getProposals().put(vpnId, ikeProposal);
        String externalInterfaceName = "external" + idNum;
        InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
        Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
        String vpnInterfaceName = "vpn" + idNum;
        InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
        Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
        // Set fields within representation structures
        // ipsec
        ipsecVpn.setBindInterface(vpnInterface);
        ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
        ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
        ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
        ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
        ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
        // ike
        ikeGateway.setExternalInterface(externalInterface);
        ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
        ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
        if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
            ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
            ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
        }
        ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
        ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
        ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
        ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
        // bgp (if configured)
        if (ipsecTunnel.getVgwBgpAsn() != -1) {
            BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
            if (proc == null) {
                proc = new BgpProcess();
                proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
                proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
                vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
            }
            BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
            cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
            cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
            cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
            cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            cgBgpNeighbor.setSendCommunity(false);
            VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
            List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
            if (attachmentVpcIds.size() != 1) {
                throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
            }
            String vpcId = attachmentVpcIds.get(0);
            // iBGP connection to VPC
            Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
            Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
            Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
            BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
            proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
            vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
            vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vgwToVpcBgpNeighbor.setSendCommunity(true);
            // iBGP connection from VPC
            BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
            BgpProcess vpcProc = new BgpProcess();
            vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
            vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
            vpcProc.setRouterId(vpcIfaceAddress);
            vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
            vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
            vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vpcToVgwBgpNeighbor.setSendCommunity(true);
            String rpRejectAllName = "~REJECT_ALL~";
            String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
            If acceptIffEbgp = new If();
            acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
            acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
            RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
            vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
            vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
            RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
            vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
            String rpAcceptAllName = "~ACCEPT_ALL~";
            RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
            vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
            RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
            vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
            Vpc vpc = region.getVpcs().get(vpcId);
            String originationPolicyName = vpnId + "_origination";
            RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
            cgBgpNeighbor.setExportPolicy(originationPolicyName);
            If originationIf = new If();
            List<Statement> statements = originationRoutingPolicy.getStatements();
            statements.add(originationIf);
            statements.add(Statements.ExitReject.toStaticStatement());
            originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
            originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
            RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
            vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
            vpc.getCidrBlockAssociations().forEach(prefix -> {
                RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
                originationRouteFilter.addLine(matchOutgoingPrefix);
            });
            Conjunction conj = new Conjunction();
            originationIf.setGuard(conj);
            conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
            conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
        }
        // static routes (if configured)
        for (Prefix staticRoutePrefix : _routes) {
            StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
            vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
        }
    }
}

Example 5 with RouteFilterLine

use of org.batfish.datamodel.RouteFilterLine in project batfish by batfish.

the class VyosConfiguration method toRouteFilterList.

private RouteFilterList toRouteFilterList(PrefixList prefixList) {
    String name = prefixList.getName();
    RouteFilterList newList = new RouteFilterList(name);
    List<RouteFilterLine> newLines = prefixList.getRules().values().stream().map(l -> new RouteFilterLine(l.getAction(), l.getPrefix(), l.getLengthRange())).collect(ImmutableList.toImmutableList());
    newList.setLines(newLines);
    return newList;
}