Example 1 with StaticRoute
use of org.batfish.datamodel.StaticRoute in project batfish by batfish.
the class Subnet method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_subnetId, "aws");
// add one interface that faces the instances
String instancesIfaceName = _subnetId;
Ip instancesIfaceIp = computeInstancesIfaceIp();
InterfaceAddress instancesIfaceAddress = new InterfaceAddress(instancesIfaceIp, _cidrBlock.getPrefixLength());
Utils.newInterface(instancesIfaceName, cfgNode, instancesIfaceAddress);
// generate a prefix for the link between the VPC router and the subnet
Pair<InterfaceAddress, InterfaceAddress> vpcSubnetLinkPrefix = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress subnetIfaceAddress = vpcSubnetLinkPrefix.getFirst();
InterfaceAddress vpcIfaceAddress = vpcSubnetLinkPrefix.getSecond();
// add an interface that faces the VPC router
String subnetIfaceName = _vpcId;
Interface subnetToVpc = Utils.newInterface(subnetIfaceName, cfgNode, subnetIfaceAddress);
// add a corresponding interface on the VPC router facing the subnet
Configuration vpcConfigNode = awsConfiguration.getConfigurationNodes().get(_vpcId);
String vpcIfaceName = _subnetId;
Utils.newInterface(vpcIfaceName, vpcConfigNode, vpcIfaceAddress);
// add a static route on the vpc router for this subnet
StaticRoute.Builder sb = StaticRoute.builder().setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST);
StaticRoute vpcToSubnetRoute = sb.setNetwork(_cidrBlock).setNextHopIp(subnetIfaceAddress.getIp()).build();
vpcConfigNode.getDefaultVrf().getStaticRoutes().add(vpcToSubnetRoute);
// Install a default static route towards the VPC router.
StaticRoute defaultRoute = sb.setNetwork(Prefix.ZERO).setNextHopIp(vpcIfaceAddress.getIp()).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(defaultRoute);
NetworkAcl myNetworkAcl = findMyNetworkAcl(region.getNetworkAcls());
IpAccessList inAcl = myNetworkAcl.getIngressAcl();
IpAccessList outAcl = myNetworkAcl.getEgressAcl();
cfgNode.getIpAccessLists().put(inAcl.getName(), inAcl);
cfgNode.getIpAccessLists().put(outAcl.getName(), outAcl);
subnetToVpc.setIncomingFilter(inAcl);
subnetToVpc.setOutgoingFilter(outAcl);
cfgNode.getVendorFamily().getAws().setVpcId(_vpcId);
cfgNode.getVendorFamily().getAws().setSubnetId(_subnetId);
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
return cfgNode;
}
Also used :
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Ip(org.batfish.datamodel.Ip)
IpAccessList(org.batfish.datamodel.IpAccessList)
Interface(org.batfish.datamodel.Interface)
Example 2 with StaticRoute
use of org.batfish.datamodel.StaticRoute in project batfish by batfish.
the class VpnConnection method applyToVpnGateway.
public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
return;
}
Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
for (int i = 0; i < _ipsecTunnels.size(); i++) {
int idNum = i + 1;
String vpnId = _vpnConnectionId + "-" + idNum;
IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
}
// create representation structures and add to configuration node
IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
ipsecVpn.setIpsecPolicy(ipsecPolicy);
IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
IkeGateway ikeGateway = new IkeGateway(vpnId);
vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
ipsecVpn.setIkeGateway(ikeGateway);
IkePolicy ikePolicy = new IkePolicy(vpnId);
vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
ikeGateway.setIkePolicy(ikePolicy);
IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
ikePolicy.getProposals().put(vpnId, ikeProposal);
String externalInterfaceName = "external" + idNum;
InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
String vpnInterfaceName = "vpn" + idNum;
InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
// Set fields within representation structures
// ipsec
ipsecVpn.setBindInterface(vpnInterface);
ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
// ike
ikeGateway.setExternalInterface(externalInterface);
ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
}
ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
// bgp (if configured)
if (ipsecTunnel.getVgwBgpAsn() != -1) {
BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
if (proc == null) {
proc = new BgpProcess();
proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
}
BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
cgBgpNeighbor.setSendCommunity(false);
VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
if (attachmentVpcIds.size() != 1) {
throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
}
String vpcId = attachmentVpcIds.get(0);
// iBGP connection to VPC
Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vgwToVpcBgpNeighbor.setSendCommunity(true);
// iBGP connection from VPC
BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
BgpProcess vpcProc = new BgpProcess();
vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpcProc.setRouterId(vpcIfaceAddress);
vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vpcToVgwBgpNeighbor.setSendCommunity(true);
String rpRejectAllName = "~REJECT_ALL~";
String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
If acceptIffEbgp = new If();
acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
String rpAcceptAllName = "~ACCEPT_ALL~";
RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
Vpc vpc = region.getVpcs().get(vpcId);
String originationPolicyName = vpnId + "_origination";
RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
cgBgpNeighbor.setExportPolicy(originationPolicyName);
If originationIf = new If();
List<Statement> statements = originationRoutingPolicy.getStatements();
statements.add(originationIf);
statements.add(Statements.ExitReject.toStaticStatement());
originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
vpc.getCidrBlockAssociations().forEach(prefix -> {
RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
originationRouteFilter.addLine(matchOutgoingPrefix);
});
Conjunction conj = new Conjunction();
originationIf.setGuard(conj);
conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
}
// static routes (if configured)
for (Prefix staticRoutePrefix : _routes) {
StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
}
}
}
Also used :
IpsecVpn(org.batfish.datamodel.IpsecVpn)
Configuration(org.batfish.datamodel.Configuration)
BgpProcess(org.batfish.datamodel.BgpProcess)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)
Ip(org.batfish.datamodel.Ip)
Prefix(org.batfish.datamodel.Prefix)
SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction)
SubRange(org.batfish.datamodel.SubRange)
SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop)
RouteFilterLine(org.batfish.datamodel.RouteFilterLine)
IkeProposal(org.batfish.datamodel.IkeProposal)
BatfishException(org.batfish.common.BatfishException)
StaticRoute(org.batfish.datamodel.StaticRoute)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Statement(org.batfish.datamodel.routing_policy.statement.Statement)
MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)
DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork)
IpsecPolicy(org.batfish.datamodel.IpsecPolicy)
IkeGateway(org.batfish.datamodel.IkeGateway)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
IkePolicy(org.batfish.datamodel.IkePolicy)
If(org.batfish.datamodel.routing_policy.statement.If)
Interface(org.batfish.datamodel.Interface)
Example 3 with StaticRoute
use of org.batfish.datamodel.StaticRoute in project batfish by batfish.
the class VpnGateway method toConfigurationNode.
public Configuration toConfigurationNode(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
Configuration cfgNode = Utils.newAwsConfiguration(_vpnGatewayId, "aws");
cfgNode.getVendorFamily().getAws().setRegion(region.getName());
for (String vpcId : _attachmentVpcIds) {
String vgwIfaceName = vpcId;
Pair<InterfaceAddress, InterfaceAddress> vpcLink = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress vgwIfaceAddress = vpcLink.getFirst();
Utils.newInterface(vgwIfaceName, cfgNode, vgwIfaceAddress);
// add the interface to the vpc router
Configuration vpcConfigNode = awsConfiguration.getConfigurationNodes().get(vpcId);
String vpcIfaceName = _vpnGatewayId;
Interface vpcIface = new Interface(vpcIfaceName, vpcConfigNode);
InterfaceAddress vpcIfaceAddress = vpcLink.getSecond();
vpcIface.setAddress(vpcIfaceAddress);
Utils.newInterface(vpcIfaceName, vpcConfigNode, vpcIfaceAddress);
// associate this gateway with the vpc
region.getVpcs().get(vpcId).setVpnGatewayId(_vpnGatewayId);
// add a route on the gateway to the vpc
Vpc vpc = region.getVpcs().get(vpcId);
vpc.getCidrBlockAssociations().forEach(prefix -> {
StaticRoute vgwVpcRoute = StaticRoute.builder().setNetwork(prefix).setNextHopIp(vpcIfaceAddress.getIp()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
cfgNode.getDefaultVrf().getStaticRoutes().add(vgwVpcRoute);
});
}
return cfgNode;
}
Also used :
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Interface(org.batfish.datamodel.Interface)
Example 4 with StaticRoute
use of org.batfish.datamodel.StaticRoute in project batfish by batfish.
the class Route method toStaticRoute.
@Nullable
public StaticRoute toStaticRoute(AwsConfiguration awsConfiguration, Region region, Ip vpcAddress, @Nullable Ip igwAddress, @Nullable Ip vgwAddress, Subnet subnet, Configuration subnetCfgNode, Warnings warnings) {
// setting the common properties
StaticRoute.Builder srBuilder = StaticRoute.builder().setNetwork(_destinationCidrBlock).setAdministrativeCost(DEFAULT_STATIC_ROUTE_ADMIN).setMetric(DEFAULT_STATIC_ROUTE_COST);
if (_state == State.BLACKHOLE) {
srBuilder.setNextHopInterface(Interface.NULL_INTERFACE_NAME);
} else {
switch(_targetType) {
case Gateway:
if (_target.equals("local")) {
// send to the vpc router
srBuilder.setNextHopIp(vpcAddress);
} else {
// exception
if (_target.equals(subnet.getInternetGatewayId())) {
srBuilder.setNextHopIp(igwAddress);
} else if (_target.equals(subnet.getVpnGatewayId())) {
srBuilder.setNextHopIp(vgwAddress);
} else {
throw new BatfishException("Internet gateway \"" + _target + "\" specified in this route not accessible from this subnet");
}
}
break;
case NatGateway:
// TODO: it is NOT clear that this is the right thing to do
// for NATs with multiple interfaces, we should probably match on private IPs?
srBuilder.setNextHopIp(region.getNatGateways().get(_target).getNatGatewayAddresses().get(0)._privateIp);
break;
case NetworkInterface:
NetworkInterface networkInterface = region.getNetworkInterfaces().get(_target);
String networkInterfaceSubnetId = networkInterface.getSubnetId();
if (networkInterfaceSubnetId.equals(subnet.getId())) {
Set<Ip> networkInterfaceIps = new TreeSet<>();
networkInterfaceIps.addAll(networkInterface.getIpAddressAssociations().keySet());
Ip lowestIp = networkInterfaceIps.toArray(new Ip[] {})[0];
if (!subnet.getCidrBlock().containsIp(lowestIp)) {
throw new BatfishException("Ip of network interface specified in static route not in containing subnet");
}
srBuilder.setNextHopIp(lowestIp);
} else {
String networkInterfaceVpcId = region.getSubnets().get(networkInterfaceSubnetId).getVpcId();
String vpcId = subnet.getVpcId();
if (!vpcId.equals(networkInterfaceVpcId)) {
throw new BatfishException("Cannot peer with interface on different VPC");
}
// need to create a link between subnet on which route is created
// and instance containing network interface
String subnetIfaceName = _target;
Pair<InterfaceAddress, InterfaceAddress> instanceLink = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress subnetIfaceAddress = instanceLink.getFirst();
Utils.newInterface(subnetIfaceName, subnetCfgNode, subnetIfaceAddress);
// set up instance interface
String instanceId = networkInterface.getAttachmentInstanceId();
String instanceIfaceName = subnet.getId();
Configuration instanceCfgNode = awsConfiguration.getConfigurationNodes().get(instanceId);
InterfaceAddress instanceIfaceAddress = instanceLink.getSecond();
Interface instanceIface = Utils.newInterface(instanceIfaceName, instanceCfgNode, instanceIfaceAddress);
instanceIface.setIncomingFilter(instanceCfgNode.getIpAccessLists().getOrDefault(Region.SG_INGRESS_ACL_NAME, new IpAccessList(Region.SG_INGRESS_ACL_NAME, new LinkedList<>())));
instanceIface.setOutgoingFilter(instanceCfgNode.getIpAccessLists().getOrDefault(Region.SG_EGRESS_ACL_NAME, new IpAccessList(Region.SG_EGRESS_ACL_NAME, new LinkedList<>())));
Ip nextHopIp = instanceIfaceAddress.getIp();
srBuilder.setNextHopIp(nextHopIp);
}
break;
case VpcPeeringConnection:
// create route for vpc peering connection
String vpcPeeringConnectionid = _target;
VpcPeeringConnection vpcPeeringConnection = region.getVpcPeeringConnections().get(vpcPeeringConnectionid);
String localVpcId = subnet.getVpcId();
String accepterVpcId = vpcPeeringConnection.getAccepterVpcId();
String requesterVpcId = vpcPeeringConnection.getRequesterVpcId();
String remoteVpcId = localVpcId.equals(accepterVpcId) ? requesterVpcId : accepterVpcId;
Configuration remoteVpcCfgNode = awsConfiguration.getConfigurationNodes().get(remoteVpcId);
if (remoteVpcCfgNode == null) {
warnings.redFlag("VPC \"" + localVpcId + "\" cannot peer with non-existent VPC: \"" + remoteVpcId + "\"");
return null;
}
// set up subnet interface if necessary
String subnetIfaceName = remoteVpcId;
String remoteVpcIfaceName = subnet.getId();
Ip remoteVpcIfaceIp;
if (!subnetCfgNode.getDefaultVrf().getInterfaces().containsKey(subnetIfaceName)) {
// create prefix on which subnet and remote vpc router will
// connect
Pair<InterfaceAddress, InterfaceAddress> peeringLink = awsConfiguration.getNextGeneratedLinkSubnet();
InterfaceAddress subnetIfaceAddress = peeringLink.getFirst();
Utils.newInterface(subnetIfaceName, subnetCfgNode, subnetIfaceAddress);
// set up remote vpc router interface
InterfaceAddress remoteVpcIfaceAddress = peeringLink.getSecond();
Interface remoteVpcIface = new Interface(remoteVpcIfaceName, remoteVpcCfgNode);
remoteVpcCfgNode.getInterfaces().put(remoteVpcIfaceName, remoteVpcIface);
remoteVpcCfgNode.getDefaultVrf().getInterfaces().put(remoteVpcIfaceName, remoteVpcIface);
remoteVpcIface.setAddress(remoteVpcIfaceAddress);
remoteVpcIface.getAllAddresses().add(remoteVpcIfaceAddress);
}
// interface pair exists now, so just retrieve existing information
remoteVpcIfaceIp = remoteVpcCfgNode.getDefaultVrf().getInterfaces().get(remoteVpcIfaceName).getAddress().getIp();
// initialize static route on new link
srBuilder.setNextHopIp(remoteVpcIfaceIp);
break;
case Instance:
// TODO: create route for instance
warnings.redFlag("Skipping creating route to " + _destinationCidrBlock + " for instance: \"" + _target + "\"");
return null;
default:
throw new BatfishException("Unsupported target type: " + _targetType);
}
}
return srBuilder.build();
}
Also used :
BatfishException(org.batfish.common.BatfishException)
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Ip(org.batfish.datamodel.Ip)
TreeSet(java.util.TreeSet)
IpAccessList(org.batfish.datamodel.IpAccessList)
Interface(org.batfish.datamodel.Interface)
Nullable(javax.annotation.Nullable)
Example 5 with StaticRoute
use of org.batfish.datamodel.StaticRoute in project batfish by batfish.
the class HostConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
if (_underlayConfiguration != null) {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(_underlayConfiguration.canonicalizeInterfaceName(name)));
} else {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(name));
}
String hostname = getHostname();
_c = new Configuration(hostname, ConfigurationFormat.HOST);
_c.setDefaultCrossZoneAction(LineAction.ACCEPT);
_c.setDefaultInboundAction(LineAction.ACCEPT);
_c.setRoles(_roles);
_c.getVrfs().put(Configuration.DEFAULT_VRF_NAME, new Vrf(Configuration.DEFAULT_VRF_NAME));
// add interfaces
_hostInterfaces.values().forEach(hostInterface -> {
String canonicalName = hostInterface.getCanonicalName();
Interface newIface = hostInterface.toInterface(_c, _w);
_c.getInterfaces().put(canonicalName, newIface);
_c.getDefaultVrf().getInterfaces().put(canonicalName, newIface);
});
// add iptables
if (_iptablesVendorConfig != null) {
_iptablesVendorConfig.addAsIpAccessLists(_c, this, _w);
}
// apply acls to interfaces
if (simple()) {
for (Interface iface : _c.getDefaultVrf().getInterfaces().values()) {
iface.setIncomingFilter(_c.getIpAccessLists().get(FILTER_INPUT));
iface.setOutgoingFilter(_c.getIpAccessLists().get(FILTER_OUTPUT));
}
} else {
_w.unimplemented("Do not support complicated iptables rules yet");
}
_c.getDefaultVrf().getStaticRoutes().addAll(_staticRoutes.stream().map(hsr -> hsr.toStaticRoute()).collect(Collectors.toSet()));
Set<StaticRoute> staticRoutes = _c.getDefaultVrf().getStaticRoutes();
for (HostInterface iface : _hostInterfaces.values()) {
Ip gateway = iface.getGateway();
if (gateway != null) {
staticRoutes.add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopIp(gateway).setNextHopInterface(iface.getName()).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
break;
}
}
if (_staticRoutes.isEmpty() && staticRoutes.isEmpty() && !_c.getInterfaces().isEmpty()) {
String ifaceName = _c.getInterfaces().values().iterator().next().getName();
_c.getDefaultVrf().getStaticRoutes().add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopInterface(ifaceName).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
}
return _c;
}
Also used :
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
IptablesVendorConfiguration(org.batfish.representation.iptables.IptablesVendorConfiguration)
VendorConfiguration(org.batfish.vendor.VendorConfiguration)
Ip(org.batfish.datamodel.Ip)
Vrf(org.batfish.datamodel.Vrf)
Interface(org.batfish.datamodel.Interface)
Aggregations
StaticRoute (org.batfish.datamodel.StaticRoute)31
Configuration (org.batfish.datamodel.Configuration)17
Interface (org.batfish.datamodel.Interface)14
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)13
Ip (org.batfish.datamodel.Ip)12
Test (org.junit.Test)10
Prefix (org.batfish.datamodel.Prefix)9
ArrayList (java.util.ArrayList)4
RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)4
List (java.util.List)3
TreeSet (java.util.TreeSet)3
BatfishException (org.batfish.common.BatfishException)3
IpAccessList (org.batfish.datamodel.IpAccessList)3
NetworkFactory (org.batfish.datamodel.NetworkFactory)3
Vrf (org.batfish.datamodel.Vrf)3
BoolExpr (com.microsoft.z3.BoolExpr)2
TreeMap (java.util.TreeMap)2
BgpNeighbor (org.batfish.datamodel.BgpNeighbor)2
CommunityList (org.batfish.datamodel.CommunityList)2
Conjunction (org.batfish.datamodel.routing_policy.expr.Conjunction)2
