Example 1 with Vrf
use of org.batfish.datamodel.Vrf in project batfish by batfish.
the class CommonUtil method initRemoteBgpNeighbors.
/**
* Initialize BGP neighbors for all nodes.
*
* @param configurations map of all configurations, keyed by hostname
* @param ipOwners mapping of Ips to a set of nodes (hostnames) that owns those IPs
* @param checkReachability whether bgp neighbor reachability should be checked
* @param flowProcessor dataplane plugin to use to check reachability. Must not be {@code null} if
* {@code checkReachability = true}
* @param dp dataplane to use to check reachability. Must not be {@code null} if {@code
* checkReachability = true}
*/
public static void initRemoteBgpNeighbors(Map<String, Configuration> configurations, Map<Ip, Set<String>> ipOwners, boolean checkReachability, @Nullable FlowProcessor flowProcessor, @Nullable DataPlane dp) {
// TODO: handle duplicate ips on different vrfs
Map<BgpNeighbor, Ip> remoteAddresses = new IdentityHashMap<>();
Map<Ip, Set<BgpNeighbor>> localAddresses = new HashMap<>();
/*
* Construct maps indicating which neighbor owns which Ip Address
*/
for (Configuration node : configurations.values()) {
String hostname = node.getHostname();
for (Vrf vrf : node.getVrfs().values()) {
BgpProcess proc = vrf.getBgpProcess();
if (proc == null) {
// nothing to do if no bgp process on this VRF
continue;
}
for (BgpNeighbor bgpNeighbor : proc.getNeighbors().values()) {
/*
* Begin by initializing candidate neighbors to an empty set
*/
bgpNeighbor.initCandidateRemoteBgpNeighbors();
// Skip things we don't handle
if (bgpNeighbor.getPrefix().getPrefixLength() < Prefix.MAX_PREFIX_LENGTH) {
throw new BatfishException(hostname + ": Do not support dynamic bgp sessions at this time: " + bgpNeighbor.getPrefix());
}
Ip remoteAddress = bgpNeighbor.getAddress();
if (remoteAddress == null) {
throw new BatfishException(hostname + ": Could not determine remote address of bgp neighbor: " + bgpNeighbor);
}
Ip localAddress = bgpNeighbor.getLocalIp();
if (localAddress == null || !ipOwners.containsKey(localAddress) || !ipOwners.get(localAddress).contains(hostname)) {
// Local address is not owned by anybody
continue;
}
remoteAddresses.put(bgpNeighbor, remoteAddress);
// Add this neighbor as owner of its local address
localAddresses.computeIfAbsent(localAddress, k -> Collections.newSetFromMap(new IdentityHashMap<>())).add(bgpNeighbor);
}
}
}
/*
* For each neighbor, construct the set of candidate neighbors, then filter out impossible
* sessions.
*/
for (Entry<BgpNeighbor, Ip> e : remoteAddresses.entrySet()) {
BgpNeighbor bgpNeighbor = e.getKey();
Ip remoteAddress = e.getValue();
Ip localAddress = bgpNeighbor.getLocalIp();
int localLocalAs = bgpNeighbor.getLocalAs();
int localRemoteAs = bgpNeighbor.getRemoteAs();
/*
* Let the set of candidate neighbors be set of neighbors that own the remoteAddress
*/
Set<BgpNeighbor> remoteBgpNeighborCandidates = localAddresses.get(remoteAddress);
if (remoteBgpNeighborCandidates == null) {
// No possible remote neighbors
continue;
}
/*
* Filter the set of candidate neighbors based on these checks:
* - Remote neighbor's remote address is the same as our local address
* - Remote neighbor's remote AS is the same as our local AS (and vice-versa)
*/
for (BgpNeighbor remoteBgpNeighborCandidate : remoteBgpNeighborCandidates) {
int remoteLocalAs = remoteBgpNeighborCandidate.getLocalAs();
int remoteRemoteAs = remoteBgpNeighborCandidate.getRemoteAs();
Ip reciprocalRemoteIp = remoteBgpNeighborCandidate.getAddress();
if (localAddress.equals(reciprocalRemoteIp) && localLocalAs == remoteRemoteAs && localRemoteAs == remoteLocalAs) {
/*
* Fairly confident establishing the session is possible here, but still check
* reachability if needed.
* We should check reachability only for eBgp multihop or iBgp
*/
if (checkReachability && (bgpNeighbor.getEbgpMultihop() || localLocalAs == remoteLocalAs)) {
/*
* Ensure that the session can be established by running traceroute in both directions
*/
if (flowProcessor == null || dp == null) {
throw new BatfishException("Cannot compute neighbor reachability without a dataplane");
}
Flow.Builder fb = new Flow.Builder();
fb.setIpProtocol(IpProtocol.TCP);
fb.setTag("neighbor-resolution");
fb.setIngressNode(bgpNeighbor.getOwner().getHostname());
fb.setSrcIp(localAddress);
fb.setDstIp(remoteAddress);
fb.setSrcPort(NamedPort.EPHEMERAL_LOWEST.number());
fb.setDstPort(NamedPort.BGP.number());
Flow forwardFlow = fb.build();
fb.setIngressNode(remoteBgpNeighborCandidate.getOwner().getHostname());
fb.setSrcIp(forwardFlow.getDstIp());
fb.setDstIp(forwardFlow.getSrcIp());
fb.setSrcPort(forwardFlow.getDstPort());
fb.setDstPort(forwardFlow.getSrcPort());
Flow backwardFlow = fb.build();
SortedMap<Flow, Set<FlowTrace>> traces = flowProcessor.processFlows(dp, ImmutableSet.of(forwardFlow, backwardFlow));
if (traces.values().stream().map(fts -> fts.stream().allMatch(ft -> ft.getDisposition() != FlowDisposition.ACCEPTED)).anyMatch(Predicate.isEqual(true))) {
/*
* If either flow has all traceroutes fail, do not consider the neighbor valid
*/
continue;
}
bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
} else {
bgpNeighbor.getCandidateRemoteBgpNeighbors().add(remoteBgpNeighborCandidate);
}
}
}
Set<BgpNeighbor> finalCandidates = bgpNeighbor.getCandidateRemoteBgpNeighbors();
if (finalCandidates.size() > 1) {
/* If we still have not narrowed it down to a single neighbor,
* pick based on sorted hostnames
*/
SortedMap<String, BgpNeighbor> hostnameToNeighbor = finalCandidates.stream().collect(ImmutableSortedMap.toImmutableSortedMap(String::compareTo, k -> k.getOwner().getHostname(), Function.identity()));
bgpNeighbor.setRemoteBgpNeighbor(hostnameToNeighbor.get(hostnameToNeighbor.firstKey()));
} else if (finalCandidates.size() == 1) {
bgpNeighbor.setRemoteBgpNeighbor(finalCandidates.iterator().next());
} else {
bgpNeighbor.setRemoteBgpNeighbor(null);
}
}
}
Also used :
SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator)
SSLContext(javax.net.ssl.SSLContext)
FileTime(java.nio.file.attribute.FileTime)
StringUtils(org.apache.commons.lang3.StringUtils)
Configurations(org.apache.commons.configuration2.builder.fluent.Configurations)
Interface(org.batfish.datamodel.Interface)
DirectoryStream(java.nio.file.DirectoryStream)
BfConsts(org.batfish.common.BfConsts)
Flow(org.batfish.datamodel.Flow)
Topology(org.batfish.datamodel.Topology)
Map(java.util.Map)
ResourceConfig(org.glassfish.jersey.server.ResourceConfig)
Pair(org.batfish.common.Pair)
Path(java.nio.file.Path)
DataPlane(org.batfish.datamodel.DataPlane)
VrrpGroup(org.batfish.datamodel.VrrpGroup)
ClientTracingFeature(io.opentracing.contrib.jaxrs2.client.ClientTracingFeature)
Set(java.util.Set)
FileAttribute(java.nio.file.attribute.FileAttribute)
StandardCharsets(java.nio.charset.StandardCharsets)
DirectoryIteratorException(java.nio.file.DirectoryIteratorException)
IOUtils(org.apache.commons.io.IOUtils)
Stream(java.util.stream.Stream)
Supplier(java.util.function.Supplier)
TreeSet(java.util.TreeSet)
JSONAssert(org.skyscreamer.jsonassert.JSONAssert)
MustBeClosed(com.google.errorprone.annotations.MustBeClosed)
SSLSession(javax.net.ssl.SSLSession)
FlowProcessor(org.batfish.common.plugin.FlowProcessor)
BiConsumer(java.util.function.BiConsumer)
SSLContextConfigurator(org.glassfish.grizzly.ssl.SSLContextConfigurator)
ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap)
Nullable(javax.annotation.Nullable)
Files(java.nio.file.Files)
Route(org.batfish.datamodel.Route)
FileOutputStream(java.io.FileOutputStream)
IOException(java.io.IOException)
FileUtils(org.apache.commons.io.FileUtils)
KeyManager(javax.net.ssl.KeyManager)
TreeMap(java.util.TreeMap)
Paths(java.nio.file.Paths)
X509TrustManager(javax.net.ssl.X509TrustManager)
BufferedReader(java.io.BufferedReader)
X509Certificate(java.security.cert.X509Certificate)
IpsecVpn(org.batfish.datamodel.IpsecVpn)
NoSuchFileException(java.nio.file.NoSuchFileException)
IpProtocol(org.batfish.datamodel.IpProtocol)
SortedSet(java.util.SortedSet)
URL(java.net.URL)
TrustManager(javax.net.ssl.TrustManager)
FlowTrace(org.batfish.datamodel.FlowTrace)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
OspfNeighbor(org.batfish.datamodel.OspfNeighbor)
Edge(org.batfish.datamodel.Edge)
IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)
OspfProcess(org.batfish.datamodel.OspfProcess)
URI(java.net.URI)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
NamedPort(org.batfish.datamodel.NamedPort)
Vrf(org.batfish.datamodel.Vrf)
OspfArea(org.batfish.datamodel.OspfArea)
ImmutableSetMultimap(com.google.common.collect.ImmutableSetMultimap)
ImmutableSet(com.google.common.collect.ImmutableSet)
IdentityHashMap(java.util.IdentityHashMap)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
ImmutableMap(com.google.common.collect.ImmutableMap)
Predicate(java.util.function.Predicate)
Collection(java.util.Collection)
FlowDisposition(org.batfish.datamodel.FlowDisposition)
KeyStore(java.security.KeyStore)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
FileNotFoundException(java.io.FileNotFoundException)
List(java.util.List)
Entry(java.util.Map.Entry)
Pattern(java.util.regex.Pattern)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
SortedMap(java.util.SortedMap)
IpWildcard(org.batfish.datamodel.IpWildcard)
Ip(org.batfish.datamodel.Ip)
NodeInterfacePair(org.batfish.datamodel.collections.NodeInterfacePair)
Hashing(com.google.common.hash.Hashing)
HashMap(java.util.HashMap)
BatfishException(org.batfish.common.BatfishException)
BgpProcess(org.batfish.datamodel.BgpProcess)
Function(java.util.function.Function)
HashSet(java.util.HashSet)
ClientBuilder(javax.ws.rs.client.ClientBuilder)
Configuration(org.batfish.datamodel.Configuration)
OutputStreamWriter(java.io.OutputStreamWriter)
OutputStream(java.io.OutputStream)
IpLink(org.batfish.datamodel.IpLink)
Iterator(java.util.Iterator)
MalformedURLException(java.net.MalformedURLException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
GlobalTracer(io.opentracing.util.GlobalTracer)
FileInputStream(java.io.FileInputStream)
SetMultimap(com.google.common.collect.SetMultimap)
Consumer(java.util.function.Consumer)
GrizzlyHttpServerFactory(org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
Prefix(org.batfish.datamodel.Prefix)
BatfishException(org.batfish.common.BatfishException)
Set(java.util.Set)
TreeSet(java.util.TreeSet)
SortedSet(java.util.SortedSet)
ImmutableSet(com.google.common.collect.ImmutableSet)
HashSet(java.util.HashSet)
Configuration(org.batfish.datamodel.Configuration)
IdentityHashMap(java.util.IdentityHashMap)
HashMap(java.util.HashMap)
BgpProcess(org.batfish.datamodel.BgpProcess)
Ip(org.batfish.datamodel.Ip)
IdentityHashMap(java.util.IdentityHashMap)
ClientBuilder(javax.ws.rs.client.ClientBuilder)
Vrf(org.batfish.datamodel.Vrf)
Flow(org.batfish.datamodel.Flow)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
Example 2 with Vrf
use of org.batfish.datamodel.Vrf in project batfish by batfish.
the class Batfish method initBgpAdvertisements.
@Override
public void initBgpAdvertisements(Map<String, Configuration> configurations) {
Set<BgpAdvertisement> globalBgpAdvertisements = getDataPlanePlugin().getAdvertisements();
for (Configuration node : configurations.values()) {
node.initBgpAdvertisements();
for (Vrf vrf : node.getVrfs().values()) {
vrf.initBgpAdvertisements();
}
}
for (BgpAdvertisement bgpAdvertisement : globalBgpAdvertisements) {
BgpAdvertisementType type = bgpAdvertisement.getType();
String srcVrf = bgpAdvertisement.getSrcVrf();
String dstVrf = bgpAdvertisement.getDstVrf();
switch(type) {
case EBGP_ORIGINATED:
{
String originationNodeName = bgpAdvertisement.getSrcNode();
Configuration originationNode = configurations.get(originationNodeName);
if (originationNode != null) {
originationNode.getBgpAdvertisements().add(bgpAdvertisement);
originationNode.getOriginatedAdvertisements().add(bgpAdvertisement);
originationNode.getOriginatedEbgpAdvertisements().add(bgpAdvertisement);
Vrf originationVrf = originationNode.getVrfs().get(srcVrf);
originationVrf.getBgpAdvertisements().add(bgpAdvertisement);
originationVrf.getOriginatedAdvertisements().add(bgpAdvertisement);
originationVrf.getOriginatedEbgpAdvertisements().add(bgpAdvertisement);
} else {
throw new BatfishException("Originated bgp advertisement refers to missing node: \"" + originationNodeName + "\"");
}
break;
}
case IBGP_ORIGINATED:
{
String originationNodeName = bgpAdvertisement.getSrcNode();
Configuration originationNode = configurations.get(originationNodeName);
if (originationNode != null) {
originationNode.getBgpAdvertisements().add(bgpAdvertisement);
originationNode.getOriginatedAdvertisements().add(bgpAdvertisement);
originationNode.getOriginatedIbgpAdvertisements().add(bgpAdvertisement);
Vrf originationVrf = originationNode.getVrfs().get(srcVrf);
originationVrf.getBgpAdvertisements().add(bgpAdvertisement);
originationVrf.getOriginatedAdvertisements().add(bgpAdvertisement);
originationVrf.getOriginatedIbgpAdvertisements().add(bgpAdvertisement);
} else {
throw new BatfishException("Originated bgp advertisement refers to missing node: \"" + originationNodeName + "\"");
}
break;
}
case EBGP_RECEIVED:
{
String recevingNodeName = bgpAdvertisement.getDstNode();
Configuration receivingNode = configurations.get(recevingNodeName);
if (receivingNode != null) {
receivingNode.getBgpAdvertisements().add(bgpAdvertisement);
receivingNode.getReceivedAdvertisements().add(bgpAdvertisement);
receivingNode.getReceivedEbgpAdvertisements().add(bgpAdvertisement);
Vrf receivingVrf = receivingNode.getVrfs().get(dstVrf);
receivingVrf.getBgpAdvertisements().add(bgpAdvertisement);
receivingVrf.getReceivedAdvertisements().add(bgpAdvertisement);
receivingVrf.getReceivedEbgpAdvertisements().add(bgpAdvertisement);
}
break;
}
case IBGP_RECEIVED:
{
String recevingNodeName = bgpAdvertisement.getDstNode();
Configuration receivingNode = configurations.get(recevingNodeName);
if (receivingNode != null) {
receivingNode.getBgpAdvertisements().add(bgpAdvertisement);
receivingNode.getReceivedAdvertisements().add(bgpAdvertisement);
receivingNode.getReceivedIbgpAdvertisements().add(bgpAdvertisement);
Vrf receivingVrf = receivingNode.getVrfs().get(dstVrf);
receivingVrf.getBgpAdvertisements().add(bgpAdvertisement);
receivingVrf.getReceivedAdvertisements().add(bgpAdvertisement);
receivingVrf.getReceivedIbgpAdvertisements().add(bgpAdvertisement);
}
break;
}
case EBGP_SENT:
{
String sendingNodeName = bgpAdvertisement.getSrcNode();
Configuration sendingNode = configurations.get(sendingNodeName);
if (sendingNode != null) {
sendingNode.getBgpAdvertisements().add(bgpAdvertisement);
sendingNode.getSentAdvertisements().add(bgpAdvertisement);
sendingNode.getSentEbgpAdvertisements().add(bgpAdvertisement);
Vrf sendingVrf = sendingNode.getVrfs().get(srcVrf);
sendingVrf.getBgpAdvertisements().add(bgpAdvertisement);
sendingVrf.getSentAdvertisements().add(bgpAdvertisement);
sendingVrf.getSentEbgpAdvertisements().add(bgpAdvertisement);
}
break;
}
case IBGP_SENT:
{
String sendingNodeName = bgpAdvertisement.getSrcNode();
Configuration sendingNode = configurations.get(sendingNodeName);
if (sendingNode != null) {
sendingNode.getBgpAdvertisements().add(bgpAdvertisement);
sendingNode.getSentAdvertisements().add(bgpAdvertisement);
sendingNode.getSentIbgpAdvertisements().add(bgpAdvertisement);
Vrf sendingVrf = sendingNode.getVrfs().get(srcVrf);
sendingVrf.getBgpAdvertisements().add(bgpAdvertisement);
sendingVrf.getSentAdvertisements().add(bgpAdvertisement);
sendingVrf.getSentIbgpAdvertisements().add(bgpAdvertisement);
}
break;
}
default:
throw new BatfishException("Invalid bgp advertisement type");
}
}
}
Also used :
CleanBatfishException(org.batfish.common.CleanBatfishException)
BatfishException(org.batfish.common.BatfishException)
BgpAdvertisement(org.batfish.datamodel.BgpAdvertisement)
HostConfiguration(org.batfish.representation.host.HostConfiguration)
Configuration(org.batfish.datamodel.Configuration)
ImmutableConfiguration(org.apache.commons.configuration2.ImmutableConfiguration)
AwsConfiguration(org.batfish.representation.aws.AwsConfiguration)
IptablesVendorConfiguration(org.batfish.representation.iptables.IptablesVendorConfiguration)
VendorConfiguration(org.batfish.vendor.VendorConfiguration)
BgpAdvertisementType(org.batfish.datamodel.BgpAdvertisement.BgpAdvertisementType)
RoutesByVrf(org.batfish.datamodel.collections.RoutesByVrf)
Vrf(org.batfish.datamodel.Vrf)
BgpAdvertisementsByVrf(org.batfish.datamodel.collections.BgpAdvertisementsByVrf)
Example 3 with Vrf
use of org.batfish.datamodel.Vrf in project batfish by batfish.
the class Region method toConfigurationNodes.
public void toConfigurationNodes(AwsConfiguration awsConfiguration, Map<String, Configuration> configurationNodes) {
// updates the Ips which have been allocated already in subnets of all interfaces
updateAllocatedIps();
for (Vpc vpc : getVpcs().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = vpc.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (ElasticsearchDomain elasticsearchDomain : getElasticSearchDomains().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = elasticsearchDomain.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (InternetGateway igw : getInternetGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = igw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (NatGateway ngw : getNatGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
warnings.redFlag("NAT functionality not yet implemented for " + ngw.getId());
Configuration cfgNode = ngw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (VpnGateway vgw : getVpnGateways().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = vgw.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (Instance instance : getInstances().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = instance.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (RdsInstance rdsInstance : getRdsInstances().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = rdsInstance.toConfigurationNode(awsConfiguration, this, warnings);
cfgNode.setDeviceType(DeviceType.HOST);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (Subnet subnet : getSubnets().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
Configuration cfgNode = subnet.toConfigurationNode(awsConfiguration, this, warnings);
configurationNodes.put(cfgNode.getName(), cfgNode);
awsConfiguration.getWarningsByHost().put(cfgNode.getName(), warnings);
}
for (VpnConnection vpnConnection : getVpnConnections().values()) {
Warnings warnings = Batfish.buildWarnings(awsConfiguration.getSettings());
vpnConnection.applyToVpnGateway(awsConfiguration, this, warnings);
awsConfiguration.getWarningsByHost().put(vpnConnection.getId(), warnings);
}
applySecurityGroupsAcls(configurationNodes);
// TODO: for now, set all interfaces to have the same bandwidth
for (Configuration cfgNode : configurationNodes.values()) {
for (Vrf vrf : cfgNode.getVrfs().values()) {
for (Interface iface : vrf.getInterfaces().values()) {
iface.setBandwidth(1E12d);
}
}
}
}
Also used :
Configuration(org.batfish.datamodel.Configuration)
Vrf(org.batfish.datamodel.Vrf)
Warnings(org.batfish.common.Warnings)
Interface(org.batfish.datamodel.Interface)
Example 4 with Vrf
use of org.batfish.datamodel.Vrf in project batfish by batfish.
the class HostConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
if (_underlayConfiguration != null) {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(_underlayConfiguration.canonicalizeInterfaceName(name)));
} else {
_hostInterfaces.forEach((name, iface) -> iface.setCanonicalName(name));
}
String hostname = getHostname();
_c = new Configuration(hostname, ConfigurationFormat.HOST);
_c.setDefaultCrossZoneAction(LineAction.ACCEPT);
_c.setDefaultInboundAction(LineAction.ACCEPT);
_c.setRoles(_roles);
_c.getVrfs().put(Configuration.DEFAULT_VRF_NAME, new Vrf(Configuration.DEFAULT_VRF_NAME));
// add interfaces
_hostInterfaces.values().forEach(hostInterface -> {
String canonicalName = hostInterface.getCanonicalName();
Interface newIface = hostInterface.toInterface(_c, _w);
_c.getInterfaces().put(canonicalName, newIface);
_c.getDefaultVrf().getInterfaces().put(canonicalName, newIface);
});
// add iptables
if (_iptablesVendorConfig != null) {
_iptablesVendorConfig.addAsIpAccessLists(_c, this, _w);
}
// apply acls to interfaces
if (simple()) {
for (Interface iface : _c.getDefaultVrf().getInterfaces().values()) {
iface.setIncomingFilter(_c.getIpAccessLists().get(FILTER_INPUT));
iface.setOutgoingFilter(_c.getIpAccessLists().get(FILTER_OUTPUT));
}
} else {
_w.unimplemented("Do not support complicated iptables rules yet");
}
_c.getDefaultVrf().getStaticRoutes().addAll(_staticRoutes.stream().map(hsr -> hsr.toStaticRoute()).collect(Collectors.toSet()));
Set<StaticRoute> staticRoutes = _c.getDefaultVrf().getStaticRoutes();
for (HostInterface iface : _hostInterfaces.values()) {
Ip gateway = iface.getGateway();
if (gateway != null) {
staticRoutes.add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopIp(gateway).setNextHopInterface(iface.getName()).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
break;
}
}
if (_staticRoutes.isEmpty() && staticRoutes.isEmpty() && !_c.getInterfaces().isEmpty()) {
String ifaceName = _c.getInterfaces().values().iterator().next().getName();
_c.getDefaultVrf().getStaticRoutes().add(StaticRoute.builder().setNetwork(Prefix.ZERO).setNextHopInterface(ifaceName).setAdministrativeCost(HostStaticRoute.DEFAULT_ADMINISTRATIVE_COST).setTag(AbstractRoute.NO_TAG).build());
}
return _c;
}
Also used :
StaticRoute(org.batfish.datamodel.StaticRoute)
Configuration(org.batfish.datamodel.Configuration)
IptablesVendorConfiguration(org.batfish.representation.iptables.IptablesVendorConfiguration)
VendorConfiguration(org.batfish.vendor.VendorConfiguration)
Ip(org.batfish.datamodel.Ip)
Vrf(org.batfish.datamodel.Vrf)
Interface(org.batfish.datamodel.Interface)
Example 5 with Vrf
use of org.batfish.datamodel.Vrf in project batfish by batfish.
the class AbstractionBuilder method createAbstractConfig.
/*
* Creates a new Configuration from an old one for an abstract router
* by copying the old configuration, but removing any concrete interfaces,
* neighbors etc that do not correpond to any abstract neighbors.
*/
private Configuration createAbstractConfig(Set<String> abstractRouters, Configuration conf) {
Configuration abstractConf = new Configuration(conf.getHostname(), conf.getConfigurationFormat());
abstractConf.setDnsServers(conf.getDnsServers());
abstractConf.setDnsSourceInterface(conf.getDnsSourceInterface());
abstractConf.setDomainName(conf.getDomainName());
abstractConf.setAuthenticationKeyChains(conf.getAuthenticationKeyChains());
abstractConf.setIkeGateways(conf.getIkeGateways());
abstractConf.setDefaultCrossZoneAction(conf.getDefaultCrossZoneAction());
abstractConf.setIkePolicies(conf.getIkePolicies());
abstractConf.setIkeProposals(conf.getIkeProposals());
abstractConf.setDefaultInboundAction(conf.getDefaultInboundAction());
abstractConf.setIpAccessLists(conf.getIpAccessLists());
abstractConf.setIp6AccessLists(conf.getIp6AccessLists());
abstractConf.setRouteFilterLists(conf.getRouteFilterLists());
abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
abstractConf.setIpsecPolicies(conf.getIpsecPolicies());
abstractConf.setIpsecProposals(conf.getIpsecProposals());
abstractConf.setIpsecVpns(conf.getIpsecVpns());
abstractConf.setLoggingServers(conf.getLoggingServers());
abstractConf.setLoggingSourceInterface(conf.getLoggingSourceInterface());
abstractConf.setNormalVlanRange(conf.getNormalVlanRange());
abstractConf.setNtpServers(conf.getNtpServers());
abstractConf.setNtpSourceInterface(conf.getNtpSourceInterface());
abstractConf.setRoles(conf.getRoles());
abstractConf.setSnmpSourceInterface(conf.getSnmpSourceInterface());
abstractConf.setSnmpTrapServers(conf.getSnmpTrapServers());
abstractConf.setTacacsServers(conf.getTacacsServers());
abstractConf.setTacacsSourceInterface(conf.getTacacsSourceInterface());
abstractConf.setVendorFamily(conf.getVendorFamily());
abstractConf.setZones(conf.getZones());
abstractConf.setCommunityLists(conf.getCommunityLists());
abstractConf.setRoutingPolicies(conf.getRoutingPolicies());
abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
SortedSet<Interface> toRetain = new TreeSet<>();
SortedSet<IpLink> ipNeighbors = new TreeSet<>();
SortedSet<BgpNeighbor> bgpNeighbors = new TreeSet<>();
List<GraphEdge> edges = _graph.getEdgeMap().get(conf.getName());
for (GraphEdge ge : edges) {
boolean leavesNetwork = (ge.getPeer() == null);
if (leavesNetwork || (abstractRouters.contains(ge.getRouter()) && abstractRouters.contains(ge.getPeer()))) {
toRetain.add(ge.getStart());
Ip start = ge.getStart().getAddress().getIp();
if (!leavesNetwork) {
Ip end = ge.getEnd().getAddress().getIp();
ipNeighbors.add(new IpLink(start, end));
}
BgpNeighbor n = _graph.getEbgpNeighbors().get(ge);
if (n != null) {
bgpNeighbors.add(n);
}
}
}
// Update interfaces
NavigableMap<String, Interface> abstractInterfaces = new TreeMap<>();
for (Entry<String, Interface> entry : conf.getInterfaces().entrySet()) {
String name = entry.getKey();
Interface iface = entry.getValue();
if (toRetain.contains(iface)) {
abstractInterfaces.put(name, iface);
}
}
abstractConf.setInterfaces(abstractInterfaces);
// Update VRFs
Map<String, Vrf> abstractVrfs = new HashMap<>();
for (Entry<String, Vrf> entry : conf.getVrfs().entrySet()) {
String name = entry.getKey();
Vrf vrf = entry.getValue();
Vrf abstractVrf = new Vrf(name);
abstractVrf.setStaticRoutes(vrf.getStaticRoutes());
abstractVrf.setIsisProcess(vrf.getIsisProcess());
abstractVrf.setRipProcess(vrf.getRipProcess());
abstractVrf.setSnmpServer(vrf.getSnmpServer());
NavigableMap<String, Interface> abstractVrfInterfaces = new TreeMap<>();
for (Entry<String, Interface> entry2 : vrf.getInterfaces().entrySet()) {
String iname = entry2.getKey();
Interface iface = entry2.getValue();
if (toRetain.contains(iface)) {
abstractVrfInterfaces.put(iname, iface);
}
}
abstractVrf.setInterfaces(abstractVrfInterfaces);
abstractVrf.setInterfaceNames(new TreeSet<>(abstractVrfInterfaces.keySet()));
OspfProcess ospf = vrf.getOspfProcess();
if (ospf != null) {
OspfProcess abstractOspf = new OspfProcess();
abstractOspf.setAreas(ospf.getAreas());
abstractOspf.setExportPolicy(ospf.getExportPolicy());
abstractOspf.setReferenceBandwidth(ospf.getReferenceBandwidth());
abstractOspf.setRouterId(ospf.getRouterId());
// Copy over neighbors
Map<IpLink, OspfNeighbor> abstractNeighbors = new HashMap<>();
if (ospf.getOspfNeighbors() != null) {
for (Entry<IpLink, OspfNeighbor> entry2 : ospf.getOspfNeighbors().entrySet()) {
IpLink link = entry2.getKey();
OspfNeighbor neighbor = entry2.getValue();
if (ipNeighbors.contains(link)) {
abstractNeighbors.put(link, neighbor);
}
}
}
abstractOspf.setOspfNeighbors(abstractNeighbors);
abstractVrf.setOspfProcess(abstractOspf);
}
BgpProcess bgp = vrf.getBgpProcess();
if (bgp != null) {
BgpProcess abstractBgp = new BgpProcess();
abstractBgp.setMultipathEbgp(bgp.getMultipathEbgp());
abstractBgp.setMultipathIbgp(bgp.getMultipathIbgp());
abstractBgp.setRouterId(bgp.getRouterId());
abstractBgp.setOriginationSpace(bgp.getOriginationSpace());
// TODO: set bgp neighbors accordingly
// Copy over neighbors
SortedMap<Prefix, BgpNeighbor> abstractBgpNeighbors = new TreeMap<>();
if (bgp.getNeighbors() != null) {
for (Entry<Prefix, BgpNeighbor> entry2 : bgp.getNeighbors().entrySet()) {
Prefix prefix = entry2.getKey();
BgpNeighbor neighbor = entry2.getValue();
if (bgpNeighbors.contains(neighbor)) {
abstractBgpNeighbors.put(prefix, neighbor);
}
}
}
abstractBgp.setNeighbors(abstractBgpNeighbors);
abstractVrf.setBgpProcess(abstractBgp);
}
abstractVrfs.put(name, abstractVrf);
}
abstractConf.setVrfs(abstractVrfs);
return abstractConf;
}
Also used :
IpLink(org.batfish.datamodel.IpLink)
Configuration(org.batfish.datamodel.Configuration)
HashMap(java.util.HashMap)
BgpProcess(org.batfish.datamodel.BgpProcess)
Ip(org.batfish.datamodel.Ip)
Vrf(org.batfish.datamodel.Vrf)
Prefix(org.batfish.datamodel.Prefix)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
TreeSet(java.util.TreeSet)
OspfNeighbor(org.batfish.datamodel.OspfNeighbor)
OspfProcess(org.batfish.datamodel.OspfProcess)
TreeMap(java.util.TreeMap)
GraphEdge(org.batfish.symbolic.GraphEdge)
Interface(org.batfish.datamodel.Interface)
Aggregations
Vrf (org.batfish.datamodel.Vrf)43
Configuration (org.batfish.datamodel.Configuration)40
Interface (org.batfish.datamodel.Interface)26
Ip (org.batfish.datamodel.Ip)21
Topology (org.batfish.datamodel.Topology)21
Test (org.junit.Test)19
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)18
Prefix (org.batfish.datamodel.Prefix)16
Edge (org.batfish.datamodel.Edge)12
StaticRoute (org.batfish.datamodel.StaticRoute)12
TreeMap (java.util.TreeMap)10
NetworkFactory (org.batfish.datamodel.NetworkFactory)9
OspfProcess (org.batfish.datamodel.OspfProcess)8
ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)7
Set (java.util.Set)7
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)7
IpWildcard (org.batfish.datamodel.IpWildcard)7
SynthesizerInputMatchers.hasArpTrueEdge (org.batfish.z3.matchers.SynthesizerInputMatchers.hasArpTrueEdge)7
ImmutableList (com.google.common.collect.ImmutableList)6
IOException (java.io.IOException)6
