Search in sources :

Example 16 with RoutingPolicy

use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.

the class JuniperConfiguration method createOspfProcess.

private OspfProcess createOspfProcess(RoutingInstance routingInstance) {
    OspfProcess newProc = new OspfProcess();
    String vrfName = routingInstance.getName();
    // export policies
    String ospfExportPolicyName = "~OSPF_EXPORT_POLICY:" + vrfName + "~";
    RoutingPolicy ospfExportPolicy = new RoutingPolicy(ospfExportPolicyName, _c);
    _c.getRoutingPolicies().put(ospfExportPolicyName, ospfExportPolicy);
    newProc.setExportPolicy(ospfExportPolicyName);
    If ospfExportPolicyConditional = new If();
    // TODO: set default metric-type for special cases based on ospf process
    // setttings
    ospfExportPolicy.getStatements().add(new SetOspfMetricType(OspfMetricType.E2));
    ospfExportPolicy.getStatements().add(ospfExportPolicyConditional);
    Disjunction matchSomeExportPolicy = new Disjunction();
    ospfExportPolicyConditional.setGuard(matchSomeExportPolicy);
    ospfExportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
    ospfExportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
    routingInstance.getOspfExportPolicies().forEach((exportPolicyName, exportPolicyLine) -> {
        PolicyStatement exportPolicy = _policyStatements.get(exportPolicyName);
        if (exportPolicy == null) {
            undefined(JuniperStructureType.POLICY_STATEMENT, exportPolicyName, JuniperStructureUsage.OSPF_EXPORT_POLICY, exportPolicyLine);
        } else {
            setPolicyStatementReferent(exportPolicyName, routingInstance.getOspfExportPolicies(), "OSPF export policies");
            CallExpr callPolicy = new CallExpr(exportPolicyName);
            matchSomeExportPolicy.getDisjuncts().add(callPolicy);
        }
    });
    // areas
    Map<Long, OspfArea> newAreas = newProc.getAreas();
    newAreas.putAll(routingInstance.getOspfAreas());
    // place interfaces into areas
    for (Entry<String, Interface> e : routingInstance.getInterfaces().entrySet()) {
        String name = e.getKey();
        Interface iface = e.getValue();
        placeInterfaceIntoArea(newAreas, name, iface, vrfName);
    }
    newProc.setRouterId(routingInstance.getRouterId());
    newProc.setReferenceBandwidth(routingInstance.getOspfReferenceBandwidth());
    return newProc;
}
Also used : OspfArea(org.batfish.datamodel.OspfArea) OspfProcess(org.batfish.datamodel.OspfProcess) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType) If(org.batfish.datamodel.routing_policy.statement.If)

Example 17 with RoutingPolicy

use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.

the class JuniperConfiguration method toGeneratedRoute.

private org.batfish.datamodel.GeneratedRoute toGeneratedRoute(GeneratedRoute route) {
    Prefix prefix = route.getPrefix();
    Integer administrativeCost = route.getPreference();
    if (administrativeCost == null) {
        administrativeCost = DEFAULT_AGGREGATE_ROUTE_PREFERENCE;
    }
    Integer metric = route.getMetric();
    if (metric == null) {
        metric = DEFAULT_AGGREGATE_ROUTE_COST;
    }
    String generationPolicyName = null;
    if (!route.getPolicies().isEmpty()) {
        generationPolicyName = "~GENERATED_ROUTE_POLICY:" + prefix + "~";
        RoutingPolicy generationPolicy = new RoutingPolicy(generationPolicyName, _c);
        _c.getRoutingPolicies().put(generationPolicyName, generationPolicy);
        If generationPolicyConditional = new If();
        Disjunction matchSomeGenerationPolicy = new Disjunction();
        generationPolicyConditional.setGuard(matchSomeGenerationPolicy);
        generationPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
        generationPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
        generationPolicy.getStatements().add(generationPolicyConditional);
        route.getPolicies().forEach((policyName, policyLine) -> {
            PolicyStatement policy = _policyStatements.get(policyName);
            if (policy == null) {
                undefined(JuniperStructureType.POLICY_STATEMENT, policyName, JuniperStructureUsage.GENERATED_ROUTE_POLICY, policyLine);
            } else {
                setPolicyStatementReferent(policyName, route.getPolicies(), "Generated route policy for prefix: " + route.getPrefix());
                CallExpr callPolicy = new CallExpr(policyName);
                matchSomeGenerationPolicy.getDisjuncts().add(callPolicy);
            }
        });
    }
    org.batfish.datamodel.GeneratedRoute.Builder newRoute = new org.batfish.datamodel.GeneratedRoute.Builder();
    newRoute.setNetwork(prefix);
    newRoute.setAdmin(administrativeCost);
    newRoute.setMetric(metric);
    newRoute.setGenerationPolicy(generationPolicyName);
    return newRoute.build();
}
Also used : RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) Prefix(org.batfish.datamodel.Prefix) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) If(org.batfish.datamodel.routing_policy.statement.If)

Example 18 with RoutingPolicy

use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.

the class JuniperConfiguration method initDefaultBgpImportPolicy.

private void initDefaultBgpImportPolicy() {
    if (_c.getRoutingPolicies().containsKey(DEFAULT_BGP_IMPORT_POLICY_NAME)) {
        return;
    }
    // set up default import policy (accept all routes)
    RoutingPolicy defaultBgpImportPolicy = new RoutingPolicy(DEFAULT_BGP_IMPORT_POLICY_NAME, _c);
    _c.getRoutingPolicies().put(DEFAULT_BGP_IMPORT_POLICY_NAME, defaultBgpImportPolicy);
    PsThenAccept.INSTANCE.applyTo(defaultBgpImportPolicy.getStatements(), this, _c, _w);
}
Also used : RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)

Example 19 with RoutingPolicy

use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.

the class JuniperConfiguration method initDefaultBgpExportPolicy.

private void initDefaultBgpExportPolicy() {
    if (_c.getRoutingPolicies().containsKey(DEFAULT_BGP_EXPORT_POLICY_NAME)) {
        return;
    }
    // set up default export policy (accept bgp routes)
    RoutingPolicy defaultBgpExportPolicy = new RoutingPolicy(DEFAULT_BGP_EXPORT_POLICY_NAME, _c);
    _c.getRoutingPolicies().put(DEFAULT_BGP_EXPORT_POLICY_NAME, defaultBgpExportPolicy);
    If defaultBgpExportPolicyConditional = new If();
    defaultBgpExportPolicy.getStatements().add(defaultBgpExportPolicyConditional);
    // guard
    Disjunction isBgp = new Disjunction();
    isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
    isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.IBGP));
    defaultBgpExportPolicyConditional.setGuard(isBgp);
    PsThenAccept.INSTANCE.applyTo(defaultBgpExportPolicyConditional.getTrueStatements(), this, _c, _w);
    PsThenReject.INSTANCE.applyTo(defaultBgpExportPolicyConditional.getFalseStatements(), this, _c, _w);
}
Also used : Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) If(org.batfish.datamodel.routing_policy.statement.If) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)

Example 20 with RoutingPolicy

use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.

the class JuniperConfiguration method createBgpProcess.

private BgpProcess createBgpProcess(RoutingInstance routingInstance) {
    initDefaultBgpExportPolicy();
    initDefaultBgpImportPolicy();
    String vrfName = routingInstance.getName();
    Vrf vrf = _c.getVrfs().get(vrfName);
    BgpProcess proc = new BgpProcess();
    Ip routerId = routingInstance.getRouterId();
    if (routerId == null) {
        routerId = _defaultRoutingInstance.getRouterId();
        if (routerId == null) {
            routerId = Ip.ZERO;
        }
    }
    proc.setRouterId(routerId);
    BgpGroup mg = routingInstance.getMasterBgpGroup();
    boolean multipathEbgp = false;
    boolean multipathIbgp = false;
    boolean multipathMultipleAs = false;
    boolean multipathEbgpSet = false;
    boolean multipathIbgpSet = false;
    boolean multipathMultipleAsSet = false;
    if (mg.getLocalAs() == null) {
        Integer routingInstanceAs = routingInstance.getAs();
        if (routingInstanceAs == null) {
            routingInstanceAs = _defaultRoutingInstance.getAs();
        }
        if (routingInstanceAs == null) {
            _w.redFlag("BGP BROKEN FOR THIS ROUTER: Cannot determine local autonomous system");
        } else {
            mg.setLocalAs(routingInstanceAs);
        }
    }
    // Set default authentication algorithm if missing
    if (mg.getAuthenticationAlgorithm() == null) {
        mg.setAuthenticationAlgorithm(DEFAULT_BGP_AUTHENTICATION_ALGORITHM);
    }
    for (IpBgpGroup ig : routingInstance.getIpBgpGroups().values()) {
        ig.cascadeInheritance();
    }
    _unreferencedBgpGroups = new TreeMap<>();
    int fakeIpCounter = 0;
    for (Entry<String, NamedBgpGroup> e : routingInstance.getNamedBgpGroups().entrySet()) {
        fakeIpCounter++;
        String name = e.getKey();
        NamedBgpGroup group = e.getValue();
        if (!group.getIpv6() && !group.getInherited()) {
            _unreferencedBgpGroups.put(name, group.getDefinitionLine());
            Ip fakeIp = new Ip(-1 * fakeIpCounter);
            IpBgpGroup dummy = new IpBgpGroup(fakeIp);
            dummy.setParent(group);
            dummy.cascadeInheritance();
            routingInstance.getIpBgpGroups().put(fakeIp, dummy);
        }
    }
    for (Entry<Ip, IpBgpGroup> e : routingInstance.getIpBgpGroups().entrySet()) {
        Ip ip = e.getKey();
        IpBgpGroup ig = e.getValue();
        BgpNeighbor neighbor = new BgpNeighbor(ip, _c);
        neighbor.setVrf(vrfName);
        // route reflection
        Ip declaredClusterId = ig.getClusterId();
        if (declaredClusterId != null) {
            neighbor.setRouteReflectorClient(true);
            neighbor.setClusterId(declaredClusterId.asLong());
        } else {
            neighbor.setClusterId(routerId.asLong());
        }
        // multipath multiple-as
        boolean currentGroupMultipathMultipleAs = ig.getMultipathMultipleAs();
        if (multipathMultipleAsSet && currentGroupMultipathMultipleAs != multipathMultipleAs) {
            _w.redFlag("Currently do not support mixed multipath-multiple-as/non-multipath-multiple-as bgp" + "groups on Juniper - FORCING NON-MULTIPATH-MULTIPLE-AS");
            multipathMultipleAs = false;
        } else {
            multipathMultipleAs = currentGroupMultipathMultipleAs;
            multipathMultipleAsSet = true;
        }
        String authenticationKeyChainName = ig.getAuthenticationKeyChainName();
        if (ig.getAuthenticationKeyChainName() != null) {
            if (!_c.getAuthenticationKeyChains().containsKey(authenticationKeyChainName)) {
                authenticationKeyChainName = null;
            } else if (ig.getAuthenticationKey() != null) {
                _w.redFlag("Both authentication-key and authentication-key-chain specified for neighbor " + ig.getRemoteAddress());
            }
        }
        BgpAuthenticationSettings bgpAuthenticationSettings = new BgpAuthenticationSettings();
        bgpAuthenticationSettings.setAuthenticationAlgorithm(ig.getAuthenticationAlgorithm());
        bgpAuthenticationSettings.setAuthenticationKey(ig.getAuthenticationKey());
        bgpAuthenticationSettings.setAuthenticationKeyChainName(authenticationKeyChainName);
        neighbor.setAuthenticationSettings(bgpAuthenticationSettings);
        Boolean ebgpMultihop = ig.getEbgpMultihop();
        if (ebgpMultihop == null) {
            ebgpMultihop = false;
        }
        neighbor.setEbgpMultihop(ebgpMultihop);
        Integer loops = ig.getLoops();
        boolean allowLocalAsIn = loops != null && loops > 0;
        neighbor.setAllowLocalAsIn(allowLocalAsIn);
        Boolean advertisePeerAs = ig.getAdvertisePeerAs();
        if (advertisePeerAs == null) {
            advertisePeerAs = false;
        }
        neighbor.setAllowRemoteAsOut(advertisePeerAs);
        Boolean advertiseExternal = ig.getAdvertiseExternal();
        if (advertiseExternal == null) {
            advertiseExternal = false;
        }
        neighbor.setAdvertiseExternal(advertiseExternal);
        Boolean advertiseInactive = ig.getAdvertiseInactive();
        if (advertiseInactive == null) {
            advertiseInactive = false;
        }
        neighbor.setAdvertiseInactive(advertiseInactive);
        neighbor.setGroup(ig.getGroupName());
        // import policies
        String peerImportPolicyName = "~PEER_IMPORT_POLICY:" + ig.getRemoteAddress() + "~";
        neighbor.setImportPolicy(peerImportPolicyName);
        RoutingPolicy peerImportPolicy = new RoutingPolicy(peerImportPolicyName, _c);
        _c.getRoutingPolicies().put(peerImportPolicyName, peerImportPolicy);
        // default import policy is to accept
        peerImportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_IMPORT_POLICY_NAME));
        peerImportPolicy.getStatements().add(Statements.SetDefaultActionAccept.toStaticStatement());
        List<BooleanExpr> importPolicyCalls = new ArrayList<>();
        ig.getImportPolicies().forEach((importPolicyName, importPolicyLine) -> {
            PolicyStatement importPolicy = _policyStatements.get(importPolicyName);
            if (importPolicy == null) {
                undefined(JuniperStructureType.POLICY_STATEMENT, importPolicyName, JuniperStructureUsage.BGP_IMPORT_POLICY, importPolicyLine);
            } else {
                setPolicyStatementReferent(importPolicyName, ig.getImportPolicies(), "BGP import policy for neighbor: " + ig.getRemoteAddress());
                CallExpr callPolicy = new CallExpr(importPolicyName);
                importPolicyCalls.add(callPolicy);
            }
        });
        If peerImportPolicyConditional = new If();
        DisjunctionChain importPolicyChain = new DisjunctionChain(importPolicyCalls);
        peerImportPolicyConditional.setGuard(importPolicyChain);
        peerImportPolicy.getStatements().add(peerImportPolicyConditional);
        peerImportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
        peerImportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
        // export policies
        String peerExportPolicyName = "~PEER_EXPORT_POLICY:" + ig.getRemoteAddress() + "~";
        neighbor.setExportPolicy(peerExportPolicyName);
        RoutingPolicy peerExportPolicy = new RoutingPolicy(peerExportPolicyName, _c);
        _c.getRoutingPolicies().put(peerExportPolicyName, peerExportPolicy);
        peerExportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_EXPORT_POLICY_NAME));
        /*
       * For new BGP advertisements, i.e. those that are created from non-BGP
       * routes, an origin code must be set. By default, Juniper sets the origin
       * code to IGP.
       */
        If setOriginForNonBgp = new If();
        Disjunction isBgp = new Disjunction();
        isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
        isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.IBGP));
        setOriginForNonBgp.setGuard(isBgp);
        setOriginForNonBgp.getFalseStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
        peerExportPolicy.getStatements().add(setOriginForNonBgp);
        List<BooleanExpr> exportPolicyCalls = new ArrayList<>();
        ig.getExportPolicies().forEach((exportPolicyName, exportPolicyLine) -> {
            PolicyStatement exportPolicy = _policyStatements.get(exportPolicyName);
            if (exportPolicy == null) {
                undefined(JuniperStructureType.POLICY_STATEMENT, exportPolicyName, JuniperStructureUsage.BGP_EXPORT_POLICY, exportPolicyLine);
            } else {
                setPolicyStatementReferent(exportPolicyName, ig.getExportPolicies(), "BGP export policy for neighbor: " + ig.getRemoteAddress());
                CallExpr callPolicy = new CallExpr(exportPolicyName);
                exportPolicyCalls.add(callPolicy);
            }
        });
        If peerExportPolicyConditional = new If();
        DisjunctionChain exportPolicyChain = new DisjunctionChain(exportPolicyCalls);
        peerExportPolicyConditional.setGuard(exportPolicyChain);
        peerExportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
        peerExportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
        peerExportPolicy.getStatements().add(peerExportPolicyConditional);
        // inherit local-as
        neighbor.setLocalAs(ig.getLocalAs());
        if (neighbor.getLocalAs() == null) {
            _w.redFlag("Missing local-as for neighbor: " + ig.getRemoteAddress());
            continue;
        }
        /*
       * inherit peer-as, or use local-as if internal
       *
       * Also set multipath
       */
        if (ig.getType() == BgpGroupType.INTERNAL) {
            neighbor.setRemoteAs(ig.getLocalAs());
            boolean currentGroupMultipathIbgp = ig.getMultipath();
            if (multipathIbgpSet && currentGroupMultipathIbgp != multipathIbgp) {
                _w.redFlag("Currently do not support mixed iBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH IBGP");
                multipathIbgp = false;
            } else {
                multipathIbgp = currentGroupMultipathIbgp;
                multipathIbgpSet = true;
            }
        } else {
            neighbor.setRemoteAs(ig.getPeerAs());
            boolean currentGroupMultipathEbgp = ig.getMultipath();
            if (multipathEbgpSet && currentGroupMultipathEbgp != multipathEbgp) {
                _w.redFlag("Currently do not support mixed eBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH EBGP");
                multipathEbgp = false;
            } else {
                multipathEbgp = currentGroupMultipathEbgp;
                multipathEbgpSet = true;
            }
        }
        // TODO: implement better behavior than setting default metric to 0
        neighbor.setDefaultMetric(0);
        // TODO: find out if there is a juniper equivalent of cisco
        // send-community
        neighbor.setSendCommunity(true);
        // inherit update-source
        Ip localIp = ig.getLocalAddress();
        if (localIp == null) {
            // peer
            outerloop: for (org.batfish.datamodel.Interface iface : vrf.getInterfaces().values()) {
                for (InterfaceAddress address : iface.getAllAddresses()) {
                    if (address.getPrefix().containsIp(ip)) {
                        localIp = address.getIp();
                        break outerloop;
                    }
                }
            }
        }
        if (localIp == null && _defaultAddressSelection) {
            initFirstLoopbackInterface();
            if (_lo0 != null) {
                InterfaceAddress lo0Unit0Address = _lo0.getPrimaryAddress();
                if (lo0Unit0Address != null) {
                    localIp = lo0Unit0Address.getIp();
                }
            }
        }
        if (localIp == null && ip.valid()) {
            _w.redFlag("Could not determine local ip for bgp peering with neighbor ip: " + ip);
        } else {
            neighbor.setLocalIp(localIp);
        }
        if (neighbor.getGroup() == null || !_unreferencedBgpGroups.containsKey(neighbor.getGroup())) {
            proc.getNeighbors().put(neighbor.getPrefix(), neighbor);
        }
    }
    proc.setMultipathEbgp(multipathEbgpSet);
    proc.setMultipathIbgp(multipathIbgp);
    MultipathEquivalentAsPathMatchMode multipathEquivalentAsPathMatchMode = multipathMultipleAs ? MultipathEquivalentAsPathMatchMode.PATH_LENGTH : MultipathEquivalentAsPathMatchMode.FIRST_AS;
    proc.setMultipathEquivalentAsPathMatchMode(multipathEquivalentAsPathMatchMode);
    return proc;
}
Also used : BgpProcess(org.batfish.datamodel.BgpProcess) LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin) Ip(org.batfish.datamodel.Ip) ArrayList(java.util.ArrayList) Vrf(org.batfish.datamodel.Vrf) MultipathEquivalentAsPathMatchMode(org.batfish.datamodel.MultipathEquivalentAsPathMatchMode) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) DisjunctionChain(org.batfish.datamodel.routing_policy.expr.DisjunctionChain) BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr) BgpAuthenticationSettings(org.batfish.datamodel.BgpAuthenticationSettings) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) SetDefaultPolicy(org.batfish.datamodel.routing_policy.statement.SetDefaultPolicy) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) If(org.batfish.datamodel.routing_policy.statement.If)

Aggregations

RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)50 If (org.batfish.datamodel.routing_policy.statement.If)17 Prefix (org.batfish.datamodel.Prefix)16 BatfishException (org.batfish.common.BatfishException)12 Ip (org.batfish.datamodel.Ip)12 Conjunction (org.batfish.datamodel.routing_policy.expr.Conjunction)12 Statement (org.batfish.datamodel.routing_policy.statement.Statement)12 Configuration (org.batfish.datamodel.Configuration)11 BooleanExpr (org.batfish.datamodel.routing_policy.expr.BooleanExpr)11 MatchProtocol (org.batfish.datamodel.routing_policy.expr.MatchProtocol)11 InterfaceAddress (org.batfish.datamodel.InterfaceAddress)10 CallExpr (org.batfish.datamodel.routing_policy.expr.CallExpr)10 Disjunction (org.batfish.datamodel.routing_policy.expr.Disjunction)10 ArrayList (java.util.ArrayList)9 MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)9 HashSet (java.util.HashSet)7 RouteFilterList (org.batfish.datamodel.RouteFilterList)7 SubRange (org.batfish.datamodel.SubRange)7 Not (org.batfish.datamodel.routing_policy.expr.Not)7 HashMap (java.util.HashMap)6