Search in sources :

Example 1 with Conjunction

use of org.batfish.datamodel.routing_policy.expr.Conjunction in project batfish by batfish.

the class RoutingPolicyTests method testRoutingPolicyDeepCircularReference.

/**
 * Policy with actual circular reference deep in the policy
 */
@Test
public void testRoutingPolicyDeepCircularReference() {
    String parentPolicyName = "parent";
    CallStatement callStatement = new CallStatement(parentPolicyName);
    BufferedStatement bs = new BufferedStatement(callStatement);
    WithEnvironmentExpr we1 = new WithEnvironmentExpr();
    we1.setPostStatements(ImmutableList.of(bs));
    If if1 = new If();
    if1.setGuard(we1);
    WithEnvironmentExpr we2 = new WithEnvironmentExpr();
    we2.setPostTrueStatements(ImmutableList.of(if1));
    If if2 = new If();
    if2.setGuard(we2);
    If if3 = new If();
    if3.setTrueStatements(ImmutableList.of(if2));
    If if4 = new If();
    if4.setFalseStatements(ImmutableList.of(if3));
    WithEnvironmentExpr we3 = new WithEnvironmentExpr();
    we3.setPreStatements(ImmutableList.of(if4));
    WithEnvironmentExpr we4 = new WithEnvironmentExpr();
    we4.setExpr(we3);
    Conjunction conj = new Conjunction();
    conj.setConjuncts(ImmutableList.of(we4));
    ConjunctionChain conjunctionChain = new ConjunctionChain(ImmutableList.of(conj));
    Disjunction disjunction = new Disjunction();
    disjunction.setDisjuncts(ImmutableList.of(conjunctionChain));
    DisjunctionChain disjunctionChain = new DisjunctionChain(ImmutableList.of(disjunction));
    Not not = new Not(disjunctionChain);
    If if5 = new If();
    if5.setGuard(not);
    _rpb.setName(parentPolicyName).setStatements(ImmutableList.of(if5)).build();
    _c.computeRoutingPolicySources(_w);
    /*
     * A circular reference warning should be emitted containing the name of the circularly
     * referenced policy.
     */
    assertThat(_w.getRedFlagWarnings(), not(empty()));
    assertThat(_w.getRedFlagWarnings().iterator().next().getText(), containsString(parentPolicyName));
}
Also used : BufferedStatement(org.batfish.datamodel.routing_policy.statement.BufferedStatement) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) Not(org.batfish.datamodel.routing_policy.expr.Not) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) Matchers.containsString(org.hamcrest.Matchers.containsString) CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) ConjunctionChain(org.batfish.datamodel.routing_policy.expr.ConjunctionChain) DisjunctionChain(org.batfish.datamodel.routing_policy.expr.DisjunctionChain) WithEnvironmentExpr(org.batfish.datamodel.routing_policy.expr.WithEnvironmentExpr) If(org.batfish.datamodel.routing_policy.statement.If) Test(org.junit.Test)

Example 2 with Conjunction

use of org.batfish.datamodel.routing_policy.expr.Conjunction in project batfish by batfish.

the class CiscoConfiguration method toOspfProcess.

private org.batfish.datamodel.OspfProcess toOspfProcess(OspfProcess proc, String vrfName, Configuration c, CiscoConfiguration oldConfig) {
    org.batfish.datamodel.OspfProcess newProcess = new org.batfish.datamodel.OspfProcess();
    org.batfish.datamodel.Vrf vrf = c.getVrfs().get(vrfName);
    if (proc.getMaxMetricRouterLsa()) {
        newProcess.setMaxMetricTransitLinks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        if (proc.getMaxMetricIncludeStub()) {
            newProcess.setMaxMetricStubNetworks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        }
        newProcess.setMaxMetricExternalNetworks(proc.getMaxMetricExternalLsa());
        newProcess.setMaxMetricSummaryNetworks(proc.getMaxMetricSummaryLsa());
    }
    newProcess.setProcessId(proc.getName());
    // establish areas and associated interfaces
    Map<Long, OspfArea> areas = newProcess.getAreas();
    Map<Long, ImmutableSortedSet.Builder<String>> areaInterfacesBuilders = new HashMap<>();
    List<OspfNetwork> networks = new ArrayList<>();
    networks.addAll(proc.getNetworks());
    Collections.sort(networks, new Comparator<OspfNetwork>() {

        // sort so longest prefixes are first
        @Override
        public int compare(OspfNetwork lhs, OspfNetwork rhs) {
            int lhsPrefixLength = lhs.getPrefix().getPrefixLength();
            int rhsPrefixLength = rhs.getPrefix().getPrefixLength();
            // intentionally swapped
            int result = Integer.compare(rhsPrefixLength, lhsPrefixLength);
            if (result == 0) {
                long lhsIp = lhs.getPrefix().getStartIp().asLong();
                long rhsIp = rhs.getPrefix().getStartIp().asLong();
                result = Long.compare(lhsIp, rhsIp);
            }
            return result;
        }
    });
    // Set RFC 1583 compatibility
    newProcess.setRfc1583Compatible(proc.getRfc1583Compatible());
    for (Entry<String, org.batfish.datamodel.Interface> e : vrf.getInterfaces().entrySet()) {
        String ifaceName = e.getKey();
        org.batfish.datamodel.Interface iface = e.getValue();
        InterfaceAddress interfaceAddress = iface.getAddress();
        if (interfaceAddress == null) {
            continue;
        }
        for (OspfNetwork network : networks) {
            Prefix networkPrefix = network.getPrefix();
            Ip networkAddress = networkPrefix.getStartIp();
            Ip maskedInterfaceAddress = interfaceAddress.getIp().getNetworkAddress(networkPrefix.getPrefixLength());
            if (maskedInterfaceAddress.equals(networkAddress)) {
                // we have a longest prefix match
                long areaNum = network.getArea();
                OspfArea newArea = areas.computeIfAbsent(areaNum, OspfArea::new);
                ImmutableSortedSet.Builder<String> newAreaInterfacesBuilder = areaInterfacesBuilders.computeIfAbsent(areaNum, n -> ImmutableSortedSet.naturalOrder());
                newAreaInterfacesBuilder.add(ifaceName);
                iface.setOspfArea(newArea);
                iface.setOspfEnabled(true);
                boolean passive = proc.getPassiveInterfaceList().contains(iface.getName()) || (proc.getPassiveInterfaceDefault() && !proc.getActiveInterfaceList().contains(iface.getName()));
                iface.setOspfPassive(passive);
                break;
            }
        }
        areaInterfacesBuilders.forEach((areaNum, interfacesBuilder) -> areas.get(areaNum).setInterfaces(interfacesBuilder.build()));
    }
    // create summarization filters for inter-area routes
    for (Entry<Long, Map<Prefix, OspfAreaSummary>> e1 : proc.getSummaries().entrySet()) {
        long areaLong = e1.getKey();
        Map<Prefix, OspfAreaSummary> summaries = e1.getValue();
        OspfArea area = areas.get(areaLong);
        String summaryFilterName = "~OSPF_SUMMARY_FILTER:" + vrfName + ":" + areaLong + "~";
        RouteFilterList summaryFilter = new RouteFilterList(summaryFilterName);
        c.getRouteFilterLists().put(summaryFilterName, summaryFilter);
        if (area == null) {
            area = new OspfArea(areaLong);
            areas.put(areaLong, area);
        }
        area.setSummaryFilter(summaryFilterName);
        for (Entry<Prefix, OspfAreaSummary> e2 : summaries.entrySet()) {
            Prefix prefix = e2.getKey();
            OspfAreaSummary summary = e2.getValue();
            int prefixLength = prefix.getPrefixLength();
            int filterMinPrefixLength = summary.getAdvertised() ? Math.min(Prefix.MAX_PREFIX_LENGTH, prefixLength + 1) : prefixLength;
            summaryFilter.addLine(new RouteFilterLine(LineAction.REJECT, prefix, new SubRange(filterMinPrefixLength, Prefix.MAX_PREFIX_LENGTH)));
        }
        area.setSummaries(ImmutableSortedMap.copyOf(summaries));
        summaryFilter.addLine(new RouteFilterLine(LineAction.ACCEPT, Prefix.ZERO, new SubRange(0, Prefix.MAX_PREFIX_LENGTH)));
    }
    String ospfExportPolicyName = "~OSPF_EXPORT_POLICY:" + vrfName + "~";
    RoutingPolicy ospfExportPolicy = new RoutingPolicy(ospfExportPolicyName, c);
    c.getRoutingPolicies().put(ospfExportPolicyName, ospfExportPolicy);
    List<Statement> ospfExportStatements = ospfExportPolicy.getStatements();
    newProcess.setExportPolicy(ospfExportPolicyName);
    // policy map for default information
    if (proc.getDefaultInformationOriginate()) {
        If ospfExportDefault = new If();
        ospfExportStatements.add(ospfExportDefault);
        ospfExportDefault.setComment("OSPF export default route");
        Conjunction ospfExportDefaultConditions = new Conjunction();
        List<Statement> ospfExportDefaultStatements = ospfExportDefault.getTrueStatements();
        ospfExportDefaultConditions.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0)))))));
        long metric = proc.getDefaultInformationMetric();
        ospfExportDefaultStatements.add(new SetMetric(new LiteralLong(metric)));
        OspfMetricType metricType = proc.getDefaultInformationMetricType();
        ospfExportDefaultStatements.add(new SetOspfMetricType(metricType));
        // add default export map with metric
        String defaultOriginateMapName = proc.getDefaultInformationOriginateMap();
        boolean useAggregateDefaultOnly;
        if (defaultOriginateMapName != null) {
            int defaultOriginateMapLine = proc.getDefaultInformationOriginateMapLine();
            useAggregateDefaultOnly = true;
            RoutingPolicy ospfDefaultGenerationPolicy = c.getRoutingPolicies().get(defaultOriginateMapName);
            if (ospfDefaultGenerationPolicy == null) {
                undefined(CiscoStructureType.ROUTE_MAP, defaultOriginateMapName, CiscoStructureUsage.OSPF_DEFAULT_ORIGINATE_ROUTE_MAP, defaultOriginateMapLine);
            } else {
                RouteMap generationRouteMap = _routeMaps.get(defaultOriginateMapName);
                generationRouteMap.getReferers().put(proc, "ospf default-originate route-map");
                GeneratedRoute.Builder route = new GeneratedRoute.Builder();
                route.setNetwork(Prefix.ZERO);
                route.setAdmin(MAX_ADMINISTRATIVE_COST);
                route.setGenerationPolicy(defaultOriginateMapName);
                newProcess.getGeneratedRoutes().add(route.build());
            }
        } else if (proc.getDefaultInformationOriginateAlways()) {
            useAggregateDefaultOnly = true;
            // add generated aggregate with no precondition
            GeneratedRoute.Builder route = new GeneratedRoute.Builder();
            route.setNetwork(Prefix.ZERO);
            route.setAdmin(MAX_ADMINISTRATIVE_COST);
            newProcess.getGeneratedRoutes().add(route.build());
        } else {
            // do not generate an aggregate default route;
            // just redistribute any existing default route with the new metric
            useAggregateDefaultOnly = false;
        }
        if (useAggregateDefaultOnly) {
            ospfExportDefaultConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.AGGREGATE));
        }
        ospfExportDefaultStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportDefault.setGuard(ospfExportDefaultConditions);
    }
    // policy for redistributing connected routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rcp = proc.getRedistributionPolicies().get(RoutingProtocol.CONNECTED);
    if (rcp != null) {
        If ospfExportConnected = new If();
        ospfExportConnected.setComment("OSPF export connected routes");
        Conjunction ospfExportConnectedConditions = new Conjunction();
        ospfExportConnectedConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.CONNECTED));
        List<Statement> ospfExportConnectedStatements = ospfExportConnected.getTrueStatements();
        Long metric = rcp.getMetric();
        OspfMetricType metricType = rcp.getMetricType();
        ospfExportConnectedStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.CONNECTED);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportConnected);
        // add default export map with metric
        String exportConnectedRouteMapName = rcp.getRouteMap();
        if (exportConnectedRouteMapName != null) {
            int exportConnectedRouteMapLine = rcp.getRouteMapLine();
            RouteMap exportConnectedRouteMap = _routeMaps.get(exportConnectedRouteMapName);
            if (exportConnectedRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportConnectedRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_CONNECTED_MAP, exportConnectedRouteMapLine);
            } else {
                exportConnectedRouteMap.getReferers().put(proc, "ospf redistribute connected route-map");
                ospfExportConnectedConditions.getConjuncts().add(new CallExpr(exportConnectedRouteMapName));
            }
        }
        ospfExportConnectedStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportConnected.setGuard(ospfExportConnectedConditions);
    }
    // policy map for redistributing static routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rsp = proc.getRedistributionPolicies().get(RoutingProtocol.STATIC);
    if (rsp != null) {
        If ospfExportStatic = new If();
        ospfExportStatic.setComment("OSPF export static routes");
        Conjunction ospfExportStaticConditions = new Conjunction();
        ospfExportStaticConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
        List<Statement> ospfExportStaticStatements = ospfExportStatic.getTrueStatements();
        ospfExportStaticConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rsp.getMetric();
        OspfMetricType metricType = rsp.getMetricType();
        ospfExportStaticStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.STATIC);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportStatic);
        // add export map with metric
        String exportStaticRouteMapName = rsp.getRouteMap();
        if (exportStaticRouteMapName != null) {
            int exportStaticRouteMapLine = rsp.getRouteMapLine();
            RouteMap exportStaticRouteMap = _routeMaps.get(exportStaticRouteMapName);
            if (exportStaticRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportStaticRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_STATIC_MAP, exportStaticRouteMapLine);
            } else {
                exportStaticRouteMap.getReferers().put(proc, "ospf redistribute static route-map");
                ospfExportStaticConditions.getConjuncts().add(new CallExpr(exportStaticRouteMapName));
            }
        }
        ospfExportStaticStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportStatic.setGuard(ospfExportStaticConditions);
    }
    // policy map for redistributing bgp routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rbp = proc.getRedistributionPolicies().get(RoutingProtocol.BGP);
    if (rbp != null) {
        If ospfExportBgp = new If();
        ospfExportBgp.setComment("OSPF export bgp routes");
        Conjunction ospfExportBgpConditions = new Conjunction();
        ospfExportBgpConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
        List<Statement> ospfExportBgpStatements = ospfExportBgp.getTrueStatements();
        ospfExportBgpConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rbp.getMetric();
        OspfMetricType metricType = rbp.getMetricType();
        ospfExportBgpStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.BGP);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportBgp);
        // add export map with metric
        String exportBgpRouteMapName = rbp.getRouteMap();
        if (exportBgpRouteMapName != null) {
            int exportBgpRouteMapLine = rbp.getRouteMapLine();
            RouteMap exportBgpRouteMap = _routeMaps.get(exportBgpRouteMapName);
            if (exportBgpRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportBgpRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_BGP_MAP, exportBgpRouteMapLine);
            } else {
                exportBgpRouteMap.getReferers().put(proc, "ospf redistribute bgp route-map");
                ospfExportBgpConditions.getConjuncts().add(new CallExpr(exportBgpRouteMapName));
            }
        }
        ospfExportBgpStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportBgp.setGuard(ospfExportBgpConditions);
    }
    newProcess.setReferenceBandwidth(proc.getReferenceBandwidth());
    Ip routerId = proc.getRouterId();
    if (routerId == null) {
        Map<String, Interface> interfacesToCheck;
        Map<String, Interface> allInterfaces = oldConfig.getInterfaces();
        Map<String, Interface> loopbackInterfaces = new HashMap<>();
        for (Entry<String, Interface> e : allInterfaces.entrySet()) {
            String ifaceName = e.getKey();
            Interface iface = e.getValue();
            if (ifaceName.toLowerCase().startsWith("loopback") && iface.getActive() && iface.getAddress() != null) {
                loopbackInterfaces.put(ifaceName, iface);
            }
        }
        if (loopbackInterfaces.isEmpty()) {
            interfacesToCheck = allInterfaces;
        } else {
            interfacesToCheck = loopbackInterfaces;
        }
        Ip highestIp = Ip.ZERO;
        for (Interface iface : interfacesToCheck.values()) {
            if (!iface.getActive()) {
                continue;
            }
            for (InterfaceAddress address : iface.getAllAddresses()) {
                Ip ip = address.getIp();
                if (highestIp.asLong() < ip.asLong()) {
                    highestIp = ip;
                }
            }
        }
        if (highestIp == Ip.ZERO) {
            _w.redFlag("No candidates for OSPF router-id");
            return null;
        }
        routerId = highestIp;
    }
    newProcess.setRouterId(routerId);
    return newProcess;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SetMetric(org.batfish.datamodel.routing_policy.statement.SetMetric) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) PrefixSpace(org.batfish.datamodel.PrefixSpace) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) Not(org.batfish.datamodel.routing_policy.expr.Not) ExplicitPrefixSet(org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet) OspfMetricType(org.batfish.datamodel.OspfMetricType) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) GeneratedRoute(org.batfish.datamodel.GeneratedRoute) Map(java.util.Map) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) TreeMap(java.util.TreeMap) ImmutableMap(com.google.common.collect.ImmutableMap) SortedMap(java.util.SortedMap) HashMap(java.util.HashMap) If(org.batfish.datamodel.routing_policy.statement.If) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) SubRange(org.batfish.datamodel.SubRange) RouteFilterLine(org.batfish.datamodel.RouteFilterLine) PrefixRange(org.batfish.datamodel.PrefixRange) OspfArea(org.batfish.datamodel.OspfArea) CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) Statement(org.batfish.datamodel.routing_policy.statement.Statement) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork) RouteFilterList(org.batfish.datamodel.RouteFilterList) OspfAreaSummary(org.batfish.datamodel.OspfAreaSummary) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType)

Example 3 with Conjunction

use of org.batfish.datamodel.routing_policy.expr.Conjunction in project batfish by batfish.

the class VpnConnection method applyToVpnGateway.

public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
    if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
        warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
        return;
    }
    Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
    for (int i = 0; i < _ipsecTunnels.size(); i++) {
        int idNum = i + 1;
        String vpnId = _vpnConnectionId + "-" + idNum;
        IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
        if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
            throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
        }
        // create representation structures and add to configuration node
        IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
        vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
        IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
        vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
        ipsecVpn.setIpsecPolicy(ipsecPolicy);
        IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
        vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
        ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
        IkeGateway ikeGateway = new IkeGateway(vpnId);
        vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
        ipsecVpn.setIkeGateway(ikeGateway);
        IkePolicy ikePolicy = new IkePolicy(vpnId);
        vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
        ikeGateway.setIkePolicy(ikePolicy);
        IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
        vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
        ikePolicy.getProposals().put(vpnId, ikeProposal);
        String externalInterfaceName = "external" + idNum;
        InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
        Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
        String vpnInterfaceName = "vpn" + idNum;
        InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
        Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
        // Set fields within representation structures
        // ipsec
        ipsecVpn.setBindInterface(vpnInterface);
        ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
        ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
        ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
        ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
        ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
        // ike
        ikeGateway.setExternalInterface(externalInterface);
        ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
        ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
        if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
            ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
            ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
        }
        ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
        ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
        ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
        ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
        // bgp (if configured)
        if (ipsecTunnel.getVgwBgpAsn() != -1) {
            BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
            if (proc == null) {
                proc = new BgpProcess();
                proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
                proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
                vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
            }
            BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
            cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
            cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
            cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
            cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            cgBgpNeighbor.setSendCommunity(false);
            VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
            List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
            if (attachmentVpcIds.size() != 1) {
                throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
            }
            String vpcId = attachmentVpcIds.get(0);
            // iBGP connection to VPC
            Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
            Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
            Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
            BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
            proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
            vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
            vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vgwToVpcBgpNeighbor.setSendCommunity(true);
            // iBGP connection from VPC
            BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
            BgpProcess vpcProc = new BgpProcess();
            vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
            vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
            vpcProc.setRouterId(vpcIfaceAddress);
            vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
            vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
            vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vpcToVgwBgpNeighbor.setSendCommunity(true);
            String rpRejectAllName = "~REJECT_ALL~";
            String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
            If acceptIffEbgp = new If();
            acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
            acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
            RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
            vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
            vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
            RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
            vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
            String rpAcceptAllName = "~ACCEPT_ALL~";
            RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
            vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
            RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
            vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
            Vpc vpc = region.getVpcs().get(vpcId);
            String originationPolicyName = vpnId + "_origination";
            RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
            cgBgpNeighbor.setExportPolicy(originationPolicyName);
            If originationIf = new If();
            List<Statement> statements = originationRoutingPolicy.getStatements();
            statements.add(originationIf);
            statements.add(Statements.ExitReject.toStaticStatement());
            originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
            originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
            RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
            vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
            vpc.getCidrBlockAssociations().forEach(prefix -> {
                RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
                originationRouteFilter.addLine(matchOutgoingPrefix);
            });
            Conjunction conj = new Conjunction();
            originationIf.setGuard(conj);
            conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
            conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
        }
        // static routes (if configured)
        for (Prefix staticRoutePrefix : _routes) {
            StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
            vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
        }
    }
}
Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) Configuration(org.batfish.datamodel.Configuration) BgpProcess(org.batfish.datamodel.BgpProcess) LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin) NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) IpsecProposal(org.batfish.datamodel.IpsecProposal) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) SubRange(org.batfish.datamodel.SubRange) SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop) RouteFilterLine(org.batfish.datamodel.RouteFilterLine) IkeProposal(org.batfish.datamodel.IkeProposal) BatfishException(org.batfish.common.BatfishException) StaticRoute(org.batfish.datamodel.StaticRoute) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Statement(org.batfish.datamodel.routing_policy.statement.Statement) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork) IpsecPolicy(org.batfish.datamodel.IpsecPolicy) IkeGateway(org.batfish.datamodel.IkeGateway) RouteFilterList(org.batfish.datamodel.RouteFilterList) IkePolicy(org.batfish.datamodel.IkePolicy) If(org.batfish.datamodel.routing_policy.statement.If) Interface(org.batfish.datamodel.Interface)

Example 4 with Conjunction

use of org.batfish.datamodel.routing_policy.expr.Conjunction in project batfish by batfish.

the class Graph method getOriginatedNetworks.

/*
   * Collects and returns all originated prefixes for the given
   * router as well as the protocol. Static routes and connected
   * routes are treated as originating the prefix.
   */
public static Set<Prefix> getOriginatedNetworks(Configuration conf, Protocol proto) {
    Set<Prefix> acc = new HashSet<>();
    if (proto.isOspf()) {
        OspfProcess ospf = conf.getDefaultVrf().getOspfProcess();
        for (OspfArea area : ospf.getAreas().values()) {
            for (String ifaceName : area.getInterfaces()) {
                Interface iface = conf.getInterfaces().get(ifaceName);
                if (iface.getActive() && iface.getOspfEnabled()) {
                    acc.add(iface.getAddress().getPrefix());
                }
            }
        }
        return acc;
    }
    if (proto.isBgp()) {
        RoutingPolicy defaultPol = findCommonRoutingPolicy(conf, Protocol.BGP);
        if (defaultPol != null) {
            AstVisitor v = new AstVisitor();
            v.visit(conf, defaultPol.getStatements(), stmt -> {
            }, expr -> {
                if (expr instanceof Conjunction) {
                    Conjunction c = (Conjunction) expr;
                    if (c.getConjuncts().size() >= 2) {
                        BooleanExpr be1 = c.getConjuncts().get(0);
                        BooleanExpr be2 = c.getConjuncts().get(1);
                        if (be1 instanceof MatchPrefixSet && be2 instanceof Not) {
                            MatchPrefixSet mps = (MatchPrefixSet) be1;
                            Not n = (Not) be2;
                            if (n.getExpr() instanceof MatchProtocol) {
                                MatchProtocol mp = (MatchProtocol) n.getExpr();
                                if (mp.getProtocol() == RoutingProtocol.BGP) {
                                    PrefixSetExpr e = mps.getPrefixSet();
                                    if (e instanceof ExplicitPrefixSet) {
                                        ExplicitPrefixSet eps = (ExplicitPrefixSet) e;
                                        Set<PrefixRange> ranges = eps.getPrefixSpace().getPrefixRanges();
                                        for (PrefixRange r : ranges) {
                                            acc.add(r.getPrefix());
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            });
        }
        return acc;
    }
    if (proto.isConnected()) {
        for (Interface iface : conf.getInterfaces().values()) {
            InterfaceAddress address = iface.getAddress();
            if (address != null) {
                acc.add(address.getPrefix());
            }
        }
        return acc;
    }
    if (proto.isStatic()) {
        for (StaticRoute sr : conf.getDefaultVrf().getStaticRoutes()) {
            if (sr.getNetwork() != null) {
                acc.add(sr.getNetwork());
            }
        }
        return acc;
    }
    throw new BatfishException("ERROR: getOriginatedNetworks: " + proto.name());
}
Also used : BatfishException(org.batfish.common.BatfishException) PrefixRange(org.batfish.datamodel.PrefixRange) StaticRoute(org.batfish.datamodel.StaticRoute) OspfArea(org.batfish.datamodel.OspfArea) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) PrefixSetExpr(org.batfish.datamodel.routing_policy.expr.PrefixSetExpr) OspfProcess(org.batfish.datamodel.OspfProcess) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) Prefix(org.batfish.datamodel.Prefix) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) Not(org.batfish.datamodel.routing_policy.expr.Not) ExplicitPrefixSet(org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) Interface(org.batfish.datamodel.Interface) BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr) HashSet(java.util.HashSet)

Example 5 with Conjunction

use of org.batfish.datamodel.routing_policy.expr.Conjunction in project batfish by batfish.

the class BatfishCompressor method matchExternalTraffic.

/**
 * Create a filter that only allows traffic for those prefixes if it came from outside. EXTERNAL =
 * (protocol is bgp or ibgp) and (the AS path is not an internal path) MATCH = destination matches
 * the prefixTrie GUARD = EXTERNAL or MATCH (only allow this traffic through)
 */
@Nonnull
private BooleanExpr matchExternalTraffic() {
    List<AsPathSetElem> elements = new ArrayList<>();
    elements.add(new RegexAsPathSetElem(_internalRegex));
    ExplicitAsPathSet expr = new ExplicitAsPathSet(elements);
    MatchAsPath matchPath = new MatchAsPath(expr);
    MatchProtocol mpBgp = new MatchProtocol(RoutingProtocol.BGP);
    MatchProtocol mpIbgp = new MatchProtocol(RoutingProtocol.IBGP);
    Disjunction d = new Disjunction();
    List<BooleanExpr> disjuncts = new ArrayList<>();
    disjuncts.add(mpBgp);
    disjuncts.add(mpIbgp);
    d.setDisjuncts(disjuncts);
    Not n = new Not(matchPath);
    Conjunction c = new Conjunction();
    List<BooleanExpr> conjuncts = new ArrayList<>();
    conjuncts.add(d);
    conjuncts.add(n);
    c.setConjuncts(conjuncts);
    return c;
}
Also used : RegexAsPathSetElem(org.batfish.datamodel.routing_policy.expr.RegexAsPathSetElem) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) Not(org.batfish.datamodel.routing_policy.expr.Not) RegexAsPathSetElem(org.batfish.datamodel.routing_policy.expr.RegexAsPathSetElem) AsPathSetElem(org.batfish.datamodel.routing_policy.expr.AsPathSetElem) ExplicitAsPathSet(org.batfish.datamodel.routing_policy.expr.ExplicitAsPathSet) ArrayList(java.util.ArrayList) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) MatchAsPath(org.batfish.datamodel.routing_policy.expr.MatchAsPath) BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr) StaticBooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExprs.StaticBooleanExpr) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) Nonnull(javax.annotation.Nonnull)

Aggregations

Conjunction (org.batfish.datamodel.routing_policy.expr.Conjunction)15 RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)12 BooleanExpr (org.batfish.datamodel.routing_policy.expr.BooleanExpr)10 Not (org.batfish.datamodel.routing_policy.expr.Not)9 If (org.batfish.datamodel.routing_policy.statement.If)9 Disjunction (org.batfish.datamodel.routing_policy.expr.Disjunction)8 MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)8 MatchProtocol (org.batfish.datamodel.routing_policy.expr.MatchProtocol)8 Statement (org.batfish.datamodel.routing_policy.statement.Statement)8 BatfishException (org.batfish.common.BatfishException)7 ArrayList (java.util.ArrayList)6 CallExpr (org.batfish.datamodel.routing_policy.expr.CallExpr)6 CallStatement (org.batfish.datamodel.routing_policy.statement.CallStatement)6 Prefix (org.batfish.datamodel.Prefix)5 ConjunctionChain (org.batfish.datamodel.routing_policy.expr.ConjunctionChain)5 DestinationNetwork (org.batfish.datamodel.routing_policy.expr.DestinationNetwork)5 InterfaceAddress (org.batfish.datamodel.InterfaceAddress)4 PrefixRange (org.batfish.datamodel.PrefixRange)4 RouteFilterList (org.batfish.datamodel.RouteFilterList)4 SubRange (org.batfish.datamodel.SubRange)4