Search in sources :

Example 1 with Statement

use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.

the class RoutingPolicy method call.

public Result call(Environment environment) {
    for (Statement statement : _statements) {
        Result result = statement.execute(environment);
        if (result.getExit()) {
            return result;
        }
        if (result.getReturn()) {
            result.setReturn(false);
            return result;
        }
    }
    Result result = new Result();
    result.setFallThrough(true);
    result.setBooleanValue(environment.getDefaultAction());
    return result;
}
Also used : Statement(org.batfish.datamodel.routing_policy.statement.Statement)

Example 2 with Statement

use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.

the class RoutingPolicyTests method testRoutingPolicyTwoCopiesCallStatement.

/**
 * Policy with two copies of same call statement - should not contain circular reference
 */
@Test
public void testRoutingPolicyTwoCopiesCallStatement() {
    RoutingPolicy calledPolicy = _rpb.build();
    Statement callStatement = new CallStatement(calledPolicy.getName());
    _rpb.setStatements(ImmutableList.of(callStatement, callStatement)).build();
    _c.computeRoutingPolicySources(_w);
    // No circular reference warnings should be emitted
    assertThat(_w.getRedFlagWarnings(), empty());
}
Also used : CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) BufferedStatement(org.batfish.datamodel.routing_policy.statement.BufferedStatement) Statement(org.batfish.datamodel.routing_policy.statement.Statement) CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) Test(org.junit.Test)

Example 3 with Statement

use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.

the class CiscoConfiguration method toOspfProcess.

private org.batfish.datamodel.OspfProcess toOspfProcess(OspfProcess proc, String vrfName, Configuration c, CiscoConfiguration oldConfig) {
    org.batfish.datamodel.OspfProcess newProcess = new org.batfish.datamodel.OspfProcess();
    org.batfish.datamodel.Vrf vrf = c.getVrfs().get(vrfName);
    if (proc.getMaxMetricRouterLsa()) {
        newProcess.setMaxMetricTransitLinks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        if (proc.getMaxMetricIncludeStub()) {
            newProcess.setMaxMetricStubNetworks(OspfProcess.MAX_METRIC_ROUTER_LSA);
        }
        newProcess.setMaxMetricExternalNetworks(proc.getMaxMetricExternalLsa());
        newProcess.setMaxMetricSummaryNetworks(proc.getMaxMetricSummaryLsa());
    }
    newProcess.setProcessId(proc.getName());
    // establish areas and associated interfaces
    Map<Long, OspfArea> areas = newProcess.getAreas();
    Map<Long, ImmutableSortedSet.Builder<String>> areaInterfacesBuilders = new HashMap<>();
    List<OspfNetwork> networks = new ArrayList<>();
    networks.addAll(proc.getNetworks());
    Collections.sort(networks, new Comparator<OspfNetwork>() {

        // sort so longest prefixes are first
        @Override
        public int compare(OspfNetwork lhs, OspfNetwork rhs) {
            int lhsPrefixLength = lhs.getPrefix().getPrefixLength();
            int rhsPrefixLength = rhs.getPrefix().getPrefixLength();
            // intentionally swapped
            int result = Integer.compare(rhsPrefixLength, lhsPrefixLength);
            if (result == 0) {
                long lhsIp = lhs.getPrefix().getStartIp().asLong();
                long rhsIp = rhs.getPrefix().getStartIp().asLong();
                result = Long.compare(lhsIp, rhsIp);
            }
            return result;
        }
    });
    // Set RFC 1583 compatibility
    newProcess.setRfc1583Compatible(proc.getRfc1583Compatible());
    for (Entry<String, org.batfish.datamodel.Interface> e : vrf.getInterfaces().entrySet()) {
        String ifaceName = e.getKey();
        org.batfish.datamodel.Interface iface = e.getValue();
        InterfaceAddress interfaceAddress = iface.getAddress();
        if (interfaceAddress == null) {
            continue;
        }
        for (OspfNetwork network : networks) {
            Prefix networkPrefix = network.getPrefix();
            Ip networkAddress = networkPrefix.getStartIp();
            Ip maskedInterfaceAddress = interfaceAddress.getIp().getNetworkAddress(networkPrefix.getPrefixLength());
            if (maskedInterfaceAddress.equals(networkAddress)) {
                // we have a longest prefix match
                long areaNum = network.getArea();
                OspfArea newArea = areas.computeIfAbsent(areaNum, OspfArea::new);
                ImmutableSortedSet.Builder<String> newAreaInterfacesBuilder = areaInterfacesBuilders.computeIfAbsent(areaNum, n -> ImmutableSortedSet.naturalOrder());
                newAreaInterfacesBuilder.add(ifaceName);
                iface.setOspfArea(newArea);
                iface.setOspfEnabled(true);
                boolean passive = proc.getPassiveInterfaceList().contains(iface.getName()) || (proc.getPassiveInterfaceDefault() && !proc.getActiveInterfaceList().contains(iface.getName()));
                iface.setOspfPassive(passive);
                break;
            }
        }
        areaInterfacesBuilders.forEach((areaNum, interfacesBuilder) -> areas.get(areaNum).setInterfaces(interfacesBuilder.build()));
    }
    // create summarization filters for inter-area routes
    for (Entry<Long, Map<Prefix, OspfAreaSummary>> e1 : proc.getSummaries().entrySet()) {
        long areaLong = e1.getKey();
        Map<Prefix, OspfAreaSummary> summaries = e1.getValue();
        OspfArea area = areas.get(areaLong);
        String summaryFilterName = "~OSPF_SUMMARY_FILTER:" + vrfName + ":" + areaLong + "~";
        RouteFilterList summaryFilter = new RouteFilterList(summaryFilterName);
        c.getRouteFilterLists().put(summaryFilterName, summaryFilter);
        if (area == null) {
            area = new OspfArea(areaLong);
            areas.put(areaLong, area);
        }
        area.setSummaryFilter(summaryFilterName);
        for (Entry<Prefix, OspfAreaSummary> e2 : summaries.entrySet()) {
            Prefix prefix = e2.getKey();
            OspfAreaSummary summary = e2.getValue();
            int prefixLength = prefix.getPrefixLength();
            int filterMinPrefixLength = summary.getAdvertised() ? Math.min(Prefix.MAX_PREFIX_LENGTH, prefixLength + 1) : prefixLength;
            summaryFilter.addLine(new RouteFilterLine(LineAction.REJECT, prefix, new SubRange(filterMinPrefixLength, Prefix.MAX_PREFIX_LENGTH)));
        }
        area.setSummaries(ImmutableSortedMap.copyOf(summaries));
        summaryFilter.addLine(new RouteFilterLine(LineAction.ACCEPT, Prefix.ZERO, new SubRange(0, Prefix.MAX_PREFIX_LENGTH)));
    }
    String ospfExportPolicyName = "~OSPF_EXPORT_POLICY:" + vrfName + "~";
    RoutingPolicy ospfExportPolicy = new RoutingPolicy(ospfExportPolicyName, c);
    c.getRoutingPolicies().put(ospfExportPolicyName, ospfExportPolicy);
    List<Statement> ospfExportStatements = ospfExportPolicy.getStatements();
    newProcess.setExportPolicy(ospfExportPolicyName);
    // policy map for default information
    if (proc.getDefaultInformationOriginate()) {
        If ospfExportDefault = new If();
        ospfExportStatements.add(ospfExportDefault);
        ospfExportDefault.setComment("OSPF export default route");
        Conjunction ospfExportDefaultConditions = new Conjunction();
        List<Statement> ospfExportDefaultStatements = ospfExportDefault.getTrueStatements();
        ospfExportDefaultConditions.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0)))))));
        long metric = proc.getDefaultInformationMetric();
        ospfExportDefaultStatements.add(new SetMetric(new LiteralLong(metric)));
        OspfMetricType metricType = proc.getDefaultInformationMetricType();
        ospfExportDefaultStatements.add(new SetOspfMetricType(metricType));
        // add default export map with metric
        String defaultOriginateMapName = proc.getDefaultInformationOriginateMap();
        boolean useAggregateDefaultOnly;
        if (defaultOriginateMapName != null) {
            int defaultOriginateMapLine = proc.getDefaultInformationOriginateMapLine();
            useAggregateDefaultOnly = true;
            RoutingPolicy ospfDefaultGenerationPolicy = c.getRoutingPolicies().get(defaultOriginateMapName);
            if (ospfDefaultGenerationPolicy == null) {
                undefined(CiscoStructureType.ROUTE_MAP, defaultOriginateMapName, CiscoStructureUsage.OSPF_DEFAULT_ORIGINATE_ROUTE_MAP, defaultOriginateMapLine);
            } else {
                RouteMap generationRouteMap = _routeMaps.get(defaultOriginateMapName);
                generationRouteMap.getReferers().put(proc, "ospf default-originate route-map");
                GeneratedRoute.Builder route = new GeneratedRoute.Builder();
                route.setNetwork(Prefix.ZERO);
                route.setAdmin(MAX_ADMINISTRATIVE_COST);
                route.setGenerationPolicy(defaultOriginateMapName);
                newProcess.getGeneratedRoutes().add(route.build());
            }
        } else if (proc.getDefaultInformationOriginateAlways()) {
            useAggregateDefaultOnly = true;
            // add generated aggregate with no precondition
            GeneratedRoute.Builder route = new GeneratedRoute.Builder();
            route.setNetwork(Prefix.ZERO);
            route.setAdmin(MAX_ADMINISTRATIVE_COST);
            newProcess.getGeneratedRoutes().add(route.build());
        } else {
            // do not generate an aggregate default route;
            // just redistribute any existing default route with the new metric
            useAggregateDefaultOnly = false;
        }
        if (useAggregateDefaultOnly) {
            ospfExportDefaultConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.AGGREGATE));
        }
        ospfExportDefaultStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportDefault.setGuard(ospfExportDefaultConditions);
    }
    // policy for redistributing connected routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rcp = proc.getRedistributionPolicies().get(RoutingProtocol.CONNECTED);
    if (rcp != null) {
        If ospfExportConnected = new If();
        ospfExportConnected.setComment("OSPF export connected routes");
        Conjunction ospfExportConnectedConditions = new Conjunction();
        ospfExportConnectedConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.CONNECTED));
        List<Statement> ospfExportConnectedStatements = ospfExportConnected.getTrueStatements();
        Long metric = rcp.getMetric();
        OspfMetricType metricType = rcp.getMetricType();
        ospfExportConnectedStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.CONNECTED);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportConnected);
        // add default export map with metric
        String exportConnectedRouteMapName = rcp.getRouteMap();
        if (exportConnectedRouteMapName != null) {
            int exportConnectedRouteMapLine = rcp.getRouteMapLine();
            RouteMap exportConnectedRouteMap = _routeMaps.get(exportConnectedRouteMapName);
            if (exportConnectedRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportConnectedRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_CONNECTED_MAP, exportConnectedRouteMapLine);
            } else {
                exportConnectedRouteMap.getReferers().put(proc, "ospf redistribute connected route-map");
                ospfExportConnectedConditions.getConjuncts().add(new CallExpr(exportConnectedRouteMapName));
            }
        }
        ospfExportConnectedStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportConnected.setGuard(ospfExportConnectedConditions);
    }
    // policy map for redistributing static routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rsp = proc.getRedistributionPolicies().get(RoutingProtocol.STATIC);
    if (rsp != null) {
        If ospfExportStatic = new If();
        ospfExportStatic.setComment("OSPF export static routes");
        Conjunction ospfExportStaticConditions = new Conjunction();
        ospfExportStaticConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
        List<Statement> ospfExportStaticStatements = ospfExportStatic.getTrueStatements();
        ospfExportStaticConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rsp.getMetric();
        OspfMetricType metricType = rsp.getMetricType();
        ospfExportStaticStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.STATIC);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportStatic);
        // add export map with metric
        String exportStaticRouteMapName = rsp.getRouteMap();
        if (exportStaticRouteMapName != null) {
            int exportStaticRouteMapLine = rsp.getRouteMapLine();
            RouteMap exportStaticRouteMap = _routeMaps.get(exportStaticRouteMapName);
            if (exportStaticRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportStaticRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_STATIC_MAP, exportStaticRouteMapLine);
            } else {
                exportStaticRouteMap.getReferers().put(proc, "ospf redistribute static route-map");
                ospfExportStaticConditions.getConjuncts().add(new CallExpr(exportStaticRouteMapName));
            }
        }
        ospfExportStaticStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportStatic.setGuard(ospfExportStaticConditions);
    }
    // policy map for redistributing bgp routes
    // TODO: honor subnets option
    OspfRedistributionPolicy rbp = proc.getRedistributionPolicies().get(RoutingProtocol.BGP);
    if (rbp != null) {
        If ospfExportBgp = new If();
        ospfExportBgp.setComment("OSPF export bgp routes");
        Conjunction ospfExportBgpConditions = new Conjunction();
        ospfExportBgpConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
        List<Statement> ospfExportBgpStatements = ospfExportBgp.getTrueStatements();
        ospfExportBgpConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
        Long metric = rbp.getMetric();
        OspfMetricType metricType = rbp.getMetricType();
        ospfExportBgpStatements.add(new SetOspfMetricType(metricType));
        boolean explicitMetric = metric != null;
        if (!explicitMetric) {
            metric = proc.getDefaultMetric(_vendor, RoutingProtocol.BGP);
        }
        ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
        ospfExportStatements.add(ospfExportBgp);
        // add export map with metric
        String exportBgpRouteMapName = rbp.getRouteMap();
        if (exportBgpRouteMapName != null) {
            int exportBgpRouteMapLine = rbp.getRouteMapLine();
            RouteMap exportBgpRouteMap = _routeMaps.get(exportBgpRouteMapName);
            if (exportBgpRouteMap == null) {
                undefined(CiscoStructureType.ROUTE_MAP, exportBgpRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_BGP_MAP, exportBgpRouteMapLine);
            } else {
                exportBgpRouteMap.getReferers().put(proc, "ospf redistribute bgp route-map");
                ospfExportBgpConditions.getConjuncts().add(new CallExpr(exportBgpRouteMapName));
            }
        }
        ospfExportBgpStatements.add(Statements.ExitAccept.toStaticStatement());
        ospfExportBgp.setGuard(ospfExportBgpConditions);
    }
    newProcess.setReferenceBandwidth(proc.getReferenceBandwidth());
    Ip routerId = proc.getRouterId();
    if (routerId == null) {
        Map<String, Interface> interfacesToCheck;
        Map<String, Interface> allInterfaces = oldConfig.getInterfaces();
        Map<String, Interface> loopbackInterfaces = new HashMap<>();
        for (Entry<String, Interface> e : allInterfaces.entrySet()) {
            String ifaceName = e.getKey();
            Interface iface = e.getValue();
            if (ifaceName.toLowerCase().startsWith("loopback") && iface.getActive() && iface.getAddress() != null) {
                loopbackInterfaces.put(ifaceName, iface);
            }
        }
        if (loopbackInterfaces.isEmpty()) {
            interfacesToCheck = allInterfaces;
        } else {
            interfacesToCheck = loopbackInterfaces;
        }
        Ip highestIp = Ip.ZERO;
        for (Interface iface : interfacesToCheck.values()) {
            if (!iface.getActive()) {
                continue;
            }
            for (InterfaceAddress address : iface.getAllAddresses()) {
                Ip ip = address.getIp();
                if (highestIp.asLong() < ip.asLong()) {
                    highestIp = ip;
                }
            }
        }
        if (highestIp == Ip.ZERO) {
            _w.redFlag("No candidates for OSPF router-id");
            return null;
        }
        routerId = highestIp;
    }
    newProcess.setRouterId(routerId);
    return newProcess;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SetMetric(org.batfish.datamodel.routing_policy.statement.SetMetric) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) PrefixSpace(org.batfish.datamodel.PrefixSpace) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) Not(org.batfish.datamodel.routing_policy.expr.Not) ExplicitPrefixSet(org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet) OspfMetricType(org.batfish.datamodel.OspfMetricType) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) GeneratedRoute(org.batfish.datamodel.GeneratedRoute) Map(java.util.Map) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) TreeMap(java.util.TreeMap) ImmutableMap(com.google.common.collect.ImmutableMap) SortedMap(java.util.SortedMap) HashMap(java.util.HashMap) If(org.batfish.datamodel.routing_policy.statement.If) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) SubRange(org.batfish.datamodel.SubRange) RouteFilterLine(org.batfish.datamodel.RouteFilterLine) PrefixRange(org.batfish.datamodel.PrefixRange) OspfArea(org.batfish.datamodel.OspfArea) CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) Statement(org.batfish.datamodel.routing_policy.statement.Statement) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork) RouteFilterList(org.batfish.datamodel.RouteFilterList) OspfAreaSummary(org.batfish.datamodel.OspfAreaSummary) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType)

Example 4 with Statement

use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.

the class VpnConnection method applyToVpnGateway.

public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
    if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
        warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
        return;
    }
    Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
    for (int i = 0; i < _ipsecTunnels.size(); i++) {
        int idNum = i + 1;
        String vpnId = _vpnConnectionId + "-" + idNum;
        IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
        if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
            throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
        }
        // create representation structures and add to configuration node
        IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
        vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
        IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
        vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
        ipsecVpn.setIpsecPolicy(ipsecPolicy);
        IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
        vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
        ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
        IkeGateway ikeGateway = new IkeGateway(vpnId);
        vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
        ipsecVpn.setIkeGateway(ikeGateway);
        IkePolicy ikePolicy = new IkePolicy(vpnId);
        vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
        ikeGateway.setIkePolicy(ikePolicy);
        IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
        vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
        ikePolicy.getProposals().put(vpnId, ikeProposal);
        String externalInterfaceName = "external" + idNum;
        InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
        Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
        String vpnInterfaceName = "vpn" + idNum;
        InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
        Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
        // Set fields within representation structures
        // ipsec
        ipsecVpn.setBindInterface(vpnInterface);
        ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
        ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
        ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
        ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
        ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
        // ike
        ikeGateway.setExternalInterface(externalInterface);
        ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
        ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
        if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
            ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
            ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
        }
        ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
        ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
        ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
        ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
        // bgp (if configured)
        if (ipsecTunnel.getVgwBgpAsn() != -1) {
            BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
            if (proc == null) {
                proc = new BgpProcess();
                proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
                proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
                vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
            }
            BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
            cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
            cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
            cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
            cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            cgBgpNeighbor.setSendCommunity(false);
            VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
            List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
            if (attachmentVpcIds.size() != 1) {
                throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
            }
            String vpcId = attachmentVpcIds.get(0);
            // iBGP connection to VPC
            Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
            Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
            Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
            BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
            proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
            vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
            vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vgwToVpcBgpNeighbor.setSendCommunity(true);
            // iBGP connection from VPC
            BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
            BgpProcess vpcProc = new BgpProcess();
            vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
            vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
            vpcProc.setRouterId(vpcIfaceAddress);
            vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
            vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
            vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
            vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
            vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
            vpcToVgwBgpNeighbor.setSendCommunity(true);
            String rpRejectAllName = "~REJECT_ALL~";
            String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
            If acceptIffEbgp = new If();
            acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
            acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
            RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
            vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
            vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
            RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
            vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
            String rpAcceptAllName = "~ACCEPT_ALL~";
            RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
            vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
            vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
            RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
            vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
            vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
            Vpc vpc = region.getVpcs().get(vpcId);
            String originationPolicyName = vpnId + "_origination";
            RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
            vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
            cgBgpNeighbor.setExportPolicy(originationPolicyName);
            If originationIf = new If();
            List<Statement> statements = originationRoutingPolicy.getStatements();
            statements.add(originationIf);
            statements.add(Statements.ExitReject.toStaticStatement());
            originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
            originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
            RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
            vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
            vpc.getCidrBlockAssociations().forEach(prefix -> {
                RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
                originationRouteFilter.addLine(matchOutgoingPrefix);
            });
            Conjunction conj = new Conjunction();
            originationIf.setGuard(conj);
            conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
            conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
        }
        // static routes (if configured)
        for (Prefix staticRoutePrefix : _routes) {
            StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
            vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
        }
    }
}
Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) Configuration(org.batfish.datamodel.Configuration) BgpProcess(org.batfish.datamodel.BgpProcess) LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin) NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) IpsecProposal(org.batfish.datamodel.IpsecProposal) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) SubRange(org.batfish.datamodel.SubRange) SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop) RouteFilterLine(org.batfish.datamodel.RouteFilterLine) IkeProposal(org.batfish.datamodel.IkeProposal) BatfishException(org.batfish.common.BatfishException) StaticRoute(org.batfish.datamodel.StaticRoute) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Statement(org.batfish.datamodel.routing_policy.statement.Statement) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork) IpsecPolicy(org.batfish.datamodel.IpsecPolicy) IkeGateway(org.batfish.datamodel.IkeGateway) RouteFilterList(org.batfish.datamodel.RouteFilterList) IkePolicy(org.batfish.datamodel.IkePolicy) If(org.batfish.datamodel.routing_policy.statement.If) Interface(org.batfish.datamodel.Interface)

Example 5 with Statement

use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.

the class RoutePolicySetStatement method applyTo.

@Override
public final void applyTo(List<Statement> statements, CiscoConfiguration cc, Configuration c, Warnings w) {
    Statement setStatement = toSetStatement(cc, c, w);
    Statement bufferedStatement = new BufferedStatement(setStatement);
    If ifStatement = new If();
    ifStatement.setGuard(BooleanExprs.CallExprContext.toStaticBooleanExpr());
    ifStatement.setTrueStatements(Collections.singletonList(Statements.SetLocalDefaultActionAccept.toStaticStatement()));
    ifStatement.setFalseStatements(Collections.singletonList(Statements.SetDefaultActionAccept.toStaticStatement()));
    statements.add(bufferedStatement);
    statements.add(ifStatement);
}
Also used : BufferedStatement(org.batfish.datamodel.routing_policy.statement.BufferedStatement) BufferedStatement(org.batfish.datamodel.routing_policy.statement.BufferedStatement) Statement(org.batfish.datamodel.routing_policy.statement.Statement) If(org.batfish.datamodel.routing_policy.statement.If)

Aggregations

Statement (org.batfish.datamodel.routing_policy.statement.Statement)22 If (org.batfish.datamodel.routing_policy.statement.If)16 RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)13 Conjunction (org.batfish.datamodel.routing_policy.expr.Conjunction)9 MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)8 CallStatement (org.batfish.datamodel.routing_policy.statement.CallStatement)8 Prefix (org.batfish.datamodel.Prefix)7 ArrayList (java.util.ArrayList)6 BatfishException (org.batfish.common.BatfishException)6 BooleanExpr (org.batfish.datamodel.routing_policy.expr.BooleanExpr)6 DestinationNetwork (org.batfish.datamodel.routing_policy.expr.DestinationNetwork)6 MatchProtocol (org.batfish.datamodel.routing_policy.expr.MatchProtocol)6 HashMap (java.util.HashMap)5 RouteFilterList (org.batfish.datamodel.RouteFilterList)5 SubRange (org.batfish.datamodel.SubRange)5 Disjunction (org.batfish.datamodel.routing_policy.expr.Disjunction)5 ExplicitPrefixSet (org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet)5 NamedPrefixSet (org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)5 RouteFilterLine (org.batfish.datamodel.RouteFilterLine)4 CallExpr (org.batfish.datamodel.routing_policy.expr.CallExpr)4