use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.
the class RoutingPolicy method call.
public Result call(Environment environment) {
for (Statement statement : _statements) {
Result result = statement.execute(environment);
if (result.getExit()) {
return result;
}
if (result.getReturn()) {
result.setReturn(false);
return result;
}
}
Result result = new Result();
result.setFallThrough(true);
result.setBooleanValue(environment.getDefaultAction());
return result;
}
use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.
the class RoutingPolicyTests method testRoutingPolicyTwoCopiesCallStatement.
/**
* Policy with two copies of same call statement - should not contain circular reference
*/
@Test
public void testRoutingPolicyTwoCopiesCallStatement() {
RoutingPolicy calledPolicy = _rpb.build();
Statement callStatement = new CallStatement(calledPolicy.getName());
_rpb.setStatements(ImmutableList.of(callStatement, callStatement)).build();
_c.computeRoutingPolicySources(_w);
// No circular reference warnings should be emitted
assertThat(_w.getRedFlagWarnings(), empty());
}
use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.
the class CiscoConfiguration method toOspfProcess.
private org.batfish.datamodel.OspfProcess toOspfProcess(OspfProcess proc, String vrfName, Configuration c, CiscoConfiguration oldConfig) {
org.batfish.datamodel.OspfProcess newProcess = new org.batfish.datamodel.OspfProcess();
org.batfish.datamodel.Vrf vrf = c.getVrfs().get(vrfName);
if (proc.getMaxMetricRouterLsa()) {
newProcess.setMaxMetricTransitLinks(OspfProcess.MAX_METRIC_ROUTER_LSA);
if (proc.getMaxMetricIncludeStub()) {
newProcess.setMaxMetricStubNetworks(OspfProcess.MAX_METRIC_ROUTER_LSA);
}
newProcess.setMaxMetricExternalNetworks(proc.getMaxMetricExternalLsa());
newProcess.setMaxMetricSummaryNetworks(proc.getMaxMetricSummaryLsa());
}
newProcess.setProcessId(proc.getName());
// establish areas and associated interfaces
Map<Long, OspfArea> areas = newProcess.getAreas();
Map<Long, ImmutableSortedSet.Builder<String>> areaInterfacesBuilders = new HashMap<>();
List<OspfNetwork> networks = new ArrayList<>();
networks.addAll(proc.getNetworks());
Collections.sort(networks, new Comparator<OspfNetwork>() {
// sort so longest prefixes are first
@Override
public int compare(OspfNetwork lhs, OspfNetwork rhs) {
int lhsPrefixLength = lhs.getPrefix().getPrefixLength();
int rhsPrefixLength = rhs.getPrefix().getPrefixLength();
// intentionally swapped
int result = Integer.compare(rhsPrefixLength, lhsPrefixLength);
if (result == 0) {
long lhsIp = lhs.getPrefix().getStartIp().asLong();
long rhsIp = rhs.getPrefix().getStartIp().asLong();
result = Long.compare(lhsIp, rhsIp);
}
return result;
}
});
// Set RFC 1583 compatibility
newProcess.setRfc1583Compatible(proc.getRfc1583Compatible());
for (Entry<String, org.batfish.datamodel.Interface> e : vrf.getInterfaces().entrySet()) {
String ifaceName = e.getKey();
org.batfish.datamodel.Interface iface = e.getValue();
InterfaceAddress interfaceAddress = iface.getAddress();
if (interfaceAddress == null) {
continue;
}
for (OspfNetwork network : networks) {
Prefix networkPrefix = network.getPrefix();
Ip networkAddress = networkPrefix.getStartIp();
Ip maskedInterfaceAddress = interfaceAddress.getIp().getNetworkAddress(networkPrefix.getPrefixLength());
if (maskedInterfaceAddress.equals(networkAddress)) {
// we have a longest prefix match
long areaNum = network.getArea();
OspfArea newArea = areas.computeIfAbsent(areaNum, OspfArea::new);
ImmutableSortedSet.Builder<String> newAreaInterfacesBuilder = areaInterfacesBuilders.computeIfAbsent(areaNum, n -> ImmutableSortedSet.naturalOrder());
newAreaInterfacesBuilder.add(ifaceName);
iface.setOspfArea(newArea);
iface.setOspfEnabled(true);
boolean passive = proc.getPassiveInterfaceList().contains(iface.getName()) || (proc.getPassiveInterfaceDefault() && !proc.getActiveInterfaceList().contains(iface.getName()));
iface.setOspfPassive(passive);
break;
}
}
areaInterfacesBuilders.forEach((areaNum, interfacesBuilder) -> areas.get(areaNum).setInterfaces(interfacesBuilder.build()));
}
// create summarization filters for inter-area routes
for (Entry<Long, Map<Prefix, OspfAreaSummary>> e1 : proc.getSummaries().entrySet()) {
long areaLong = e1.getKey();
Map<Prefix, OspfAreaSummary> summaries = e1.getValue();
OspfArea area = areas.get(areaLong);
String summaryFilterName = "~OSPF_SUMMARY_FILTER:" + vrfName + ":" + areaLong + "~";
RouteFilterList summaryFilter = new RouteFilterList(summaryFilterName);
c.getRouteFilterLists().put(summaryFilterName, summaryFilter);
if (area == null) {
area = new OspfArea(areaLong);
areas.put(areaLong, area);
}
area.setSummaryFilter(summaryFilterName);
for (Entry<Prefix, OspfAreaSummary> e2 : summaries.entrySet()) {
Prefix prefix = e2.getKey();
OspfAreaSummary summary = e2.getValue();
int prefixLength = prefix.getPrefixLength();
int filterMinPrefixLength = summary.getAdvertised() ? Math.min(Prefix.MAX_PREFIX_LENGTH, prefixLength + 1) : prefixLength;
summaryFilter.addLine(new RouteFilterLine(LineAction.REJECT, prefix, new SubRange(filterMinPrefixLength, Prefix.MAX_PREFIX_LENGTH)));
}
area.setSummaries(ImmutableSortedMap.copyOf(summaries));
summaryFilter.addLine(new RouteFilterLine(LineAction.ACCEPT, Prefix.ZERO, new SubRange(0, Prefix.MAX_PREFIX_LENGTH)));
}
String ospfExportPolicyName = "~OSPF_EXPORT_POLICY:" + vrfName + "~";
RoutingPolicy ospfExportPolicy = new RoutingPolicy(ospfExportPolicyName, c);
c.getRoutingPolicies().put(ospfExportPolicyName, ospfExportPolicy);
List<Statement> ospfExportStatements = ospfExportPolicy.getStatements();
newProcess.setExportPolicy(ospfExportPolicyName);
// policy map for default information
if (proc.getDefaultInformationOriginate()) {
If ospfExportDefault = new If();
ospfExportStatements.add(ospfExportDefault);
ospfExportDefault.setComment("OSPF export default route");
Conjunction ospfExportDefaultConditions = new Conjunction();
List<Statement> ospfExportDefaultStatements = ospfExportDefault.getTrueStatements();
ospfExportDefaultConditions.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0)))))));
long metric = proc.getDefaultInformationMetric();
ospfExportDefaultStatements.add(new SetMetric(new LiteralLong(metric)));
OspfMetricType metricType = proc.getDefaultInformationMetricType();
ospfExportDefaultStatements.add(new SetOspfMetricType(metricType));
// add default export map with metric
String defaultOriginateMapName = proc.getDefaultInformationOriginateMap();
boolean useAggregateDefaultOnly;
if (defaultOriginateMapName != null) {
int defaultOriginateMapLine = proc.getDefaultInformationOriginateMapLine();
useAggregateDefaultOnly = true;
RoutingPolicy ospfDefaultGenerationPolicy = c.getRoutingPolicies().get(defaultOriginateMapName);
if (ospfDefaultGenerationPolicy == null) {
undefined(CiscoStructureType.ROUTE_MAP, defaultOriginateMapName, CiscoStructureUsage.OSPF_DEFAULT_ORIGINATE_ROUTE_MAP, defaultOriginateMapLine);
} else {
RouteMap generationRouteMap = _routeMaps.get(defaultOriginateMapName);
generationRouteMap.getReferers().put(proc, "ospf default-originate route-map");
GeneratedRoute.Builder route = new GeneratedRoute.Builder();
route.setNetwork(Prefix.ZERO);
route.setAdmin(MAX_ADMINISTRATIVE_COST);
route.setGenerationPolicy(defaultOriginateMapName);
newProcess.getGeneratedRoutes().add(route.build());
}
} else if (proc.getDefaultInformationOriginateAlways()) {
useAggregateDefaultOnly = true;
// add generated aggregate with no precondition
GeneratedRoute.Builder route = new GeneratedRoute.Builder();
route.setNetwork(Prefix.ZERO);
route.setAdmin(MAX_ADMINISTRATIVE_COST);
newProcess.getGeneratedRoutes().add(route.build());
} else {
// do not generate an aggregate default route;
// just redistribute any existing default route with the new metric
useAggregateDefaultOnly = false;
}
if (useAggregateDefaultOnly) {
ospfExportDefaultConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.AGGREGATE));
}
ospfExportDefaultStatements.add(Statements.ExitAccept.toStaticStatement());
ospfExportDefault.setGuard(ospfExportDefaultConditions);
}
// policy for redistributing connected routes
// TODO: honor subnets option
OspfRedistributionPolicy rcp = proc.getRedistributionPolicies().get(RoutingProtocol.CONNECTED);
if (rcp != null) {
If ospfExportConnected = new If();
ospfExportConnected.setComment("OSPF export connected routes");
Conjunction ospfExportConnectedConditions = new Conjunction();
ospfExportConnectedConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.CONNECTED));
List<Statement> ospfExportConnectedStatements = ospfExportConnected.getTrueStatements();
Long metric = rcp.getMetric();
OspfMetricType metricType = rcp.getMetricType();
ospfExportConnectedStatements.add(new SetOspfMetricType(metricType));
boolean explicitMetric = metric != null;
if (!explicitMetric) {
metric = proc.getDefaultMetric(_vendor, RoutingProtocol.CONNECTED);
}
ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
ospfExportStatements.add(ospfExportConnected);
// add default export map with metric
String exportConnectedRouteMapName = rcp.getRouteMap();
if (exportConnectedRouteMapName != null) {
int exportConnectedRouteMapLine = rcp.getRouteMapLine();
RouteMap exportConnectedRouteMap = _routeMaps.get(exportConnectedRouteMapName);
if (exportConnectedRouteMap == null) {
undefined(CiscoStructureType.ROUTE_MAP, exportConnectedRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_CONNECTED_MAP, exportConnectedRouteMapLine);
} else {
exportConnectedRouteMap.getReferers().put(proc, "ospf redistribute connected route-map");
ospfExportConnectedConditions.getConjuncts().add(new CallExpr(exportConnectedRouteMapName));
}
}
ospfExportConnectedStatements.add(Statements.ExitAccept.toStaticStatement());
ospfExportConnected.setGuard(ospfExportConnectedConditions);
}
// policy map for redistributing static routes
// TODO: honor subnets option
OspfRedistributionPolicy rsp = proc.getRedistributionPolicies().get(RoutingProtocol.STATIC);
if (rsp != null) {
If ospfExportStatic = new If();
ospfExportStatic.setComment("OSPF export static routes");
Conjunction ospfExportStaticConditions = new Conjunction();
ospfExportStaticConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
List<Statement> ospfExportStaticStatements = ospfExportStatic.getTrueStatements();
ospfExportStaticConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
Long metric = rsp.getMetric();
OspfMetricType metricType = rsp.getMetricType();
ospfExportStaticStatements.add(new SetOspfMetricType(metricType));
boolean explicitMetric = metric != null;
if (!explicitMetric) {
metric = proc.getDefaultMetric(_vendor, RoutingProtocol.STATIC);
}
ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
ospfExportStatements.add(ospfExportStatic);
// add export map with metric
String exportStaticRouteMapName = rsp.getRouteMap();
if (exportStaticRouteMapName != null) {
int exportStaticRouteMapLine = rsp.getRouteMapLine();
RouteMap exportStaticRouteMap = _routeMaps.get(exportStaticRouteMapName);
if (exportStaticRouteMap == null) {
undefined(CiscoStructureType.ROUTE_MAP, exportStaticRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_STATIC_MAP, exportStaticRouteMapLine);
} else {
exportStaticRouteMap.getReferers().put(proc, "ospf redistribute static route-map");
ospfExportStaticConditions.getConjuncts().add(new CallExpr(exportStaticRouteMapName));
}
}
ospfExportStaticStatements.add(Statements.ExitAccept.toStaticStatement());
ospfExportStatic.setGuard(ospfExportStaticConditions);
}
// policy map for redistributing bgp routes
// TODO: honor subnets option
OspfRedistributionPolicy rbp = proc.getRedistributionPolicies().get(RoutingProtocol.BGP);
if (rbp != null) {
If ospfExportBgp = new If();
ospfExportBgp.setComment("OSPF export bgp routes");
Conjunction ospfExportBgpConditions = new Conjunction();
ospfExportBgpConditions.getConjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
List<Statement> ospfExportBgpStatements = ospfExportBgp.getTrueStatements();
ospfExportBgpConditions.getConjuncts().add(new Not(new MatchPrefixSet(new DestinationNetwork(), new ExplicitPrefixSet(new PrefixSpace(Collections.singleton(new PrefixRange(Prefix.ZERO, new SubRange(0, 0))))))));
Long metric = rbp.getMetric();
OspfMetricType metricType = rbp.getMetricType();
ospfExportBgpStatements.add(new SetOspfMetricType(metricType));
boolean explicitMetric = metric != null;
if (!explicitMetric) {
metric = proc.getDefaultMetric(_vendor, RoutingProtocol.BGP);
}
ospfExportStatements.add(new SetMetric(new LiteralLong(metric)));
ospfExportStatements.add(ospfExportBgp);
// add export map with metric
String exportBgpRouteMapName = rbp.getRouteMap();
if (exportBgpRouteMapName != null) {
int exportBgpRouteMapLine = rbp.getRouteMapLine();
RouteMap exportBgpRouteMap = _routeMaps.get(exportBgpRouteMapName);
if (exportBgpRouteMap == null) {
undefined(CiscoStructureType.ROUTE_MAP, exportBgpRouteMapName, CiscoStructureUsage.OSPF_REDISTRIBUTE_BGP_MAP, exportBgpRouteMapLine);
} else {
exportBgpRouteMap.getReferers().put(proc, "ospf redistribute bgp route-map");
ospfExportBgpConditions.getConjuncts().add(new CallExpr(exportBgpRouteMapName));
}
}
ospfExportBgpStatements.add(Statements.ExitAccept.toStaticStatement());
ospfExportBgp.setGuard(ospfExportBgpConditions);
}
newProcess.setReferenceBandwidth(proc.getReferenceBandwidth());
Ip routerId = proc.getRouterId();
if (routerId == null) {
Map<String, Interface> interfacesToCheck;
Map<String, Interface> allInterfaces = oldConfig.getInterfaces();
Map<String, Interface> loopbackInterfaces = new HashMap<>();
for (Entry<String, Interface> e : allInterfaces.entrySet()) {
String ifaceName = e.getKey();
Interface iface = e.getValue();
if (ifaceName.toLowerCase().startsWith("loopback") && iface.getActive() && iface.getAddress() != null) {
loopbackInterfaces.put(ifaceName, iface);
}
}
if (loopbackInterfaces.isEmpty()) {
interfacesToCheck = allInterfaces;
} else {
interfacesToCheck = loopbackInterfaces;
}
Ip highestIp = Ip.ZERO;
for (Interface iface : interfacesToCheck.values()) {
if (!iface.getActive()) {
continue;
}
for (InterfaceAddress address : iface.getAllAddresses()) {
Ip ip = address.getIp();
if (highestIp.asLong() < ip.asLong()) {
highestIp = ip;
}
}
}
if (highestIp == Ip.ZERO) {
_w.redFlag("No candidates for OSPF router-id");
return null;
}
routerId = highestIp;
}
newProcess.setRouterId(routerId);
return newProcess;
}
use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.
the class VpnConnection method applyToVpnGateway.
public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
return;
}
Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
for (int i = 0; i < _ipsecTunnels.size(); i++) {
int idNum = i + 1;
String vpnId = _vpnConnectionId + "-" + idNum;
IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
}
// create representation structures and add to configuration node
IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
ipsecVpn.setIpsecPolicy(ipsecPolicy);
IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
IkeGateway ikeGateway = new IkeGateway(vpnId);
vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
ipsecVpn.setIkeGateway(ikeGateway);
IkePolicy ikePolicy = new IkePolicy(vpnId);
vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
ikeGateway.setIkePolicy(ikePolicy);
IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
ikePolicy.getProposals().put(vpnId, ikeProposal);
String externalInterfaceName = "external" + idNum;
InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
String vpnInterfaceName = "vpn" + idNum;
InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
// Set fields within representation structures
// ipsec
ipsecVpn.setBindInterface(vpnInterface);
ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
// ike
ikeGateway.setExternalInterface(externalInterface);
ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
}
ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
// bgp (if configured)
if (ipsecTunnel.getVgwBgpAsn() != -1) {
BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
if (proc == null) {
proc = new BgpProcess();
proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
}
BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
cgBgpNeighbor.setSendCommunity(false);
VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
if (attachmentVpcIds.size() != 1) {
throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
}
String vpcId = attachmentVpcIds.get(0);
// iBGP connection to VPC
Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vgwToVpcBgpNeighbor.setSendCommunity(true);
// iBGP connection from VPC
BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
BgpProcess vpcProc = new BgpProcess();
vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpcProc.setRouterId(vpcIfaceAddress);
vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vpcToVgwBgpNeighbor.setSendCommunity(true);
String rpRejectAllName = "~REJECT_ALL~";
String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
If acceptIffEbgp = new If();
acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
String rpAcceptAllName = "~ACCEPT_ALL~";
RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
Vpc vpc = region.getVpcs().get(vpcId);
String originationPolicyName = vpnId + "_origination";
RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
cgBgpNeighbor.setExportPolicy(originationPolicyName);
If originationIf = new If();
List<Statement> statements = originationRoutingPolicy.getStatements();
statements.add(originationIf);
statements.add(Statements.ExitReject.toStaticStatement());
originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
vpc.getCidrBlockAssociations().forEach(prefix -> {
RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
originationRouteFilter.addLine(matchOutgoingPrefix);
});
Conjunction conj = new Conjunction();
originationIf.setGuard(conj);
conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
}
// static routes (if configured)
for (Prefix staticRoutePrefix : _routes) {
StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
}
}
}
use of org.batfish.datamodel.routing_policy.statement.Statement in project batfish by batfish.
the class RoutePolicySetStatement method applyTo.
@Override
public final void applyTo(List<Statement> statements, CiscoConfiguration cc, Configuration c, Warnings w) {
Statement setStatement = toSetStatement(cc, c, w);
Statement bufferedStatement = new BufferedStatement(setStatement);
If ifStatement = new If();
ifStatement.setGuard(BooleanExprs.CallExprContext.toStaticBooleanExpr());
ifStatement.setTrueStatements(Collections.singletonList(Statements.SetLocalDefaultActionAccept.toStaticStatement()));
ifStatement.setFalseStatements(Collections.singletonList(Statements.SetDefaultActionAccept.toStaticStatement()));
statements.add(bufferedStatement);
statements.add(ifStatement);
}
Aggregations