Batfish is an open-source network configuration analysis tool in active development produced jointly by researchers at University of California, Los Angeles; University of Southern California; and Microsoft Research. Though its individual modules have various applications, its primary purpose is to detect bugs in network configurations. Batfish takes as input a set of network configurations, and an environment, which consists of a set of (in)active links and a set of external BGP advertisements. Users are able to ask customized queries about the control plane using Batfish’s domain-specific query language e.g. whether all loopback addresses are being advertised into OSPF, or whether all route policies attached to eBGP neighbors apply a particular community to incoming routes. Batfish also is able to compute the convergent data plane for a network, which provides further query facilities. Given the data plane, users can employ an off-the-shelf data plane checker or use Batfish’s data-plane queries to check common properties such as reachability/black holes, loops, etc, as well as novel properties (introduced at NSDI’15) regarding equivalence of multipath routes, fault-tolerance, and unique delegation of customer address space, with more to come.
Proactive Network Configuration Validation with Batfish – NANOG (2015) Presentation
Proactive Network Configuration Validation with Batfish