Batfish v0

collections/intentionet/collection.meta.yaml

@@ -0,0 +1,20 @@
+---
+id: 15
+title: Intentionet
+image: ./intentionet-batfish.png
+website: https://www.intentionet.com
+contactEmail: "[email protected]"
+
+# Why should users view your collection?
+briefDescription: Intentionet develops and maintains Batfish - an open source network configuration analysis tool (https://www.batfish.org).
+
+# Why should users continue and view your lessons?
+longDescription: |
+    The team at Intentionet created the open-source network validation solution - Batfish (https://www.batfish.org).
+
+    Batfish finds errors and guarantees the correctness of planned or current network configurations. It enables safe and rapid network evolution, without the fear of outages or security breaches.
+
+    Batfish was originally developed by researchers at Microsoft Research, UCLA, and USC. Many others have since contributed to it. It is currently maintained by Intentionet, who also offers Batfish Enterprise, a service that extends and enhances the core capabilities of Batfish.
+
+type: vendor
+tier: prod

lessons/tools/lesson-60-batfish/lesson.meta.yaml

@@ -0,0 +1,28 @@
+---
+lessonName: Network Validation with Batfish
+lessonId: 60
+category: tools
+lessonDiagram: https://github.com/batfish/pybatfish/blob/master/jupyter_notebooks/networks/example/example-network.png
+lessonVideo: https://www.youtube.com/embed/Ca7kPAtfFqo
+tier: prod
+prereqs:
+  - 22  # Python
+description: Batfish is a powerful network configuration analysis tool, that enables pre-deployment validation for network configuration changes. We'll cover the basics in this lesson.
+collection: 15
+
+slug: Batfish
+tags:
+- network automation
+- batfish
+- network validation
+
+endpoints:
+
+- name: batfish
+  image: batfish/allinone
+  additionalPorts: [9996, 9997]
+
+stages:
+  - id: 1
+    description: Getting Started with Batfish
+    jupyterLabGuide: true

lessons/tools/lesson-60-batfish/resources/networks/example-bgp/configs/as1border1.cfg

@@ -0,0 +1,190 @@
+
+!
+version 15.2
+service timestamps debug datetime msec
+service timestamps log datetime msec
+!
+hostname as1border1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+no ip icmp rate-limit unreachable
+ip cef
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name lab.local
+no ipv6 cef
+!
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!
+!
+!
+!
+!
+ip tcp synwait-time 5
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Loopback0
+ ip address 1.1.1.1 255.255.255.255
+!
+interface Ethernet0/0
+ no ip address
+ shutdown
+ duplex auto
+!
+interface GigabitEthernet0/0
+ ip address 1.0.1.1 255.255.255.0
+ media-type gbic
+ speed 1000
+ duplex full
+ negotiation auto
+!
+interface GigabitEthernet1/0
+ ip address 10.12.11.1 255.255.255.0
+ negotiation auto
+!
+router ospf 1
+ router-id 1.1.1.1
+ redistribute connected subnets
+ passive-interface Loopback0
+ network 1.0.0.0 0.255.255.255 area 1
+!
+router bgp 1
+ bgp router-id 1.1.1.1
+ bgp log-neighbor-changes
+ neighbor as1 peer-group
+ neighbor as1 remote-as 1
+ neighbor as2 peer-group
+ neighbor as2 remote-as 2
+ neighbor as3 peer-group
+ neighbor as3 remote-as 3
+ neighbor xanadu peer-group
+ neighbor xanadu remote-as 555
+ neighbor bad-ebgp peer-group
+ neighbor bad-ebgp remote-as 666
+ neighbor 1.10.1.1 peer-group as1
+ neighbor 1.10.1.1 update-source Loopback0
+ neighbor 3.2.2.2 peer-group bad-ebgp
+ neighbor 5.6.7.8 peer-group xanadu
+ neighbor 10.12.11.2 peer-group as2
+ !
+ address-family ipv4
+  bgp dampening
+  bgp additional-paths select all
+  bgp additional-paths send receive
+  network 1.0.1.0 mask 255.255.255.0
+  network 1.0.2.0 mask 255.255.255.0
+  neighbor as1 send-community
+  neighbor as1 advertise additional-paths all
+  neighbor as2 send-community
+  neighbor as2 route-map as2_to_as1 in
+  neighbor as2 route-map as1_to_as2 out
+  neighbor as3 send-community
+  neighbor as3 route-map as3_to_as1 in
+  neighbor as3 route-map as1_to_as3 out
+  neighbor 1.10.1.1 activate
+  neighbor 3.2.2.2 activate
+  neighbor 5.6.7.8 activate
+  neighbor 10.12.11.2 activate
+  maximum-paths 5
+ exit-address-family
+!
+ip forward-protocol nd
+!
+ip bgp-community new-format
+ip community-list expanded as1_community permit _1:
+ip community-list expanded as2_community permit _2:
+ip community-list expanded as3_community permit _3:
+!
+no ip http server
+no ip http secure-server
+!
+!
+ip prefix-list default_list seq 5 permit 0.0.0.0/0
+!
+ip prefix-list inbound_route_filter seq 5 deny 1.0.0.0/8 le 32
+ip prefix-list inbound_route_filter seq 10 permit 0.0.0.0/0 le 32
+access-list 101 permit ip host 1.0.1.0 host 255.255.255.0
+access-list 101 permit ip host 1.0.2.0 host 255.255.255.0
+access-list 102 permit ip host 2.0.0.0 host 255.0.0.0
+access-list 102 permit ip host 2.128.0.0 host 255.255.0.0
+access-list 103 permit ip host 3.0.1.0 host 255.255.255.0
+access-list 103 permit ip host 3.0.2.0 host 255.255.255.0
+!
+route-map as1_to_as2 permit 1
+ match ip address 101
+ set metric 50
+ set community 1:2 additive
+!
+route-map as1_to_as2 permit 3
+ match ip address 103
+ set metric 50
+ set community 1:2 additive
+!
+route-map as1_to_as2 permit 5
+ match ip address prefix-list default_list
+ set metric 50
+ set community 1:2 additive
+!
+route-map as2_to_as1 permit 100
+ match community as2_community
+ set local-preference 350
+!
+route-map as1_to_as3 permit 1
+ match ip address 101
+ set metric 50
+ set community 1:3 additive
+!
+route-map as1_to_as3 permit 2
+ match ip address 102
+ set metric 50
+ set community 1:3 additive
+!
+route-map as3_to_as1 permit 100
+ match community as3_community
+ set local-preference 350
+!
+!
+!
+control-plane
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+ stopbits 1
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+ stopbits 1
+line vty 0 4
+ login
+!
+!
+end