1 Proactive Network Configuration Validation with Batfish Ari Fogel

1 Proactive Network Configuration Validation with Batfish Ari Fogel Todd Millstein Luis Pedrosa Ramesh Govindan Meg Walraed-Sullivan Ratul Mahajan Jitu Padhye

Misconfigurati Misconfigurations2 are expensive ons are common

Configuration is Hard Low-Level Directives - interface-level metrics - protocol metrics - per-network policy Multiple Protocols: - BGP - IS-IS - OSPF Protocol Interactions: - Route Redistribution - Protocol Preference - Re-advertisement ospf interface int3 1 metric 1 ospf redistribute static metric 10 bgp neighbor p1 AS P Accept ALL static route 10.0.0.0/24 drop, log

Example 4 10.0.0.0/24 should be: Reachable from C Unreachable Customer n10 C c1 c2 n2 n1 N from P, n4 10.0.0.0/24 Provider n3 n4 P p1

Customer n10 10.0.0.0/24 C c1 c2 n2 n1 N n3 Provider P p1 10.0.0.0/24 should be: Reachable from C Unreachable 5 from P, n4 n4 3 interface int2 10 ip 10.0.0.1/24 4 static route 10.0.0.0/24 drop 4 ospf redistribute connected metric 105 ospf redistribute static metric 10 //----------------Configuration of n2---------------1 ospf interface int2 1 metric 1 2 ospf interface int2 3 metric 1 3 interface int2 10 ip 10.0.0.1/24 4 ospf redistribute connected metric 10 5 prefix-list PL C 10.0.0.0/24 6 bgp neighbor c1 AS C apply PL C out //----------Configuration of n3---------1 ospf interface int3 1 metric 1 2 ospf interface int3 2 metric 1 3 ospf interface int3 4 metric 1 4 static route 10.0.0.0/24 drop 5 ospf redistribute static metric 10 6 bgp neighbor p1 AS P Accept ALL

Batfish Offline 6 configuration safety checker Available Has 4 at http://www.batfish.org found real bugs in real networks stages: Configuration processing Configuration analysis Forwarding table generation Forwarding table analysis

Stage 1: Process router //----------Configuration of configurations n3---------- 7 1 ospf interface int3 1 metric 1 2 ospf interface int3 2 metric 1 3 ospf interface int3 4 metric 1 n2 4 static route 10.0.0.0/24 drop 5 ospf redistribute static metric 10 n1 N n3 n4 6 bgp neighbor p1 AS P Accept ALL Fact about OSPF interface costs OspfCost( node:n3, interface:int3 1, cost:1). Fact about topology LanNeighbors( node1:n3 interface1:int3 1, node2:n1, interface2:int1 3).

Stage 2: Analyze configurations 8 //----------Parsing---------No parsing errors //----------Basic checks---------Undefined reference to route-map ‘loch ness policy’ //----------Custom checks---------// No IP reuse IP ‘192.168.1.13’ assigned to both rtr1:int5 and rtr3:int6 // All loopback networks exported into OSPF rtr5:loopback0 neither active nor passive for any OSPF process

Stage 3: Compute forwarding tables 9 OspfExport( InstalledRoute(route { Fib( node n2, node n1, node n1, network 10.0.0.0/24, network 10.0.0.0/24, network 10.0.0.0/24, cost 10, nextHop n2 egressInterface int1 2). type ospfE2). administrativeCost 110, protocolCost 10, protocol ospfE2}).

Stage 4a: Identify forwarding violations Counterexample of multipath consistency { IngressNode n1, SrcIp 0.0.0.0, DstIp 10.0.0.2, IpProtocol 0 } 10

Stage 4b: Explain forwarding violations Counterexample packet traces ViolationTraceRoute( flow { node n1, ,dstIp 10.0.0.2 }, 1st hop:[ n1:int1 2 - n2:int2 1 ] 2nd hop:[ n2:int2 10 - n10:int10 2 ] fate accepted). ------------------------------------------------------ViolationTraceRoute( flow { node n1, ,dstIp 10.0.0.2 }, 11

New Consistency Properties Multipath – disposition consistent on all paths 10.0.0.0/24 n10 n2 n1 n3 12

New Consistency Properties 13 Multipath – disposition consistent on all paths Differential reachability – reachability unaffected by change 2.2.2.0/24 C n2 c1 c2 n1 2.2.2.0/24 3.3.3.0/24 N n3

New Consistency Properties 14 Multipath – disposition consistent on all paths Differential reachability – reachability unaffected by change Destination – at most one customer per delegated address 10.0.1.0/24 AS length 1 10.0.1.0/24 AS length 2 CA ca1 n1 N CB cb1 B b1

Implementation Support IOS, Broad 15 multiple configuration languages NX-OS, Juniper, Arista, feature support Route redistribution, OSPF internal/external, BGP communities Unified, vendor-neutral intermediate representation

Demo Simplified version of Net1 Cisco configuration files Multiple seeded bugs 16

Evaluation Two large university networks Net1 – 21 core routers Federated Each Net2 Net1 ISP1 Net2 Net1 N Core IGP,V A L V BGLPAN IGPB,GP use of BGP Net2 – 17 core routers Centrally controlled Heavy use of VLANs Single AS BGP Net2 Net1 ISPm network department is own AS Heavy 17 Net2 Net1 Dept1 communication only with ISPs Net2 Net1 Net2 Net1 Deptn

Results 18 “P.S. WRT the prefix that was dual assigned from yesterday, one of my NOC [network operations center] guys stopped by today to ask what voodoo I was using to find such things :)” [emphasis added] – email from the head of the Net1 NOC

Results Net1 Net2 19 Violation s Total Confirme Invariant Violatio d By ns Operator s Multipath 32 32(4) Diff.Reach. 16 3(2) Destinatio 55 55(6) n Multipath 11 11(3) Violations Fixed by Operators 21(3) 0(0) 1(1) 11(3)

Selected Violations (Multipath) 20 Black-hole route cost too low (equal) (Diff.Reach.) Only one interface underlying VLAN (Destination) Prefix assigned to multiple deptartments

Conclusion Take survey so we can support your network features and requirements in forthcoming versions: http://www.batfish.org/survey Send feedback/questions to: [email protected] 21