Batfish is open source, visit us on Github


Batfish is a network configuration analysis tool developed jointly by researchers at Intentionet, Inc.; University of California, Los Angeles; University of Southern California; and Microsoft Research. Though its individual modules have various applications, its primary purpose is to detect bugs in network configurations.

Batfish supports a wide variety of analyses

1. Compliance and best-practices guidelines
  • Flag undefined-but-referenced or defined-but-unreferenced structures (e.g., ACLs, route maps)
  • Ensure that all interface MTUs are per the network's standard
2. Checks on data flow
  • Path (shape) between two devices is as expected (e.g., traverses a firewall, valley-free routing)
  • Number of paths between two devices is as expected (i.e., correct multi-path configuration)
3. Fault tolerance
  • End-to-end reachability is not impacted for any flow after any single-link or single-device failure
  • Traffic correctly fails over after a failure
4. Differential analysis of two sets of configurations
  • End-to-end reachability is identical across new and old configurations
  • Two configurations, potentially from different vendors, are semantically equivalent


Efficient Network Reachability Analysis Using a Succinct Control Plane Representation

Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, George Varghese

USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2016

Fast Control Plane Analysis Using an Abstract Representation

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, Ratul Mahajan


A General Approach to Network Configuration Analysis

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, Todd Millstein

USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2015