Want to get your hands dirty? Head over to GitHub.
Got questions or feature requests? Join us on Slack.

Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve the network, without fear of outages or security breaches.

Batfish was originally developed jointly by researchers at Microsoft Research, the University of California, Los Angeles, and the University of Southern California. Many others have since contributed to it.

Batfish is currently maintained by and also offered as a supported service by Intentionet.

Latest Comic

Tutorials

Getting Started with Batfish

Validating Configuration Settings with Batfish

Analyzing Routing Tables with Batfish

Analyzing ACLs and Firewall Rules

Provably Safe ACL and Firewall Changes

Introduction to Forwarding Analysis

Introduction to Forwarding Change Validation

Analyzing the Impact of Failures (and letting loose a Chaos Monkey)

Selected Community Resources

Talk at NANOG75: Using open source tools to validate network configuration

Daniel Halperin (@dhalperi)

Webinar: Validating Pre-Commit Network Configuration Changes at Scale with Batfish and Ansible

 [Code]

Andrius Benokraitis (RedHat, @andriusb), Ratul Mahajan (@ratulm), Samir Parikh (@saparikh)

Blog: Building a network CI pipeline with Gitlab, Ansible, cEOS, Robot Framework and Batfish (Signup required)

 [Code]

Michael Kashin (Arista, @networkop1)

Tech article: Batfish introduction (In Russian)

 [Code]

Dmitry Shaurov (Megafon, @DmitryShaurov)

Blog: Introduction of tool "Batfish" which can read various configurations of network equipment and can perform various verification such as routing (In Japanese)

Yokochi (@akira6592 )

Blog: Batfish introduction

Ruari Carrol (Twitter, @rucarrol)

Papers that describe the technology

A General Approach to Network Configuration Analysis

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, Todd Millstein

USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2015

ddNF: An efficient data structure for header spaces

Nikolaj Bjørner and Garvit Juniwal and Ratul Mahajan and Sanjit A. Seshia and George Varghese

Haifa Verification Conference (HVC) 2016

A General Approach to Network Configuration Verification

Ryan Beckett, Aarti Gupta, Ratul Mahajan, David Walker

ACM SIGCOMM 2017

Control Plane Compression

Ryan Beckett, Aarti Gupta, Ratul Mahajan, David Walker

ACM SIGCOMM 2018

Papers that build on Batfish

Fast Control Plane Analysis Using an Abstract Representation

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, Ratul Mahajan

ACM SIGCOMM 2016

Efficient Network Reachability Analysis Using a Succinct Control Plane Representation

Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, George Varghese

USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2016

Automatically Repairing Network Control Planes Using an Abstract Representation

Aaron Gember-Jacobson and Aditya Akella and Ratul Mahajan and Hongqiang Harry Liu

ACM SOSP 2017

Development of Batfish benefits from the use of the Java profiler JProfiler.