Batfish
An open source network configuration analysis tool
Batfish finds errors and guarantees the correctness of planned or current network configurations. It enables safe and rapid network evolution, without the fear of outages or security breaches.
Batfish was originally developed by researchers at Microsoft Research, UCLA, and USC. Many others have since contributed to it. It is currently maintained by Intentionet, who also offers Batfish Enterprise, a service that extends and enhances the core capabilities of Batfish.
Want to get your hands dirty? See our Python docs (a cheat sheet) or Ansible docs.
Got questions or feature requests? Join us on
Slack or GitHub.
Trusted by Network Engineers
Selected Community Resources
Building a Network CI/CD Pipeline Part 4
Julio Perez (@Julio_PDX)
Network analysis in multivendor network with Cisco, Arista, Cumulus
| Part 1: Setting up and Getting Started with Batfish
| Part 2: Analysing Network Configuration Consistency (Sanity check, BGP, Routes) with Batfish
Anton Karneliuk (karneliuk.com, @AntonKarneliuk)
Building a New IPAM System using Netbox and Batfish
Joel McGuire (University of Arizona, @joelmcguire0)
Centralized Route Analysis with Batfish
Rick Donato (NetworkToCode, @rickjdon)
Safe ACL Change through Model-based Analysis
Antonio Ceseracciu (eBay)
Network Configuration Analyser
Sudarshan V (CyberCX)
Batfish blogs by NetSyncrio
| Batfish – Serious Testing for Network Automation
| Batfish Part Two – Configuring and Getting Started
NetSyncrio (@NSyncrio)
Using Gitlab Runners (and Batfish) in Network Pipelines
Jorge Romero (Electronic Arts, @jgeromero)
How to build an ACL auditor with Batfish
Rick Donato (NetworkToCode, @rickjdon)
A Hands-on Guide to Multi-Tiered Firewall Changes with Ansible and Batfish
| Part 1: Introduction to Batfish and Ansible
| Part 2: How to use the Batfish Ansible modules
| Part 3: Putting it all together to analyze firewall changes
Rick Donato (@rickjdon)
Batfish Configuration Validation Testing
Nathan Winemiller (Dropbox)
Unleashing the Batfish
| Batfish - The What and Why
| Batfish - Fundamentals (Packetflow subscription required)
| Batfish - Configuration Analysis (Packetflow subscription required)
Rick Donato (@rickjdon)
Building a network CI pipeline with Gitlab, Ansible, cEOS, Robot Framework and Batfish (Signup required)
[Code]Michael Kashin (Arista, @networkop1)
ntc-soteria: An ACL auditor
NetworkToCode
NetDevOps examples
Arista Networks
Cumulus Generic Setup
Pete Crocker (Cumulus)
Network CI example
Intentionet
Batfish Dashboard
Dustin Rosarius (Presidio)
Move Fast and Don’t Break Things: Pre-Deployment Validation
Samir Parikh (Intentionet, @saparikh)
Batfish experience at Texas A&M University, so far .....
William Diegaard (Texas A&M University)
Talk at NANOG75: Using open source tools to validate network configuration
Daniel Halperin (Intentionet, @dhalperi)
Video stream: Network validation with Batfish – Network Programmability stream
Dmitry Figol (Cisco, @dmfigol)
Webinar: Validating Pre-Commit Network Configuration Changes at Scale with Batfish and Ansible
[Code]Andrius Benokraitis (RedHat, @andriusb), Ratul Mahajan (Intentionet, @ratulm), Samir Parikh (Intentionet, @saparikh)
Publications
A General Approach to Network Configuration Analysis
Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, Todd Millstein
USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2015
ddNF: An efficient data structure for header spaces
Nikolaj Bjørner and Garvit Juniwal and Ratul Mahajan and Sanjit A. Seshia and George Varghese
Haifa Verification Conference (HVC) 2016
A General Approach to Network Configuration Verification
Ryan Beckett, Aarti Gupta, Ratul Mahajan, David Walker
ACM SIGCOMM 2017
Fast Control Plane Analysis Using an Abstract Representation
Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, Ratul Mahajan
ACM SIGCOMM 2016
Efficient Network Reachability Analysis Using a Succinct Control Plane Representation
Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, George Varghese
USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2016
Automatically Repairing Network Control Planes Using an Abstract Representation
Aaron Gember-Jacobson and Aditya Akella and Ratul Mahajan and Hongqiang Harry Liu
ACM SOSP 2017