Batfish is open source, visit us on Github
Welcome!
Batfish is a network configuration analysis tool developed jointly by researchers at Intentionet, Inc.; University of California, Los Angeles; University of Southern California; and Microsoft Research. Though its individual modules have various applications, its primary purpose is to detect bugs in network configurations.
Batfish supports a wide variety of analyses
1. Compliance and best-practices guidelines
- Flag undefined-but-referenced or defined-but-unreferenced structures (e.g., ACLs, route maps)
- Ensure that all interface MTUs are per the network's standard
2. Checks on data flow
- Path (shape) between two devices is as expected (e.g., traverses a firewall, valley-free routing)
- Number of paths between two devices is as expected (i.e., correct multi-path configuration)
3. Fault tolerance
- End-to-end reachability is not impacted for any flow after any single-link or single-device failure
- Traffic correctly fails over after a failure
4. Differential analysis of two sets of configurations
- End-to-end reachability is identical across new and old configurations
- Two configurations, potentially from different vendors, are semantically equivalent
Talks
NANOG 65 : Proactive Network Configuration Validation with Batfish
Ari Fogel, Ratul Mahajan, Todd Millstein
Publications
Efficient Network Reachability Analysis Using a Succinct Control Plane Representation
Seyed K. Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, George Varghese
USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2016
Fast Control Plane Analysis Using an Abstract Representation
Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, Ratul Mahajan
ACM SIGCOMM 2016
A General Approach to Network Configuration Analysis
Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, Todd Millstein
USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2015