Batfish 2020-01-10

Release notes

Noteworthy new features and improvements in this release include:

Cumulus

This release brings major improvements to Cumulus based on user feedback, new reference configs from Pete Crocker (@petercrocker), and the labs from Dinesh Dutt's (@ddutt) new book on Cloud Native Data Center Networking. The changes focus on BGP, OSPF, and VXLAN/EVPN. We would like to thank users @kaminek and @raveranj, as well as Pete and Dinesh.

• support BGP "set community additive". (#5327, contributed by @raveranj!)
• better support for VXLAN and EVPN. (#5262,#5293)
• parsing gaps in Pete Crocker's configs. (#5347)
• many improvements for OSPF. (#5295,#5297)
• various improvements to parsing properties of interface, BGP configuration, and routes. (#5167, #5186, #5184, and many more)

Arista

This release includes a rewritten BGP parser for Arista devices. The new parser is more accurate, supports the new Arista syntax in versions 4.23+, and brings specific improvements to VXLAN/EVPN integration.

• new Arista-specific BGP parser. Users can try the old parser by supplying the noaristabgp debug flag during snapshot creation (Pybatfish: extra_args={"debugflags": "noaristabgp"}). (#5172, #5174, #5376 and more)
• improve support for VXLAN/EVPN. (#5178, #5180, #5268, #5365, #5366, #5367)

VXLAN/EVPN

Batfish now better models L2 and L3 VNIs separately, with support in Cumulus and Arista. Configuration properties can be examined with vxlanVniProperties (L2 VNIs) and evpnL3VniProperties (L3 VNIs). (#5256 and more)

AWS

We've made major improvements to AWS including new support for VPC peering and transit gateways, more features in security-groups, ISP modeling, and more. (#5173, #5168, #5171, and many more)

And more

We have improved the output or semantics to many questions:

• bgpSessionCompatibility and bgpSessionStatus questions now both report the negotiated address families for each session. (#5213,#5214)
• Questions that produce the trace of a flow through the network, such as traceroute and reachability, now include much more information about the steps of the forwarding pipeline. For example, MatchSessionStep now reports the conditions for matching the session in a return flow and the packet transformations applied on the reverse path. (#5229, #5237, #5240, and more)
• differentialReachability now only considers flows starting at locations present and active in both snapshots. (#5236)

As always, our open source users have contributed reports that have led to many small distributed improvements:

• Cisco IOS: add prefixes for some less common interfaces. (#5264, thanks @ancker on Slack!)
• Ruckus ICX: though not supported, these files are now recognized and skipped. (#5257, thanks @ancker!)
• Cisco ASA: support for firewall sessions and examining reverse traffic. (#5331, thanks @eidorb!)
• Cisco ASA: prevent a crash when parsing built-in service objects. (#5225, thanks @eidorb!)
• Palo Alto Networks: interpret application any with service application-default as match all. (#5310, thanks @3kn on Slack!)
• Palo Alto Networks: handle multiline tokens better during flattening. (#5292, thanks @3kn!)
• Palo Alto Networks: Support quoted values containing quotes. (#5273, thanks @3kn!)
• Batfish host modeling: interfaces can now be specified in a list instead of a map to eliminate inconsistent data. (#5291, thanks @raveranj!)

And we have improved ISP modeling:

• Batfish ISPs: users can now supply custom names for each ISP instead of the default isp_<ASN>. (#5280)

Breaking changes:

• We have dropped the HeaderConstraint parameter flowStates (firewallClassifications in Pybatfish). This functionality was not used and has been subsumed by the firewall sessions used in bidirectional path questions such as bidirectionalTraceroute.
• Now that Python 2.x is officially end-of-life, Pybatfish no longer works in Python 2.

Installation

To upgrade your local Docker image, run docker pull batfish/allinone then follow the standard instructions to get started.