Batfish 2020-01-10
Release notes
Noteworthy new features and improvements in this release include:
Cumulus
This release brings major improvements to Cumulus based on user feedback, new reference configs from Pete Crocker (@petercrocker), and the labs from Dinesh Dutt's (@ddutt) new book on Cloud Native Data Center Networking. The changes focus on BGP, OSPF, and VXLAN/EVPN. We would like to thank users @kaminek and @raveranj, as well as Pete and Dinesh.
- support BGP "set community additive". (#5327, contributed by @raveranj!)
- better support for VXLAN and EVPN. (#5262,#5293)
- parsing gaps in Pete Crocker's configs. (#5347)
- many improvements for OSPF. (#5295,#5297)
- various improvements to parsing properties of interface, BGP configuration, and routes. (#5167, #5186, #5184, and many more)
Arista
This release includes a rewritten BGP parser for Arista devices. The new parser is more accurate, supports the new Arista syntax in versions 4.23+, and brings specific improvements to VXLAN/EVPN integration.
- new Arista-specific BGP parser. Users can try the old parser by supplying the
noaristabgp
debug flag during snapshot creation (Pybatfish:extra_args={"debugflags": "noaristabgp"}
). (#5172, #5174, #5376 and more) - improve support for VXLAN/EVPN. (#5178, #5180, #5268, #5365, #5366, #5367)
VXLAN/EVPN
Batfish now better models L2 and L3 VNIs separately, with support in Cumulus and Arista. Configuration properties can be examined with vxlanVniProperties
(L2 VNIs) and evpnL3VniProperties
(L3 VNIs). (#5256 and more)
AWS
We've made major improvements to AWS including new support for VPC peering and transit gateways, more features in security-groups, ISP modeling, and more. (#5173, #5168, #5171, and many more)
And more
We have improved the output or semantics to many questions:
bgpSessionCompatibility
andbgpSessionStatus
questions now both report the negotiated address families for each session. (#5213,#5214)- Questions that produce the trace of a flow through the network, such as
traceroute
andreachability
, now include much more information about the steps of the forwarding pipeline. For example,MatchSessionStep
now reports the conditions for matching the session in a return flow and the packet transformations applied on the reverse path. (#5229, #5237, #5240, and more) differentialReachability
now only considers flows starting at locations present and active in both snapshots. (#5236)
As always, our open source users have contributed reports that have led to many small distributed improvements:
- Cisco IOS: add prefixes for some less common interfaces. (#5264, thanks
@ancker
on Slack!) - Ruckus ICX: though not supported, these files are now recognized and skipped. (#5257, thanks
@ancker
!) - Cisco ASA: support for firewall sessions and examining reverse traffic. (#5331, thanks @eidorb!)
- Cisco ASA: prevent a crash when parsing built-in service objects. (#5225, thanks @eidorb!)
- Palo Alto Networks: interpret
application any
withservice application-default
as match all. (#5310, thanks@3kn
on Slack!) - Palo Alto Networks: handle multiline tokens better during flattening. (#5292, thanks
@3kn
!) - Palo Alto Networks: Support quoted values containing quotes. (#5273, thanks
@3kn
!) - Batfish host modeling: interfaces can now be specified in a list instead of a map to eliminate inconsistent data. (#5291, thanks @raveranj!)
And we have improved ISP modeling:
- Batfish ISPs: users can now supply custom names for each ISP instead of the default
isp_<ASN>
. (#5280)
Breaking changes:
- We have dropped the
HeaderConstraint
parameterflowStates
(firewallClassifications
in Pybatfish). This functionality was not used and has been subsumed by the firewall sessions used in bidirectional path questions such asbidirectionalTraceroute
. - Now that Python 2.x is officially end-of-life, Pybatfish no longer works in Python 2.
Installation
To upgrade your local Docker image, run docker pull batfish/allinone
then follow the standard instructions to get started.