Skip to content

Batfish 2021-11-04
Compare
Choose a tag to compare
@dhalperi dhalperi released this 05 Nov 17:43
v2021.11.04
542ebea
This commit was created on GitHub.com and signed with GitHub鈥檚 verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release notes 馃巸

This release brings major new features including initial support for Check Point Firewalls, a new ability to trace route-map processing of routes, updated ISP modeling, and hundreds more changes. We also upgrade to more secure versions of some dependencies with known issues.

We'd also like to welcome a new contributor, @lukaskoenen, who has submitted a first two features for FRR!

New features and noteworthy improvements

We are delighted to announce initial support for Check Point Firewalls! Batfish merges configuration from gateways with configuration from the management server. Most basic features including L3 physical and trunk interfaces, with static routes, access rulebase and NAT rulebase, and management servers with multiple domains and packages. Please try it out and let us know how it goes, here or on Slack!

We have added tracing to the bf.q.testRoutePolicies and bf.q.searchRoutePolicies questions, enabling users to understand which statements in the route-maps actually match the given route advertisement. See the linked question documentation for more info, as well as the Analyzing BGP Route Policies example. Tracing support is provided for Arista EOS, Cisco IOS, Cisco NX-OS, JunOS, and FRR.

Batfish's ISP modeling functionality has been extended to support Backbone Networks (which do not connect to the Internet) and to support (multihop) BGP Peers that are not directly configured on the ISP-facing interface.

Batfish's now takes Layer-1 information into account when performing failure analysis, and Layer-1 modeling (when users provide layer1_topology.json) is now faster, more accurate, and better documented. For example, if an Ethernet interface is down and that interface has a Layer-1 edge, then its paired physical advice will also be taken down.

We built a tool that annotates configuration files to reveal how Batfish treats each line in your device configuration files.

Other improvements include:

  • bf.q.bgpRib and bf.q.evpnRib can now return BACKUP routes instead of or in addition to the BEST (including multipath-best) routes that they currently return.
  • Batfish now has more responsive deletion of data when networks or snapshots are deleted (#5281 (comment))
  • BGP external announcements can now be used in policies that depend on knowing the peer's identity (#7230, thanks @raveranj)!
  • BGP route reflector should reflect RIB-failure routes (#7398 thanks, @kefins!)
  • CompareFilters: use differentialBDDSourceManager (#7014 thanks, @racsoce!)
  • Layer-1 edges can be used to disambiguate devices reusing VRRP in different parts of the network (#7423)
  • Many upgrades to performance, especially in BGP
  • Security upgrades to dependencies (#6940, #7046, #7183, #7522, #7523, #7569)

Noteworthy vendor-specific enhancements include:

  • Arista: implement interface ip nat source static (#7050), thanks @rmcmilli!)
  • Arista: support for more new syntax (versions 4.23, 4.24, 4.25)
  • FRR: OSPF unnumbered support (#7038 thanks, @raveranj!)
  • FRR: support route map set as-path exclude (#7251) - Contributed by @lukaskoenen!
  • FRR: add regex to as path access lists (#7250) - Contributed by @lukaskoenen!
  • IOS: only generating BGP aggregates when there is a BGP contributor (#7075, thanks @brotobia!)
  • IOS-XR: we have continued the rewrite we began in the last release. IOS-XR now has many new features including VRF leaking, comprehensive support for route-policy, and more.
  • JunOS: fix a crash when using named ribs (#7043, thanks @xiaozheshao!)
  • JunOS: handle ## SECRET-DATA after semicolon (#7226, thanks @DDinVA!)
  • JunOS: implement more then next-hop variants (#7149, thanks @raveranj!)
  • PAN: static route discard support

Updates and Deprecations

  • Our examples and documentation have been updated to use Pybatfish Sessions.
  • 鈿狅笍 This will be the last release of Pybatfish that supports Python 3.6, which is End-Of-Life this year.
  • 鈿狅笍 As we continue to work on Layer-1 topology, Batfish will be increasingly strict about enforcing correct input. For example, Layer-1 edges should only be between physical interfaces; future versions of Batfish will ignore (rather than honor) Layer-1 edges where one endpoint is, say, an FRR bond interface or an Arista port-channel.

Installation

To upgrade your local Docker image, run docker pull batfish/allinone then follow the standard instructions to get started.

Contributors

xiaozheshao, DDinVA, and 6 other contributors
Assets 2