Differential Questions

Most of the Batfish questions can be run differentially by simply adding snapshot=<name of current snapshot>, reference_snapshot=<name of reference snapshot> in .answer()

For example, to view the difference in routing tables between snapshot1 and snapshot0, run bfq.routes().answer(snapshot="snapshot1", reference_snapshot="snapshot0").frame()

In addition, Batfish has some questions that can ONLY be run differentially. They are documented in this section.

Compare Filters

Compares filters with the same name in the current and reference snapshots. Returns pairs of lines, one from each filter, that match the same flow(s) but treat them differently (i.e. one permits and the other denies the flow).

This question can be used to summarize how a filter has changed over time. In particular, it highlights differences that cause flows to be denied when they used to be permitted, or vice versa. The output is a table that includes pairs of lines, one from each version of the filter, that both match at least one common flow, and have different action (permit or deny). This is a differential question and the reference snapshot to compare against must be provided in the call to answer().

Inputs

Name

Description

Type

Optional

Default Value

nodes

Only evaluate filters present on nodes matching this node specifier.

NodeSpec

True

filters

Only evaluate filters that match this filter specifier.

FilterSpec

True

ignoreComposites

Whether to ignore filters that are composed of multiple filters defined in the configs.

bool

True

False

Invocation

[6]:
result = bfq.compareFilters(nodes='rtr-with-acl').answer(snapshot='filters-change',reference_snapshot='filters').frame()

Return Value

Name

Description

Type

Node

Hostname.

str

Filter_Name

The filter name.

str

Line_Index

The index of the line in the current filter.

str

Line_Content

The current filter line content.

str

Line_Action

The current filter line action.

str

Reference_Line_Index

The index of the line in the reference filter.

str

Reference_Line_Content

The reference filter line content.

str

Print the first 5 rows of the returned Dataframe

[7]:
result.head(5)
[7]:
Node Filter_Name Line_Index Line_Content Line_Action Reference_Line_Index Reference_Line_Content
0 rtr-with-acl acl_in 23 462 permit tcp 10.10.10.0/24 18.18.18.0/26 eq 80 PERMIT 101 2020 deny tcp any any
1 rtr-with-acl acl_in 24 463 permit tcp 10.10.10.0/24 18.18.18.0/26 eq 8080 PERMIT 101 2020 deny tcp any any

Differential Reachability

Returns flows that are successful in one snapshot but not in another.

Searches across all possible flows in the network, with the specified header and path constraints, and returns example flows that are successful in one snapshot and not the other. This is a differential question and the reference snapshot to compare against must be provided in the call to answer().

Inputs

Name

Description

Type

Optional

Default Value

pathConstraints

Constraint the path a flow can take (start/end/transit locations).

PathConstraints

True

headers

Packet header constraints.

HeaderConstraints

True

actions

Only return flows for which the disposition is from this set.

DispositionSpec

True

success

maxTraces

Limit the number of traces returned.

int

True

invertSearch

Search for packet headers outside the specified headerspace, rather than inside the space.

bool

True

ignoreFilters

Do not apply filters/ACLs during analysis.

bool

True

False

Invocation

[10]:
result = bfq.differentialReachability().answer(snapshot='forwarding-change',reference_snapshot='forwarding').frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Snapshot_Traces

The traces in the BASE snapshot

Set of Trace

Snapshot_TraceCount

The total number traces in the BASE snapshot

int

Reference_Traces

The traces in the DELTA snapshot

Set of Trace

Reference_TraceCount

The total number traces in the DELTA snapshot

int

Print the first 5 rows of the returned Dataframe

[11]:
result.head(5)
[11]:
Flow Snapshot_Traces Snapshot_TraceCount Reference_Traces Reference_TraceCount
0 start=border1 [10.12.11.2:49152->2.128.1.1:33434 UDP length=512] [((ORIGINATED(default), FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), NULL_ROUTED(Routes: [static (Network: 2.128.1.1/32, Next Hop IP:AUTO/NONE(-1l))])))] 1 [((ORIGINATED(default), FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet1/0)), (RECEIVED(GigabitEthernet0/0), FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), PERMITTED(RESTRICT_NETWORK_TRAFFIC_IN (INGRESS_FILTER)), FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet3/0, Routes: [connected (Network: 2.128.1.0/30, Next Hop IP:AUTO/NONE(-1l))]), PERMITTED(RESTRICT_HOST_TRAFFIC_OUT (EGRESS_FILTER)), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(eth0), ACCEPTED(eth0)))] 1
1 start=border1 interface=GigabitEthernet0/0 [10.12.11.1:49152->2.128.1.1:33434 UDP length=512] [((RECEIVED(GigabitEthernet0/0), PERMITTED(OUTSIDE_TO_INSIDE (INGRESS_FILTER)), FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), NULL_ROUTED(Routes: [static (Network: 2.128.1.1/32, Next Hop IP:AUTO/NONE(-1l))])))] 1 [((RECEIVED(GigabitEthernet0/0), PERMITTED(OUTSIDE_TO_INSIDE (INGRESS_FILTER)), FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet1/0)), (RECEIVED(GigabitEthernet0/0), FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), PERMITTED(RESTRICT_NETWORK_TRAFFIC_IN (INGRESS_FILTER)), FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet3/0, Routes: [connected (Network: 2.128.1.0/30, Next Hop IP:AUTO/NONE(-1l))]), PERMITTED(RESTRICT_HOST_TRAFFIC_OUT (EGRESS_FILTER)), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(eth0), ACCEPTED(eth0)))] 1
2 start=border1 interface=GigabitEthernet1/0 [2.12.11.3:49152->2.128.1.1:33434 UDP length=512] [((RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), NULL_ROUTED(Routes: [static (Network: 2.128.1.1/32, Next Hop IP:AUTO/NONE(-1l))])))] 1 [((RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet1/0)), (RECEIVED(GigabitEthernet0/0), FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), PERMITTED(RESTRICT_NETWORK_TRAFFIC_IN (INGRESS_FILTER)), FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet3/0, Routes: [connected (Network: 2.128.1.0/30, Next Hop IP:AUTO/NONE(-1l))]), PERMITTED(RESTRICT_HOST_TRAFFIC_OUT (EGRESS_FILTER)), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(eth0), ACCEPTED(eth0)))] 1
3 start=border1 interface=GigabitEthernet2/0 [2.12.12.3:49152->2.128.1.1:33434 UDP length=512] [((RECEIVED(GigabitEthernet2/0), FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), NULL_ROUTED(Routes: [static (Network: 2.128.1.1/32, Next Hop IP:AUTO/NONE(-1l))])))] 1 [((RECEIVED(GigabitEthernet2/0), FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet1/0)), (RECEIVED(GigabitEthernet0/0), FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), PERMITTED(RESTRICT_NETWORK_TRAFFIC_IN (INGRESS_FILTER)), FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet3/0, Routes: [connected (Network: 2.128.1.0/30, Next Hop IP:AUTO/NONE(-1l))]), PERMITTED(RESTRICT_HOST_TRAFFIC_OUT (EGRESS_FILTER)), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(eth0), ACCEPTED(eth0)))] 1
4 start=border2 [10.23.21.2:49152->2.128.1.1:33434 UDP length=512] [((ORIGINATED(default), FORWARDED(ARP IP: 2.12.22.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet1/0)), (RECEIVED(GigabitEthernet0/0), NULL_ROUTED(Routes: [static (Network: 2.128.1.1/32, Next Hop IP:AUTO/NONE(-1l))])))] 1 [((ORIGINATED(default), FORWARDED(ARP IP: 2.12.21.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(GigabitEthernet1/0), FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.1.0/30, Next Hop IP:2.34.201.4)]), TRANSMITTED(GigabitEthernet2/0)), (RECEIVED(GigabitEthernet1/0), PERMITTED(RESTRICT_NETWORK_TRAFFIC_IN (INGRESS_FILTER)), FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet3/0, Routes: [connected (Network: 2.128.1.0/30, Next Hop IP:AUTO/NONE(-1l))]), PERMITTED(RESTRICT_HOST_TRAFFIC_OUT (EGRESS_FILTER)), TRANSMITTED(GigabitEthernet3/0)), (RECEIVED(eth0), ACCEPTED(eth0)))] 1