Available questions

Once you have the Batfish service running, you can use the questions below to analyze your snapshots.

Notes on types

1. Parameter types such as nodeSpec and ipSpec below are strings in Python but have rich grammars (specified here) that enable flexible expression of sets of nodes, interfaces etc. The grammars generally accept the simplest form of each type, such as node name as nodeSpec and IP addresses or prefixes as ipSpec. You can use the resolver questions to see the resolved values for a specifier expression.

2. headerConstraint is a special type that allows you to place constraints on IPv4 packet header for questions such as traceroute. The HeaderConstraints class helps create such constraints.

3. pathConstraint is a special type that allows you to place constraints on paths for questions such as reachability. The PathConstraints class helps create such constraints.

Question categories

Batfish questions fall into the following categories.

• Configuration data questions

• Configuration hygiene questions

• Configuration compatibility questions

• Network adjacency questions

• Flow path questions

• Flow search questions

• ACL and firewall analysis questions

• Routing analysis questions

• Specifier resolvers

• Initialization information questions

• Other questions

Configuration data questions

Questions that return the contents of configuration in a structured format.

class pybatfish.question.bfq.bgpPeerConfiguration(*, nodes, properties, question_name)

Returns configuration settings for BGP peerings.

Reports configuration settings for each configured BGP peering on each node in the network. This question reports peer-specific settings. Settings that are process-wide are reported by the bgpProcessConfiguration question.

Parameters

• nodes (nodeSpec) – Include nodes matching this name or regex.

• properties (bgpPeerPropertySpec) – Include properties matching this regex.

Return table columns:

1. Node

2. VRF

3. Local_AS – Local AS number.

4. Local_IP – Local IPv4 address (null for BGP unnumbered peers).

5. Local_Interface

6. Confederation – Confederation AS number.

7. Remote_AS – Remote AS numbers with which this peer may establish a session.

8. Remote_IP

9. Route_Reflector_Client – Whether this peer is a route reflector client.

10. Cluster_ID – Cluster ID of this peer (null for peers that are not route reflector clients).

11. Peer_Group – Name of the BGP peer group to which this peer belongs.

12. Import_Policy – Names of import policies to be applied to routes received by this peer.

13. Export_Policy – Names of export policies to be applied to routes exported by this peer.

14. Send_Community – Whether this peer propagates communities.

15. Is_Passive – Whether this peer is passive.

class pybatfish.question.bfq.bgpProcessConfiguration(*, nodes, properties, question_name)

Returns configuration settings of BGP processes.

Reports configuration settings for each BGP process on each node and VRF in the network. This question reports only process-wide settings. Peer-specific settings are reported by the bgpPeerConfiguration question.

Parameters

• nodes (nodeSpec) – Include nodes matching this name or regex.

• properties (bgpProcessPropertySpec) – Include properties matching this regex.

Return table columns:

1. Node

2. VRF

3. Router_ID

4. Confederation_ID – Externally visible autonomous system number for the confederation.

5. Confederation_Members – Set of autonomous system numbers visible only within this BGP confederation.

6. Multipath_EBGP – Whether multipath routing is enabled for EBGP.

7. Multipath_IBGP – Whether multipath routing is enabled for IBGP.

8. Multipath_Match_Mode – Which AS paths are considered equivalent (EXACT_PATH, FIRST_AS, PATH_LENGTH) when multipath BGP is enabled.

9. Neighbors – All peers configured on this process, identified by peer address (for active and dynamic peers) or peer interface (for BGP unnumbered peers).

10. Route_Reflector – Whether any BGP peer in this process is configured as a route reflector client, for ipv4 unicast address family.

11. Tie_Breaker – Tie breaking mode (ARRIVAL_ORDER, CLUSTER_LIST_LENGTH, ROUTER_ID).

class pybatfish.question.bfq.definedStructures(*, nodes, names, types, question_name)

Lists the structures defined in the network.

Lists the structures defined in the network, along with the files and line numbers in which they are defined.

Parameters

• nodes (nodeSpec) –

  Include files used to generate nodes whose name matches this specifier.

  Default value: .*

• names (structureName) –

  Include structures whose name matches this string or regex.

  Default value: .*

• types (javaRegex) –

  Include structures whose vendor-specific type matches this string or regex.

  Default value: .*

Return table columns:

1. Structure_Type – Vendor-specific type of the structure.

2. Structure_Name – Name of the structure.

3. Source_Lines – File and line numbers where the structure is defined.

class pybatfish.question.bfq.evpnL3VniProperties(*, nodes, question_name)

Returns configuration settings of VXLANs.

Lists VNI-level network segment settings configured for VXLANs.

Parameters

nodes (nodeSpec) – Include nodes matching this specifier.

Return table columns:

1. Node

2. VRF

3. VNI – VXLAN Segment ID.

4. Route_Distinguisher – Route distinguisher.

5. Import_Route_Target – Import route target.

6. Export_Route_Target – Export route target.

class pybatfish.question.bfq.f5BigipVipConfiguration(*, nodes, question_name)

Returns VIP configuration of F5 BIG-IP devices.

Lists all the VIP to server IP mappings contained in F5 BIP-IP configurations.

Parameters

nodes (nodeSpec) – Include nodes matching this name or regex.

Return table columns:

1. Node

2. VIP_Name – Virtual Service Name.

3. VIP_Endpoint – Virtual Service Endpoint.

4. Servers

5. Description

class pybatfish.question.bfq.interfaceProperties(*, nodes, interfaces, properties, excludeShutInterfaces, question_name)

Returns configuration settings of interfaces.

Lists interface-level settings of interfaces. Settings for routing protocols, VRFs, and zones etc. that are attached to interfaces are available via other questions.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• interfaces (interfacesSpec) – Include interfaces matching this specifier.

• properties (interfacePropertySpec) – Include properties matching this specifier.

• excludeShutInterfaces (boolean) – Exclude interfaces that are shutdown.

Return table columns:

1. Interface

2. Access_VLAN – VLAN number when the switchport mode is access (null otherwise).

3. Active – Whether the interface is active.

4. All_Prefixes – All IPv4 addresses assigned to the interface.

5. Allowed_VLANs – Allowed VLAN numbers when the switchport mode is trunk.

6. Auto_State_VLAN – For VLAN interfaces, whether the operational status depends on member switchports.

7. Bandwidth – Nominal bandwidth in bits/sec, used for protocol cost calculations.

8. Blacklisted – Whether the interface is considered down for maintenance.

9. Channel_Group – Name of the aggregated interface (e.g., a port channel) to which this interface belongs.

10. Channel_Group_Members – For aggregated interfaces (e.g., a port channel), names of constituent interfaces.

11. DHCP_Relay_Addresses – IPv4 addresses to which incoming DHCP requests are relayed.

12. Declared_Names – Any aliases explicitly defined for this interface.

13. Description – Configured interface description.

14. Encapsulation_VLAN – Number for VLAN encapsulation.

15. HSRP_Groups – HSRP group identifiers.

16. HSRP_Version – HSRP version that will be used.

17. Incoming_Filter_Name – Name of the input IPv4 filter.

18. MLAG_ID – MLAG identifier of the interface.

19. MTU – Layer3 MTU of the interface.

20. Native_VLAN – Native VLAN when switchport mode is trunk.

21. Outgoing_Filter_Name – Name of the output IPv4 filter.

22. PBR_Policy_Name – Name of policy-based routing (PBR) policy.

23. Primary_Address – Primary IPv4 address along with the prefix length.

24. Primary_Network – Primary IPv4 subnet, in canonical form.

25. Proxy_ARP – Whether proxy ARP is enabled.

26. Rip_Enabled – Whether RIP is enabled.

27. Rip_Passive – Whether interface is in RIP passive mode.

28. Spanning_Tree_Portfast – Whether spanning-tree portfast feature is enabled.

29. Speed – Link speed in bits/sec.

30. Switchport – Whether the interface is configured as switchport.

31. Switchport_Mode – Switchport mode (ACCESS, DOT1Q_TUNNEL, DYNAMIC_AUTO, DYNAMIC_DESIRABLE, FEX_FABRIC, MONITOR, NONE, TAP, TOOL, TRUNK) for switchport interfaces.

32. Switchport_Trunk_Encapsulation – Encapsulation type (DOT1Q, ISL, NEGOTIATE) for switchport trunk interfaces.

33. VRF – Name of the VRF to which the interface belongs.

34. VRRP_Groups – All VRRP groups to which the interface belongs.

35. Zone_Name – Name of the firewall zone to which the interface belongs.

class pybatfish.question.bfq.ipOwners(*, duplicatesOnly, question_name)

Returns where IP addresses are attached in the network.

For each device, lists the mapping from IPs to corresponding interface(s) and VRF(s).

Parameters

duplicatesOnly (boolean) –

Required. Restrict output to only IP addresses that are duplicated (configured on a different node or VRF) in the snapshot.

Default value: False

Return table columns:

1. Node – Node hostname.

2. VRF – VRF name.

3. Interface – Interface name.

4. IP – IP address.

5. Mask – Network mask length.

6. Active – Whether the interface is active.

class pybatfish.question.bfq.mlagProperties(*, nodes, mlagIds, question_name)

Returns MLAG configuration.

Lists the configuration settings for each MLAG domain in the network.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• mlagIds (mlagIdSpec) – Include MLAG IDs matching this specifier.

Return table columns:

1. Node – Node name.

2. MLAG_ID – MLAG domain ID.

3. Peer_Address – Peer’s IP address.

4. Local_Interface – Local interface used for MLAG peering.

5. Source_Interface – Local interface used as source-interface for MLAG peering.

class pybatfish.question.bfq.namedStructures(*, nodes, structureTypes, structureNames, ignoreGenerated, indicatePresence, question_name)

Returns named structure definitions.

Return structures defined in the configurations, represented in a vendor-independent JSON format.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• structureTypes (namedStructureSpec) – Include structures of this type.

• structureNames (structureName) – Include structures matching this name or regex.

• ignoreGenerated (boolean) –

  Whether to ignore auto-generated structures.

  Default value: True

• indicatePresence (boolean) – Output if the structure is present or absent.

Return table columns:

1. Node

2. Structure_Type – Structure type.

3. Structure_Name – Structure name.

4. Structure_Definition – Structure definition.

class pybatfish.question.bfq.nodeProperties(*, nodes, properties, question_name)

Returns configuration settings of nodes.

Lists global settings of devices in the network. Settings that are specific to interfaces, routing protocols, etc. are available via other questions.

Parameters

• nodes (nodeSpec) – Include nodes matching this name or regex.

• properties (nodePropertySpec) – Include properties matching this regex.

Return table columns:

1. Node

2. AS_Path_Access_Lists – Names of AS path access lists.

3. Authentication_Key_Chains – Names of authentication keychains.

4. Community_Lists – Names of community lists.

5. Configuration_Format – Configuration format of the node.

6. DNS_Servers – Configured DNS servers.

7. DNS_Source_Interface – Source interface to use for communicating with DNS servers.

8. Default_Cross_Zone_Action – Default action (PERMIT, DENY) for traffic that traverses firewall zones (null for non-firewall nodes).

9. Default_Inbound_Action – Default action (PERMIT, DENY) for traffic destined for this node.

10. Device_Type – Device type of this node (HOST, INTERNET, ISP, ROUTER, SWITCH).

11. Domain_Name – Domain name of the node.

12. Hostname – Hostname of the node.

13. IKE_Phase1_Keys – Names of IKE Phase 1 keys.

14. IKE_Phase1_Policies – Names of IKE Phase 1 policies.

15. IKE_Phase1_Proposals – Names of IKE Phase 1 proposals.

16. IP6_Access_Lists – Names of IPv6 filters (ACLs, firewall rule sets).

17. IP_Access_Lists – Names of IPv4 filters (ACLs, firewall rule sets).

18. IPsec_Peer_Configs – Names of IPSec peers.

19. IPsec_Phase2_Policies – Names of IPSec Phase 2 policies.

20. IPsec_Phase2_Proposals – Names of IPSec Phase 2 proposals.

21. Interfaces – Names of interfaces.

22. Logging_Servers – Configured logging servers.

23. Logging_Source_Interface – Source interface for communicating with logging servers.

24. NTP_Servers – Configured NTP servers.

25. NTP_Source_Interface – Source interface for communicating with NTP servers.

26. PBR_Policies – Names of policy-based routing (PBR) policies.

27. Route6_Filter_Lists – Names of structures that filter IPv6 routes (e.g., prefix lists).

28. Route_Filter_Lists – Names of structures that filter IPv4 routes (e.g., prefix lists).

29. Routing_Policies – Names of policies that manipulate routes (e.g., route maps).

30. SNMP_Source_Interface – Source interface to use for communicating with SNMP servers.

31. SNMP_Trap_Servers – Configured SNMP trap servers.

32. TACACS_Servers – Configured TACACS servers.

33. TACACS_Source_Interface – Source interface to use for communicating with TACACS servers.

34. VRFs – Names of VRFs present on the node.

35. Zones – Names of firewall zones on the node.

class pybatfish.question.bfq.ospfAreaConfiguration(*, nodes, question_name)

Returns configuration parameters of OSPF areas.

Returns information about all OSPF areas defined across the network.

Parameters

nodes (nodeSpec) – Include nodes matching this name or regex.

Return table columns:

1. Node

2. VRF

3. Process_ID

4. Area – Area number.

5. Area_Type – Area type.

6. Active_Interfaces – Names of active interfaces.

7. Passive_Interfaces – Names of passive interfaces.

class pybatfish.question.bfq.ospfInterfaceConfiguration(*, nodes, properties, question_name)

Returns OSPF configuration of interfaces.

Returns the interface level OSPF configuration details for the interfaces in the network which run OSPF.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• properties (ospfInterfacePropertySpec) – Include properties matching this specifier.

Return table columns:

1. Interface

2. VRF – VRF name.

3. Process_ID

4. OSPF_Area_Name – OSPF area to which the interface belongs.

5. OSPF_Enabled – Whether OSPF is enabled.

6. OSPF_Passive – Whether interface is in OSPF passive mode.

7. OSPF_Cost – OSPF cost if explicitly configured.

8. OSPF_Network_Type – Type of OSPF network associated with the interface.

9. OSPF_Hello_Interval – Interval in seconds between sending OSPF hello messages.

10. OSPF_Dead_Interval – Interval in seconds before a silent OSPF neighbor is declared dead.

class pybatfish.question.bfq.ospfProcessConfiguration(*, nodes, properties, question_name)

Returns configuration parameters for OSPF routing processes.

Returns the values of important properties for all OSPF processes running across the network.

Parameters

• nodes (nodeSpec) – Include nodes matching this name or regex.

• properties (ospfProcessPropertySpec) – Include properties matching this specifier.

Return table columns:

1. Node

2. VRF – VRF name.

3. Process_ID

4. Areas – All OSPF areas for this process.

5. Reference_Bandwidth – Reference bandwidth in bits/sec used to calculate interface OSPF cost.

6. Router_ID – Router ID of the process.

7. Export_Policy_Sources – Names of policies that determine which routes are exported into OSPF.

8. Area_Border_Router – Whether this process is at the area border (with at least one interface in Area 0 and one in another area).

class pybatfish.question.bfq.referencedStructures(*, nodes, names, types, question_name)

Lists the references in configuration files to vendor-specific structures.

Lists the references in configuration files to vendor-specific structures, along with the line number, the name and the type of the structure referenced, and configuration context in which each reference occurs.

Parameters

• nodes (nodeSpec) – Include files used to generate nodes whose name matches this specifier.

• names (structureName) – Include structures whose name matches this string or regex.

• types (javaRegex) – Include structures whose vendor-specific type matches this string or regex.

Return table columns:

1. Structure_Type – Type of structure referenced.

2. Structure_Name – The referenced structure.

3. Context – Configuration context in which the reference appears.

4. Source_Lines – Lines where reference appears.

class pybatfish.question.bfq.switchedVlanProperties(*, nodes, interfaces, vlans, excludeShutInterfaces, question_name)

Returns configuration settings of switched VLANs.

Lists information about implicitly and explicitly configured switched VLANs.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• interfaces (interfacesSpec) – Include interfaces matching this specifier.

• vlans (integerSpace) – Include VLANs in this space.

• excludeShutInterfaces (boolean) – Exclude interfaces that are shutdown.

Return table columns:

1. Node

2. VLAN_ID

3. Interfaces – Switched interfaces carrying traffic for this VLAN.

4. VXLAN_VNI – VXLAN VNI with which this VLAN is associated.

class pybatfish.question.bfq.viModel(*, question_name)

Lists configuration attributes of nodes and edges in the network.

Returns a JSON dictionary with all of the configuration parameters and neighbor relations stored in the vendor independent data-model.

class pybatfish.question.bfq.vxlanVniProperties(*, nodes, properties, question_name)

Returns configuration settings of VXLANs.

Lists VNI-level network segment settings configured for VXLANs.

Parameters

• nodes (nodeSpec) – Include nodes matching this specifier.

• properties (vxlanVniPropertySpec) – Include properties matching this specifier.

Return table columns:

1. Node

2. VRF

3. VNI – VXLAN Segment ID.

4. Local_VTEP_IP – IPv4 address of the local VTEP.

5. Multicast_Group – IPv4 address of the multicast group.

6. VLAN – VLAN number for the VNI.

7. VTEP_Flood_List – All IPv4 addresses in the VTEP flood list.

8. VXLAN_Port – Destination port number for the VXLAN tunnel.

Configuration hygiene questions

Questions that flag unused and undefined structures in configurations.

class pybatfish.question.bfq.aaaAuthenticationLogin(*, nodes, question_name)

Returns nodes that do not require authentication on all virtual terminal lines.

Lists all nodes in the network for which there is a virtual terminal line that does not require authentication.

Parameters

nodes (nodeSpec) –

Required. Examine AAA Authentication on nodes matching this name or regex.

Default value: .*

Return table columns:

1. Node

2. Line_Names – Names of virtual terminal lines.

class pybatfish.question.bfq.interfaceMtu(*, interfaces, mtuBytes, nodes, comparator, question_name)

Finds interfaces where the configured MTU matches the specified comparator and mtuBytes.

For example, if comparator is ‘<’ and mtuBytes is 1500, then only interfaces where the configured MTU is less than 1500 bytes will be returned.

Parameters

• interfaces (interfacesSpec) –

  Required. Evaluate interfaces matching this specifier.

  Default value: .*

• mtuBytes (integer) –

  Required. The reference MTU in bytes against which to check the configured MTU.

  Default value: 1500

• nodes (nodeSpec) –

  Required. Include nodes matching this specifier.

  Default value: .*

• comparator (comparator) –

  Returned devices will satisfy <comparator> <mtuBytes>. Use ‘<’ to find devices that do not have MTU smaller than the specified <mtuBytes> MTU.

  Default value: <

Return table columns:

1. Interface

2. MTU – Layer3 MTU of the interface.

class pybatfish.question.bfq.undefinedReferences(*, nodes, question_name)

Identifies undefined references in configuration.

Finds configurations that have references to named structures (e.g., ACLs) that are not defined. Such occurrences indicate errors and can have serious consequences in some cases.

Parameters

nodes (nodeSpec) –

Required. Look for undefined references on nodes matching this name or regex.

Default value: .*

Return table columns:

1. File_Name – File containing reference.

2. Struct_Type – Type of struct reference is supposed to be.

3. Ref_Name – The undefined reference.

4. Context – Context of undefined reference.

5. Lines – Lines where reference appears.

class pybatfish.question.bfq.unusedStructures(*, nodes, question_name)

Returns nodes with structures such as ACLs, routemaps, etc. that are defined but not used.

Return nodes with structures such as ACLs, routes, etc. that are defined but not used. This may represent a bug in the configuration, which may have occurred because a final step in a template or MOP was not completed. Or it could be harmless extra configuration generated from a master template that is not meant to be used on those nodes.

Parameters

nodes (nodeSpec) –

Required. Look for unused structures on nodes matching this name or regex.

Default value: .*

Return table columns:

1. Structure_Type – Vendor-specific type of the structure.

2. Structure_Name – Name of the structure.

3. Source_Lines – File and line numbers where the structure is defined.

Configuration compatibility questions

Questions that show if configuration settings are compatible across devices.

class pybatfish.question.bfq.bgpSessionCompatibility(*, nodes, remoteNodes, status, type, question_name)

Returns the compatibility of configured BGP sessions.

Checks the settings of each configured BGP peering and reports any issue with those settings locally or incompatiblity with its remote counterparts. Each row represents one configured BGP peering on a node and contains information about the session it is meant to establish. For dynamic peers, there is one row per compatible remote peer. Statuses that indicate an independently misconfigured peerings include NO_LOCAL_AS, NO_REMOTE_AS, NO_LOCAL_IP (for eBGP single-hop peerings), LOCAL_IP_UNKNOWN_STATICALLY (for iBGP or eBGP multi-hop peerings), NO_REMOTE_IP (for point-to-point peerings), and NO_REMOTE_PREFIX (for dynamic peerings). INVALID_LOCAL_IP indicates that the peering’s configured local IP does not belong to any active interface on the node; UNKNOWN_REMOTE indicates that the configured remote IP is not present in the network. A locally valid point-to-point peering is deemed HALF_OPEN if it has no compatible remote peers, UNIQUE_MATCH if it has exactly one compatible remote peer, or MULTIPLE_REMOTES if it has multiple compatible remote peers. A locally valid dynamic peering is deemed NO_MATCH_FOUND if it has no compatible remote peers, or DYNAMIC_MATCH if it has at least one compatible remote peer.

Parameters

• nodes (nodeSpec) – Include sessions whose first node matches this specifier.

• remoteNodes (nodeSpec) – Include sessions whose second node matches this specifier.

• status (bgpSessionCompatStatusSpec) – Only include sessions for which compatibility status matches this specifier.

• type (bgpSessionTypeSpec) – Only include sessions that match this specifier.

Return table columns:

1. Node – The node where this session is configured.

2. VRF – The VRF in which this session is configured.

3. Local_AS – The local AS of the session.

4. Local_Interface – Local interface of the session.

5. Local_IP – The local IP of the session.

6. Remote_AS – The remote AS or list of ASes of the session.

7. Remote_Node – Remote node for this session.

8. Remote_Interface – Remote interface for this session.

9. Remote_IP – Remote IP or prefix for this session.

10. Address_Families – Address Families participating in this session.

11. Session_Type – The type of this session.

12. Configured_Status – Configured status.

class pybatfish.question.bfq.bgpSessionStatus(*, nodes, remoteNodes, status, type, question_name)

Returns the dynamic status of configured BGP sessions.

Checks whether configured BGP peerings can be established. Each row represents one configured BGP peering and contains information about the session it is configured to establish. For dynamic peerings, one row is shown per compatible remote peer. Possible statuses for each session are NOT_COMPATIBLE, ESTABLISHED, and NOT_ESTABLISHED. NOT_COMPATIBLE sessions are those where one or both peers are misconfigured; the BgpSessionCompatibility question provides further insight into the nature of the configuration error. NOT_ESTABLISHED sessions are those that are configured compatibly but will not come up because peers cannot reach each other (e.g., due to being blocked by an ACL). ESTABLISHED sessions are those that are compatible and are expected to come up.

Parameters

• nodes (nodeSpec) – Include sessions whose first node matches this specifier.

• remoteNodes (nodeSpec) – Include sessions whose second node matches this specifier.

• status (bgpSessionStatusSpec) – Only include sessions for which status matches this specifier.

• type (bgpSessionTypeSpec) – Only include sessions that match this specifier.

Return table columns:

1. Node – The node where this session is configured.

2. VRF – The VRF in which this session is configured.

3. Local_AS – The local AS of the session.

4. Local_Interface – Local interface of the session.

5. Local_IP – The local IP of the session.

6. Remote_AS – The remote AS or list of ASes of the session.

7. Remote_Node – Remote node for this session.

8. Remote_Interface – Remote interface for this session.

9. Remote_IP – Remote IP or prefix for this session.

10. Address_Families – Address Families participating in this session.

11. Session_Type – The type of this session.

12. Established_Status – Established status.

class pybatfish.question.bfq.ipsecSessionStatus(*, nodes, remoteNodes, status, question_name)

Returns the status of configured IPSec sessions.

Shows configuration settings and status for each configured IPSec tunnel in the network. The status is IPSEC_SESSION_ESTABLISHED for tunnels that are expected to be established; it is IKE_PHASE1_FAILED if IKE parameters negotiation failed; it is IKE_PHASE1_KEY_MISMATCH if IKE negotiation was successful but IKE keys do not match; it is IPSEC_PHASE2_FAILED if negotiation of IPsec parameters failed; and it is MISSING_END_POINT if the remote endpoint for a configured IPsec tunnel could not be found in the network.

Parameters

• nodes (nodeSpec) – Include sessions whose first node matches this specifier.

• remoteNodes (nodeSpec) – Include sessions whose second node matches this specifier.

• status (ipsecSessionStatusSpec) – Only include IPSec sessions for which status matches this specifier.

Return table columns:

1. Node – IPSec initiator.

2. Node_Interface – Initiator Interface.

3. Node_IP – Initiator IP.

4. Remote_Node – IPSec responder.

5. Remote_Node_Interface – Responder Interface.

6. Remote_Node_IP – Responder IP.

7. Tunnel_Interfaces – Tunnel interfaces pair used in peering session.

8. Status – IPSec session status.

class pybatfish.question.bfq.ospfSessionCompatibility(*, nodes, remoteNodes, statuses, question_name)

Returns compatible OSPF sessions.

Returns compatible OSPF sessions in the network. A session is compatible if the interfaces involved are not shutdown and do run OSPF, are not OSPF passive and are associated with the same OSPF area.

Parameters

• nodes (nodeSpec) – Include nodes matching this name or regex.

• remoteNodes (nodeSpec) – Include remote nodes matching this name or regex.

• statuses (ospfSessionStatusSpec) – Only include sessions matching this status specifier.

Return table columns:

1. Interface

2. VRF

3. IP – Ip.

4. Area

5. Remote_Interface

6. Remote_VRF

7. Remote_IP

8. Remote_Area

9. Session_Status – Status of the OSPF session.

Network adjacency questions

Questions that show different types of network adjacencies.

class pybatfish.question.bfq.bgpEdges(*, nodes, remoteNodes, question_name)

Returns BGP adjacencies.

Lists all BGP adjacencies in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include adjacencies whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include adjacencies whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Node – Node from which the edge originates.

2. IP – IP at the side of originator.

3. Interface – Interface at which the edge originates.

4. AS_Number – AS Number at the side of originator.

5. Remote_Node – Node at which the edge terminates.

6. Remote_IP – IP at the side of the responder.

7. Remote_Interface – Interface at which the edge terminates.

8. Remote_AS_Number – AS Number at the side of responder.

class pybatfish.question.bfq.edges(*, edgeType, nodes, remoteNodes, initial, question_name)

Returns different types of network adjacencies in a snapshot.

Lists network adjacencies of different types (e.g., Layer 3, BGP, OSPF) in the form of edges. This question is deprecated in favor of specific edges question such as bgpEdges and layer3Edges.

Parameters

• edgeType (string) –

  Required. Types of edges to include. Default is layer3. Allowed values:

  • bgp

  • eigrp

  • ipsec

  • isis

  • layer1

  • layer3

  • ospf

  • vxlan

  Default value: layer3

• nodes (nodeSpec) –

  Required. Include edges whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include edges whose second node matches this name or regex.

  Default value: .*

• initial (boolean) –

  Required. Use the initial topology (pre-dataplane computation).

  Default value: False

Return table columns:

1. Interface – Interface from which the edge originates.

2. IPs

3. Remote_Interface – Interface at which the edge terminates.

4. Remote_IPs

class pybatfish.question.bfq.eigrpEdges(*, nodes, remoteNodes, question_name)

Returns EIGRP adjacencies.

Lists all EIGRP adjacencies in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include adjacencies whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include adjacencies whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Interface – Interface from which the edge originates.

2. Remote_Interface – Interface at which the edge terminates.

class pybatfish.question.bfq.ipsecEdges(*, nodes, remoteNodes, question_name)

Returns IPSec tunnels.

Lists all IPSec tunnels in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include tunnels whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include tunnels whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Source_Interface – Source interface used in the IPsec session.

2. Tunnel_Interface – Tunnel interface (if any) used in the IPsec session.

3. Remote_Source_Interface – Remote source interface used in the IPsec session.

4. Remote_Tunnel_Interface – Remote tunnel interface (if any) used in the IPsec session.

class pybatfish.question.bfq.isisEdges(*, nodes, remoteNodes, question_name)

Returns ISIS adjacencies.

Lists all ISIS adjacencies in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include adjacencies whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include adjacencies whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Interface – Interface from which the edge originates.

2. Remote_Interface – Interface at which the edge terminates.

class pybatfish.question.bfq.layer1Edges(*, nodes, remoteNodes, question_name)

Returns Layer 1 links.

Lists all Layer 1 links in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include links whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include links whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Interface – Interface from which the edge originates.

2. Remote_Interface – Interface at which the edge terminates.

class pybatfish.question.bfq.layer3Edges(*, nodes, remoteNodes, question_name)

Returns Layer 3 links.

Lists all Layer 3 edges in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include edges whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include edges whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Interface – Interface from which the edge originates.

2. IPs

3. Remote_Interface – Interface at which the edge terminates.

4. Remote_IPs

class pybatfish.question.bfq.ospfEdges(*, nodes, remoteNodes, question_name)

Returns OSPF adjacencies.

Lists all OSPF adjacencies in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include adjacencies whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include edges whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. Interface – Interface from which the edge originates.

2. Remote_Interface – Interface at which the edge terminates.

class pybatfish.question.bfq.vxlanEdges(*, nodes, remoteNodes, question_name)

Returns VXLAN edges.

Lists all VXLAN edges in the network.

Parameters

• nodes (nodeSpec) –

  Required. Include edges whose first node matches this name or regex.

  Default value: .*

• remoteNodes (nodeSpec) –

  Required. Include edges whose second node matches this name or regex.

  Default value: .*

Return table columns:

1. VNI – VNI of the VXLAN tunnel edge.

2. Node – Node from which the edge originates.

3. Remote_Node – Node at which the edge terminates.

4. VTEP_Address – VTEP IP of node from which the edge originates.

5. Remote_VTEP_Address – VTEP IP of node at which the edge terminates.

6. VLAN – VLAN associated with VNI on node from which the edge originates.

7. Remote_VLAN – VLAN associated with VNI on node at which the edge terminates.

8. UDP_Port – UDP port of the VXLAN tunnel transport.

9. Multicast_Group – Multicast group of the VXLAN tunnel transport.

Flow path questions

Questions that show paths of specified flows in the network.

class pybatfish.question.bfq.bidirectionalTraceroute(*, startLocation, headers, maxTraces, ignoreFilters, question_name)

Traces the path(s) for the specified flow, along with path(s) for reverse flows.

This question performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. If the trace succeeds, a traceroute is performed in the reverse direction.

Parameters

• startLocation (locationSpec) – Required. Location (node and interface combination) to start tracing from.

• headers (headerConstraint) – Required. Packet header constraints.

• maxTraces (integer) – Limit the number of traces returned.

• ignoreFilters (boolean) – If set, filters/ACLs encountered along the path are ignored.

Return table columns:

1. Forward_Flow – The forward flow.

2. Forward_Traces – The forward traces.

3. New_Sessions – Sessions initialized by the forward trace.

4. Reverse_Flow – The reverse flow.

5. Reverse_Traces – The reverse traces.

class pybatfish.question.bfq.traceroute(*, startLocation, headers, maxTraces, ignoreFilters, question_name)

Traces the path(s) for the specified flow.

Performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. Unlike a real traceroute, this traceroute is directional. That is, for it to succeed, the reverse connectivity is not needed. This feature can help debug connectivity issues by decoupling the two directions.

Parameters

• startLocation (locationSpec) – Required. Location (node and interface combination) to start tracing from.

• headers (headerConstraint) – Required. Packet header constraints.

• maxTraces (integer) – Limit the number of traces returned.

• ignoreFilters (boolean) – If set, filters/ACLs encountered along the path are ignored.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

Flow search questions

Questions that exhaustively search for flows that meet specified constraints.

class pybatfish.question.bfq.bidirectionalReachability(*, pathConstraints, headers, returnFlowType, question_name)

Searches for successfully delivered flows that can successfully receive a response.

Performs two reachability analyses, first originating from specified sources, then returning back to those sources. After the first (forward) pass, sets up sessions in the network and creates returning flows for each successfully delivered forward flow. The second pass searches for return flows that can be successfully delivered in the presence of the setup sessions.

Parameters

• pathConstraints (pathConstraint) – Constraint the path a flow can take (start/end/transit locations).

• headers (headerConstraint) – Required. Packet header constraints.

• returnFlowType (string) –

  Specifies the type of return flows to search. Allowed values:

  • SUCCESS: Flows that are successful

  • FAILURE: Flows that fail

  • MULTIPATH_INCONSISTENT: Flows that succeed or fail depending on the path

  Default value: SUCCESS

Return table columns:

1. Forward_Flow – The forward flow.

2. Forward_Traces – The forward traces.

3. New_Sessions – Sessions initialized by the forward trace.

4. Reverse_Flow – The reverse flow.

5. Reverse_Traces – The reverse traces.

class pybatfish.question.bfq.detectLoops(*, maxTraces, question_name)

Detects forwarding loops.

Searches across all possible flows in the network and returns example flows that will experience forwarding loops.

Parameters

maxTraces (integer) – Limit the number of traces returned.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

class pybatfish.question.bfq.differentialReachability(*, pathConstraints, headers, actions, maxTraces, invertSearch, ignoreFilters, question_name)

Returns flows that are successful in one snapshot but not in another.

Searches across all possible flows in the network, with the specified header and path constraints, and returns example flows that are successful in one snapshot and not the other. This is a differential question and the reference snapshot to compare against must be provided in the call to answer().

Parameters

• pathConstraints (pathConstraint) – Constraint the path a flow can take (start/end/transit locations).

• headers (headerConstraint) – Packet header constraints.

• actions (dispositionSpec) –

  Only return flows for which the disposition is from this set.

  Default value: success

• maxTraces (integer) – Limit the number of traces returned.

• invertSearch (boolean) – Search for packet headers outside the specified headerspace, rather than inside the space.

• ignoreFilters (boolean) –

  Do not apply filters/ACLs during analysis.

  Default value: False

Return table columns:

1. Flow – The flow.

2. Snapshot_Traces – The traces in the BASE snapshot.

3. Snapshot_TraceCount – The total number traces in the BASE snapshot.

4. Reference_Traces – The traces in the DELTA snapshot.

5. Reference_TraceCount – The total number traces in the DELTA snapshot.

class pybatfish.question.bfq.loopbackMultipathConsistency(*, maxTraces, question_name)

Validates multipath consistency between all pairs of loopbacks.

Finds flows between loopbacks that are treated differently (i.e., dropped versus forwarded) by different paths in the presence of multipath routing.

Parameters

maxTraces (integer) – Limit the number of traces returned.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

class pybatfish.question.bfq.multipathConsistency(*, pathConstraints, headers, maxTraces, question_name)

Validates multipath consistency.

Searches across all flows in the network and returns example flows that are treated differently (i.e., dropped versus forwarded) by different paths in the presence of multipath routing.

Parameters

• pathConstraints (pathConstraint) – Constraint the path a flow can take (start/end/transit locations).

• headers (headerConstraint) – Packet header constraints.

• maxTraces (integer) – Limit the number of traces returned.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

class pybatfish.question.bfq.reachability(*, pathConstraints, headers, actions, maxTraces, invertSearch, ignoreFilters, question_name)

Finds flows that match the specified path and header space conditions.

Searches across all flows that match the specified conditions and returns examples of such flows. This question can be used to ensure that certain services are globally accessible and parts of the network are perfectly isolated from each other.

Parameters

• pathConstraints (pathConstraint) – Constraint the path a flow can take (start/end/transit locations).

• headers (headerConstraint) – Packet header constraints.

• actions (dispositionSpec) –

  Only return flows for which the disposition is from this set.

  Default value: success

• maxTraces (integer) – Limit the number of traces returned.

• invertSearch (boolean) – Search for packet headers outside the specified headerspace, rather than inside the space.

• ignoreFilters (boolean) – Do not apply filters/ACLs during analysis.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

class pybatfish.question.bfq.subnetMultipathConsistency(*, maxTraces, question_name)

Validates multipath consistency between all pairs of subnets.

Searches across all flows between subnets that are treated differently (i.e., dropped versus forwarded) by different paths in the network and returns example flows.

Parameters

maxTraces (integer) – Limit the number of traces returned.

Return table columns:

1. Flow – The flow.

2. Traces – The traces for this flow.

3. TraceCount – The total number traces for this flow.

ACL and firewall analysis questions

Questions that analyze ACLs and firewall rules.

class pybatfish.question.bfq.compareFilters(*, nodes, filters, ignoreComposites, question_name)

Compares filters with the same name in the current and reference snapshots. Returns pairs of lines, one from each filter, that match the same flow(s) but treat them differently (i.e. one permits and the other denies the flow).

This question can be used to summarize how a filter has changed over time. In particular, it highlights differences that cause flows to be denied when they used to be permitted, or vice versa. The output is a table that includes pairs of lines, one from each version of the filter, that both match at least one common flow, and have different action (permit or deny). This is a differential question and the reference snapshot to compare against must be provided in the call to answer().

Parameters

• nodes (nodeSpec) – Only evaluate filters present on nodes matching this node specifier.

• filters (filterSpec) – Only evaluate filters that match this filter specifier.

• ignoreComposites (boolean) –

  Whether to ignore filters that are composed of multiple filters defined in the configs.

  Default value: False

Return table columns:

1. Node – Hostname.

2. Filter_Name – The filter name.

3. Line_Index – The index of the line in the current filter.

4. Line_Content – The current filter line content.

5. Line_Action – The current filter line action.

6. Reference_Line_Index – The index of the line in the reference filter.

7. Reference_Line_Content – The reference filter line content.

class pybatfish.question.bfq.filterLineReachability(*, nodes, filters, ignoreComposites, question_name)

Returns unreachable lines in filters (ACLs and firewall rules).

Finds all lines in the specified filters that will not match any packet, either because of being shadowed by prior lines or because of its match condition being empty.

Parameters

• nodes (nodeSpec) – Examine filters on nodes matching this specifier.

• filters (filterSpec) – Specifier for filters to test.

• ignoreComposites (boolean) –

  Whether to ignore filters that are composed of multiple filters defined in the configs.

  Default value: False

Return table columns:

1. Sources – Filter sources.

2. Unreachable_Line – Filter line that cannot be matched (i.e., unreachable).

3. Unreachable_Line_Action – Action performed by the unreachable line (e.g., PERMIT or DENY).

4. Blocking_Lines – Lines that, when combined, cover the unreachable line.

5. Different_Action – Whether unreachable line has an action different from the blocking line(s).

6. Reason – The reason a line is unreachable.

7. Additional_Info – Additional information.

class pybatfish.question.bfq.findMatchingFilterLines(*, nodes, filters, headers, action, ignoreComposites, question_name)

Returns lines in filters (ACLs and firewall rules) that match any packet within the specified header constraints.

Finds all lines in the specified filters that match any packet within the specified header constraints.

Parameters

• nodes (nodeSpec) – Examine filters on nodes matching this specifier.

• filters (filterSpec) – Specifier for filters to check.

• headers (headerConstraint) – Packet header constraints for which to find matching filter lines.

• action (string) –

  Show filter lines with this action. By default returns lines with either action. Allowed values:

  • permit: Return only lines that permit packets

  • deny: Return only lines that deny packets

• ignoreComposites (boolean) –

  Whether to ignore filters that are composed of multiple filters defined in the configs.

  Default value: False

Return table columns:

1. Node

2. Filter – Filter name.

3. Line – Line text.

4. Line_Index – Index of line.

5. Action – Action performed by the line (e.g., PERMIT or DENY).

class pybatfish.question.bfq.searchFilters(*, nodes, filters, headers, action, startLocation, invertSearch, question_name)

Finds flows for which a filter takes a particular behavior.

This question searches for flows for which a filter (access control list) has a particular behavior. The behaviors can be: that the filter permits the flow (permit), that it denies the flow (deny), or that the flow is matched by a particular line (matchLine <lineNumber>). Filters are selected using node and filter specifiers, which might match multiple filters. In this case, a (possibly different) flow will be found for each filter.

Parameters

• nodes (nodeSpec) – Only evaluate filters present on nodes matching this specifier.

• filters (filterSpec) – Only evaluate filters that match this specifier.

• headers (headerConstraint) – Packet header constraints on the flows being searched.

• action (string) – The behavior that you want evaluated. Options are: ‘permit’ or ‘deny’ or ‘matchLine <line number>’. Only one option should be selected.

• startLocation (locationSpec) – Only consider specified locations as possible sources.

• invertSearch (boolean) – Search for packet headers outside the specified headerspace, rather than inside the space.

Return table columns:

1. Node

2. Filter_Name – Filter name.

3. Flow – Evaluated flow.

4. Action – Outcome.

5. Line_Content – Line content.

6. Trace – ACL trace.

class pybatfish.question.bfq.testFilters(*, nodes, filters, headers, startLocation, question_name)

Returns how a flow is processed by a filter (ACLs, firewall rules).

Shows how the specified flow is processed through the specified filters, returning its permit/deny status as well as the line(s) it matched.

Parameters

• nodes (nodeSpec) – Only examine filters on nodes matching this specifier.

• filters (filterSpec) – Only consider filters that match this specifier.

• headers (headerConstraint) – Required. Packet header constraints.

• startLocation (string) – Location to start tracing from.

Return table columns:

1. Node

2. Filter_Name – Filter name.

3. Flow – Evaluated flow.

4. Action – Outcome.

5. Line_Content – Line content.

6. Trace – ACL trace.

Routing analysis questions

Questions that analyze routing

class pybatfish.question.bfq.lpmRoutes(*, ip, nodes, vrfs, question_name)

Returns routes that are longest prefix match for a given IP address.

Return longest prefix match routes for a given IP in the RIBs of specified nodes and VRFs.

Parameters

• ip (ip) – Required. IP address to run LPM on.

• nodes (nodeSpec) –

  Required. Examine routes on nodes matching this specifier.

  Default value: .*

• vrfs (vrf) –

  Required. Examine routes on VRFs matching this name or regex.

  Default value: .*

Return table columns:

1. Node – Node where the route is present.

2. VRF – VRF where the route is present.

3. Ip – IP that was being matched on.

4. Network – The longest-prefix network that matched.

5. Num_Routes – Number of routes that matched (in case of ECMP).

class pybatfish.question.bfq.prefixTracer(*, nodes, prefix, question_name)

Traces prefix propagation through the network.

Shows how prefixes are treated by devices in the network during routing.

Parameters

• nodes (nodeSpec) – Include prefix tracing information for nodes matching this name or regex.

• prefix (prefix) – The prefix to trace. Expected format is A.B.C.D/Y.

Return table columns:

1. Node – The node where action takes place.

2. VRF – The VRF where action takes place.

3. Peer – The node’s neighbor to which the action applies.

4. Action – The action that takes place.

5. Prefix – The prefix in question.

class pybatfish.question.bfq.routes(*, nodes, network, protocols, vrfs, rib, question_name)

Returns routing tables.

Shows routes for specified RIB, VRF, and node(s).

Parameters

• nodes (nodeSpec) – Examine routes on nodes matching this specifier.

• network (prefix) – Examine routes for networks matching this prefix.

• protocols (routingProtocolSpec) – Examine routes for protocols matching this specifier.

• vrfs (vrf) – Examine routes on VRFs matching this name or regex.

• rib (string) –

  Only return routes from a given protocol RIB. Allowed values:

  • main

  • bgp

  • evpn

Return table columns:

1. Node

2. VRF – VRF name.

3. Network – Network for this route.

4. Next_Hop – Inferred hostname of the next hop.

5. Next_Hop_IP – Route’s Next Hop IP.

6. Next_Hop_Interface – Route’s Next Hop Interface.

7. Protocol – Route’s Protocol.

8. Metric – Route’s Metric.

9. Admin_Distance – Route’s Admin distance.

10. Tag – Tag for this route.

class pybatfish.question.bfq.testRoutePolicies(*, nodes, policies, inputRoutes, direction, question_name)

Evaluates the processing of a route by a given policy.

Find how the specified route is processed through the specified routing policies.

Parameters

• nodes (nodeSpec) –

  Required. Only examine filters on nodes matching this specifier.

  Default value: .*

• policies (string) –

  Required. Only consider policies that match this specifier.

  Default value: .*

• inputRoutes (bgpRoutes) – Required. The BGP route announcements to test the policy on.

• direction (string) –

  Required. The direction of the route, with respect to the device (IN/OUT). Allowed values:

  • in: The route is inbound to the device

  • out: The route is outbound from the device

Specifier resolvers

Questions that resolve specifier expressions.

class pybatfish.question.bfq.resolveFilterSpecifier(*, filters, grammarVersion, nodes, question_name)

Returns the set of filters corresponding to a filterSpec value.

Helper question that shows how specified filterSpec values resolve to the filters in the network.

Parameters

• filters (filterSpec) – Required. Input to the FilterSpecifier.

• grammarVersion (string) – Version of grammar to use for resolution.

• nodes (nodeSpec) –

  Input to the NodeSpecifier that specifies the set of nodes that should be considered.

  Default value: /.*/

Return table columns:

1. Node

2. Filter_Name – Filter name.

class pybatfish.question.bfq.resolveInterfaceSpecifier(*, interfaces, grammarVersion, nodes, question_name)

Returns the set of interfaces corresponding to an interfaceSpec value.

Helper question that shows how specified interfaceSpec values resolve to the interfaces in the network.

Parameters

• interfaces (interfacesSpec) – Required. Input to the interfaceSpecifier.

• grammarVersion (string) – Version of grammar to use for resolution.

• nodes (nodeSpec) –

  Input to the NodeSpecifier that specifies the set of nodes that should be considered.

  Default value: /.*/

Return table columns:

1. Interface

class pybatfish.question.bfq.resolveIpSpecifier(*, ips, grammarVersion, question_name)

Returns the IP address space corresponding to an ipSpec value.

Helper question that shows how specified ipSpec values resolve to IPs.

Parameters

• ips (ipSpaceSpec) – Required. Input to the IP space specifier.

• grammarVersion (string) – Version of grammar to use for resolution.

Return table columns:

1. IP_Space – IP space.

class pybatfish.question.bfq.resolveIpsOfLocationSpecifier(*, locations, grammarVersion, question_name)

Returns IPs that are auto-assigned to locations.

Helper question that shows IPs that will be assigned to specified locationSpec values by questions are automatically pick IPs based on locations.

Parameters

• locations (locationSpec) – Required. Input to the LocationSpecifier.

• grammarVersion (string) – Version of grammar to use for resolution.

Return table columns:

1. Locations – Resolution.

2. IP_Space – IP space.

class pybatfish.question.bfq.resolveLocationSpecifier(*, locations, grammarVersion, question_name)

Returns the set of locations corresponding to a locationSpec value.

Helper question that shows how specified locationSpec values resolve to the locations in the network.

Parameters

• locations (locationSpec) – Required. Input to the LocationSpecifier.

• grammarVersion (string) – Version of grammar to use for resolution.

Return table columns:

1. Location

class pybatfish.question.bfq.resolveNodeSpecifier(*, nodes, grammarVersion, question_name)

Returns the set of nodes corresponding to a nodeSpec value.

Helper question that shows how specified nodeSpec values resolve to the nodes in the network.

Parameters

• nodes (nodeSpec) – Required. Input to the NodeSpecifier.

• grammarVersion (string) – Version of grammar to use for resolution.

Return table columns:

1. Node

Initialization information questions

Question that reveal how well Batfish understood input data.

class pybatfish.question.bfq.fileParseStatus(*, question_name)

Displays file parse status.

For each file in a snapshot, returns the host(s) that were produced by the file and the parse status: pass, fail, partially parsed.

Return table columns:

1. File_Name – The file that was parsed.

2. Status – The status of the parsing operation.

3. Nodes – Names of nodes produced from this file.

class pybatfish.question.bfq.initIssues(*, question_name)

Returns issues encountered when processing the snapshot.

Reports issues encountered by Batfish, including failure to recognize certain lines in the configuration, lack of support for certain features, and errors when converting to vendor-independent models.

Return table columns:

1. Nodes – The nodes that were converted (if applicable).

2. Source_Lines – The files and lines that caused the issues (if applicable).

3. Type – The type of issues identified.

4. Details – Details about the issues identified.

5. Line_Text – The text of the input files that caused the issues (if applicable).

6. Parser_Context – Batfish parser state when issues were encountered (if applicable).

class pybatfish.question.bfq.parseWarning(*, aggregateDuplicates, question_name)

Returns warnings that occurred when parsing the snapshot.

Return warnings such as failure to recognize certain lines and lack of support for certain features.

Parameters

aggregateDuplicates (boolean) – Whether to aggregate duplicate results.

Return table columns:

1. Filename – The file that was parsed.

2. Line – The line number in the input file that caused the warning.

3. Text – The text of the input that caused the warning.

4. Parser_Context – The context of the Batfish parser when the warning occurred.

5. Comment – An optional comment explaining more information about the warning.

class pybatfish.question.bfq.viConversionStatus(*, question_name)

Displays vendor independent conversion status.

For each node in a snapshot, returns the vendor independent conversion status: pass, fail, converted with warnings.

Return table columns:

1. Node – The node that was converted.

2. Status – The status of the conversion operation.

class pybatfish.question.bfq.viConversionWarning(*, question_name)

Returns Batfish warnings that occurred when converting to vendor independent model.

When converting configurations to a vendor independent model Batfish may generate warnings for unsupported features and for unexpected configurations (e.g., missing definitions). This question lists those warnings.

Return table columns:

1. Node – The node that caused the warning.

2. Type – The type of the warning.

3. Comment – The description of the warning.

Other questions

Questions that do not belong to any other category

class pybatfish.question.bfq.filterTable(*, innerQuestion, columns, filter, question_name)

Returns subset of answer for a question.

Return a subset of the answer generated by the inner question. The results are trimmed first by row and then by column. Rows where any value matches the filter are returned. The columns returned for each row is restricted by the column specifier.

Parameters

• innerQuestion (question) – Required. The inner question whose answer should be filtered.

• columns (string) – The set of columns to fetch.

• filter (string) – The filter to use.