A proactive network analysis and bug-finding tool

To get started with Minesweeper, follow the steps below:

 
  1. Install the Batfish analysis framework. This requires installations of Java 8 and Ant.
  2.  
  3. From the main batfish directory, checkout the smt branch from the Batfish repository, switch to this branch, and recompile Batfish (right).
 
batfish: $ git checkout smt
batfish: $ batfish_build_all clean
batfish: $ batfish_build_all
                

Minesweeper lets you run a number of different "what if" analyses against unmodified router configurations. It can also take into account the possibility of eBGP messages from external peers as well as network link failures.

Loading Configurations

To get started, lets consider running a reachability query on an example campus network.

The first step is to start up the Batfish service and load the configurations into Batfish.

 
 
batfish: $ allinone -runmode interactive
batfish> init_testrig test_rigs/smt-examples/CAMPUS1
Uploaded testrig. Parsing now.
Status: SUCCESS
PARSING SUMMARY
STATISTICS
  Parsing results:
    Parsed successfully: 13

batfish>
                

The first command starts Batfish in interactive mode. The second command instructs Batfish to use the collection of configurations in the CAMPUS1 directory. The CAMPUS1 example directory simply has a single folder named configs/ that contains all of the router configurations for the network. The topology will be inferred from the configurations.

Running a Query

Lets now check reachability to a destination port on the department router for the network border routers. This is done with the following command:
 
 
batfish> get smt-reachability ingressNodeRegex="as2border.*" | 
finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0"

=========================================
Packet:
---------------------
dstIp: 2.128.0.0
srcIp: 2.0.0.0

Environment Messages:
---------------------
as2border2,FastEthernet1/0 (BGP):
  community 3:2:
  community as3_community:
  prefix: 2.128.0.0/25
  protocol metric: 51

Final Forwarding:
---------------------
as2border1,FastEthernet0/1 --> as2core1,FastEthernet0/0
as2border1,FastEthernet1/0 --> as2core2,FastEthernet0/1
as2core1,FastEthernet1/0 --> as2dist2,FastEthernet0/1
as2core2,FastEthernet1/0 --> as2dist1,FastEthernet0/0
as2dept1,FastEthernet1/0 --> _,_
as2dist1,FastEthernet1/0 --> as2dept1,FastEthernet0/0
as2dist2,FastEthernet1/0 --> as2dept1,FastEthernet0/1
=========================================
                

Here, Minesweeper is indicating that it found an example where one of the border routers will lose connectivity to the destination port. First, the example includes the particular packet that will not be reachable. Other fields of the packet have been determined to be irrelevant so they are not listed. The second part of the example is any eBGP advertisements from peers. In this case, a particular advertisement from a peer with certain BGP community values attached, and a particular prefix length (/25) is present. Finally, Minesweeper shows the final forwarding behavior of the network in terms of the interface each router will use to forward the packet.

Fixing the Issue

The problem here is that the eBGP advertisment from AS3 will override the BGP decision process and influence the as2border2 router to forward to AS3 instead. To fix the problem, we should filter routers internal to our network from external peers. This has already been done in the CAMPUS2 example. Reload the configurations and run the query again.

 
 
batfish> init_testrig test_rigs/smt-examples/CAMPUS2
Uploaded testrig. Parsing now.
Status: SUCCESS
PARSING SUMMARY
STATISTICS
  Parsing results:
    Parsed successfully: 13

batfish> get smt-reachability ingressNodeRegex="as2border.*" | 
finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0"

Verified
batfish>
                

Considering Failures

We can also check that reachability will continue to hold after any k link failures occur. To do so, we just add an argument specifying the number of failures to consider. Here the tool can prove that reachability will remain for any single failure.

 
 
batfish> get smt-reachability ingressNodeRegex="as2border.*" | 
finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0" |
failures=1

Verified
batfish>
                

Other queries

To see examples of other queries supported by Minesweeper, look in the batfish/tests/java-smt/commands file.

PrincetonPrinceton

Artboard 2vec

Conference Papers

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. A General Approach to Network Configuration Verification. To appear in ACM SIGCOMM Conference on Communications Architectures, Protocols and Applications (SIGCOMM), Los Angeles , California, August 2017. [ paper | slides]