A proactive network analysis and bug-finding tool
To get started with Minesweeper, simply install the Batfish analysis framework. This requires installtions of Java 8 and Maven. Then run the command shown on the right to build Batfish.
batfish: $ batfish_build_all
Minesweeper lets you run a number of different "what if" analyses against unmodified router configurations. It can also take into account the possibility of eBGP messages from external peers as well as network link failures.
To get started, lets consider running a reachability query on an example campus network.
The first step is to start up the Batfish service and load the configurations into Batfish.
batfish: $ allinone -runmode interactive batfish> init_testrig test_rigs/smt-examples/CAMPUS1 Uploaded testrig. Parsing now. Status: SUCCESS PARSING SUMMARY STATISTICS Parsing results: Parsed successfully: 13 batfish>
The first command starts Batfish in interactive mode. The second command instructs Batfish to use the collection of configurations in the CAMPUS1 directory. The CAMPUS1 example directory simply has a single folder named configs/ that contains all of the router configurations for the network. The topology will be inferred from the configurations.
batfish> get smt-reachability ingressNodeRegex="as2border.*" | finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0" ========================================= Packet: --------------------- dstIp: 2.128.0.0 srcIp: 2.0.0.0 Environment Messages: --------------------- as2border2,FastEthernet1/0 (BGP): community 3:2: community as3_community: prefix: 2.128.0.0/25 protocol metric: 51 Final Forwarding: --------------------- as2border1,FastEthernet0/1 --> as2core1,FastEthernet0/0 as2border1,FastEthernet1/0 --> as2core2,FastEthernet0/1 as2core1,FastEthernet1/0 --> as2dist2,FastEthernet0/1 as2core2,FastEthernet1/0 --> as2dist1,FastEthernet0/0 as2dept1,FastEthernet1/0 --> _,_ as2dist1,FastEthernet1/0 --> as2dept1,FastEthernet0/0 as2dist2,FastEthernet1/0 --> as2dept1,FastEthernet0/1 =========================================
Here, Minesweeper is indicating that it found an example where one of the border routers will lose connectivity to the destination port. First, the example includes the particular packet that will not be reachable. Other fields of the packet have been determined to be irrelevant so they are not listed. The second part of the example is any eBGP advertisements from peers. In this case, a particular advertisement from a peer with certain BGP community values attached, and a particular prefix length (/25) is present. Finally, Minesweeper shows the final forwarding behavior of the network in terms of the interface each router will use to forward the packet.
The problem here is that the eBGP advertisment from AS3 will override the BGP decision process and influence the as2border2 router to forward to AS3 instead. To fix the problem, we should filter routers internal to our network from external peers. This has already been done in the CAMPUS2 example. Reload the configurations and run the query again.
batfish> init_testrig test_rigs/smt-examples/CAMPUS2 Uploaded testrig. Parsing now. Status: SUCCESS PARSING SUMMARY STATISTICS Parsing results: Parsed successfully: 13 batfish> get smt-reachability ingressNodeRegex="as2border.*" | finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0" Verified batfish>
We can also check that reachability will continue to hold after any k link failures occur. To do so, we just add an argument specifying the number of failures to consider. Here the tool can prove that reachability will remain for any single failure.
batfish> get smt-reachability ingressNodeRegex="as2border.*" | finalNodeRegex="as2dept1" | finalIfaceRegex="FastEthernet1/0" | failures=1 Verified batfish>
To see examples of other queries supported by Minesweeper, look in the batfish/tests/java-smt/commands file.