Skip to main content

Python API and utilities for Batfish

Project description

Got questions, feedback, or feature requests? Join our community on Slack!

codecov

Pybatfish

Pybatfish is a Python client for Batfish. Analytics

What is Batfish?

Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices).

A primary use case for Batfish is to validate configuration changes before deployment (though it can be used to validate deployed configurations as well). Pre-deployment validation is a critical gap in existing network automation workflows. By Batfish in automation workflows, network engineers can close this gap and ensure that only correct changes are deployed.

Batfish does NOT require direct access to network devices. The core analysis requires only the configuration of network devices. This analysis may be enhanced using additional information from the network such as:

  • BGP routes received from external peers
  • Topology information represented by LLDP/CDP

See www.batfish.org for technical information on how it works. Analytics

What kinds of correctness checks does Batfish support?

Getting to know Batfish

The Batfish YouTube channel (which you can subscribe to for new content) illustrates many types of checks. These checks span a range of network behaviors and device configuration attributes.

Configuration Compliance

  • Flag undefined-but-referenced or defined-but-unreferenced structures (e.g., ACLs, route maps)
  • Configuration settings for MTUs, AAA, NTP, logging, etc. match templates
  • Devices can only be accessed using SSHv2 and password is not null

Reliability

  • End-to-end reachability is not impacted for any flow after any single-link or single-device failure
  • Certain services (e.g., DNS) are globally reachable

Security

  • Sensitive services can be reached only from specific subnets or devices
  • Paths between endpoints are as expected (e.g., traverse a firewall, have at least 2 way ECMP, etc...)

Change Analysis

  • End-to-end reachability is identical across the current and a planned configuration
  • Planned ACL or firewall changes are provably correct and causes no collateral damage for other traffic
  • Two configurations, potentially from different vendors, are functionally equivalent

How do I get started?

If you haven't already installed Batfish, follow the instructions listed in the batfish github repository to do so.

Install Pybatfish

We highly recommend that you install Pybatfish in a Python 3 virtual environment. Details on how to set one up can be found here. Once your virtual environment is setup and activated, upgrade pip and then install pybatfish.

python3 -m pip install --upgrade pip
python3 -m pip install --upgrade git+https://github.com/batfish/pybatfish.git

Now, you are ready to evaluate your own network with Batfish. We encourage you to use Jupyter notebooks as your starting point, but you can use other methods that you are a comfortable with, e.g., an IDE like PyCharm or an interactive Python shell. If you choose to use Jupyter notebooks as your starting point, you need to install Jupyter in your virtual environment. Jupyter documentation can be found here - but the commands below will get you going.

python3 -m pip install jupyter
jupyter notebook

Our notebooks provide a quick start guide for different use cases. Beyond that, the complete documentation is available on readthedocs.

Pybatfish documentation

Complete documentation of pybatfish APIs is here.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

pybatfish-2019.11.5.282-py2.py3-none-any.whl (121.5 kB view details)

Uploaded Python 2Python 3

File details

Details for the file pybatfish-2019.11.5.282-py2.py3-none-any.whl.

File metadata

  • Download URL: pybatfish-2019.11.5.282-py2.py3-none-any.whl
  • Upload date:
  • Size: 121.5 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/3.6.8

File hashes

Hashes for pybatfish-2019.11.5.282-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 293218cb304ac8bd8db4249e18ea2f779873b8ac8494c30e2e5410890489baa6
MD5 fd15ede6550af5de5eca9c7836816c2a
BLAKE2b-256 e09c1a859d89095edd09ca62c777673cfedd8d30015a8d6079585036a0d8c137

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page