Batfish: A General Approach to Network Configuration Analysis

We present an approach to detect network configuration errors, which combines the benefits of two prior approaches. Like prior techniques that analyze con- figuration files, our approach can find errors proactively, before the configuration is applied, and answer “what if” questions. Like prior techniques that analyze data-plane snapshots, our approach can check a broad range of for- warding properties and produce actual packets that vio- late checked properties. We accomplish this combination by faithfully deriving and then analyzing the data plane that would emerge from the configuration. Our derivation of the data plane is fully declarative, employing a set of logical relations that represent the control plane, the data plane, and their relationship. Operators can query these relations to understand identified errors and their provenance. We use our approach to analyze two large university networks with qualitatively different routing designs and find many misconfigurations in each. Operators have confirmed the majority of these as errors and have fixed their configurations accordingly.

Batfish Talk @ NSDI'15

Further Reading

Main Website: https://www.batfish.org/

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein; A General Approach to Network Configuration Analysis. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI'15). 2015
Open Website Download PDF Document Download MPEG-4 Video More Information

Getting the Source

The Batfish source code is hosted on GitHub. To create a local copy of the repository run: 

git clone https://github.com/batfish/batfish.git

People

  • Ari Fogel (UCLA)
  • Stanley Fung (UCLA)
  • Luis Pedrosa (USC)
  • Meg Walraed-Sullivan (Microsoft)
  • Ramesh Govindan (USC)
  • Ratul Mahajan (Microsoft)
  • Todd Millstein (UCLA)