Batfish introduction
Batfish is a configuration compliance tool, amongst other things.
Here are my notes on getting setup with batfish with JunOS configuration. I’m using offline configs (think: RANCID or Oxidized config backups).
Batfish introduction
Getting your JunOS config ready
Gather your configuration from either RANCID or jlogin (Or whatever you have):
jlogin -c "show configuration" ${ROUTER} &> ${ROUTER}.cfg ; dos2unix ${ROUTER}.cfg; cat ${ROUTER}.cfg | gsed -n '/^\#\#\ Last/,//p' | grep -vE '(\@.*\>|^Connection)' > batfish/snapshots/configs/${ROUTER}.cfg
Getting batfish setup
- Follow install instructions on Their GitHub page
- If you get a failure to execute command
batfish_build_all, ensure yousource tools/common.sh - You can do your first run with
allinone -runmode interactive
Importing your configuration
You will need a directory (
batfish/snapshotsin my example) to store files.$ tree | grep -v cfg . ├── configs └── node_rules.json 1 directory, 119 filesPlace the configurations into
batfish/snapshots/configsCreate a
node_rules.json(Example 1, Example 2). Place this inbatfish/snapshotsFrom here, you’ll want to import your configuration (This will take some time)
init-snapshot batfish/snapshots/ MY_IMPORTED_NETWORK
Checking for import issues
First run, I encountered a parse issue. Here is some useful commands that helped me find it :
# Get import information get initinfo # Set the log levels to debug set-batfish-loglevel debug set-loglevel debug # Delete the named import and re-import it del-snapshot MY_IMPORTED_NETWORK init-snapshot batfish/snapshots/ MY_IMPORTED_NETWORK -
Sample commands to start to parse your data
-
# See what's connected to what get neighbors get neighbors neighborTypes=["ibgp"] # See a list of nodes, filtered by regex REGEX_GOES_HERE get nodes summary=True, nodeRegex='REGEX_GOES_HERE' # Find all interfaces which have a description 'Peering', display their description only (Query uses JSONPath syntax) get nodespath paths=[{"path":"$.nodes[*].interfaces[*][?(@.description =~ /.*Peering.*/i)].description", "suffix":True }]