Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve their network, without fear of outages or security breaches.
Got questions, feedback, or feature requests? Join our community on Slack!
Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices).
A primary use case for Batfish is to validate configuration changes before deployment (though it can be used to validate deployed configurations as well). Pre-deployment validation is a critical gap in existing network automation workflows. By including Batfish in automation workflows, network engineers can close this gap and ensure that only correct changes are deployed.
Batfish does NOT require direct access to network devices. The core analysis requires only the configuration of network devices. This analysis may be enhanced using additional information from the network such as: * BGP routes received from external peers * Topology information represented by LLDP/CDP
See www.batfish.org for technical information on how it works.
Getting started with Batfish is easy. Just pull and run the latest
allinoneDocker container that includes Batfish as well as example Jupyter notebooks.
docker pull batfish/allinone
docker run --name batfish -v batfish-data:/data -p 8888:8888 -p 9997:9997 -p 9996:9996 batfish/allinone
The second command starts the Batfish service and maps the necessary TCP ports.
On Linux systems that run the OOM Killer, you may also wish to supply the
--oom-kill-disableargument, which runs in conjunction with the
--memoryargument to prevent Linux from killing Batfish when there is memory pressure on the system.
If you are new to Batfish, consider walking through our notebooks which highlight different capabilities and use cases of Batfish. Point your browser to http://localhost:8888, and in the
Password or token:prompt, enter the token that Jupyter showed when you ran the container (e.g. token=abcdef123456...).
Jupyter will show you the list of available notebooks. "Getting Started with Batfish" is a good one to start with. This README explains what each notebook does.
To analyze your network configurations, you also need Pybatfish, a Python 3 SDK to interact with the Batfish service. Though not strictly necessary, we recommend that you install Pybatfish in a virtual environment.
To install Pybatfish run the following commands (in a virtual environment if applicable):
python3 -m pip install --upgrade pybatfish
After installing Pybatfish, use your Python environment of choice (e.g., PyCharm, interactive Python shell, Jupyter, ..) to interact with Batfish. The notebooks provide examples of such scripts.
See complete documentation of Pybatfish on readthedocs.
Batfish can be run on any operating system that supports Docker. The containers are actively tested on Mac OS X and Ubuntu 16.04 LTS.
To get started with the example Jupyter notebooks, all you need is a reasonably capable laptop:
When you transition to running Batfish on your own network, we recommend a server that at least has:
Batfish supports configurations for a large and growing set of (physical and virtual) devices, including:
Batfish has limited support for the following platforms:
Batfish is released under The Apache Software License, Version 2.0. All third-party dependencies are compatible with this licensing. A full list of dependencies and their licenses can be generated by running
mvn -f projects license:aggregate-add-third-party.