https://github.com/batfish/batfish Skip to content Navigation Menu Toggle navigation Sign in * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + GitHub Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Resources + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Enterprise + Enterprise platform AI-powered developer platform Available add-ons + Advanced Security Enterprise-grade security features + GitHub Copilot Enterprise-grade AI features + Premium Support Enterprise-grade 24/7 support * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} batfish / batfish Public * Notifications You must be signed in to change notification settings * Fork 229 * Star 1.1k * Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve their network, without fear of outages or security breaches. www.batfish.org License Apache-2.0 license 1.1k stars 229 forks Branches Tags Activity Star Notifications You must be signed in to change notification settings * Code * Issues 266 * Pull requests 5 * Actions * Wiki * Security * Insights Additional navigation options * Code * Issues * Pull requests * Actions * Wiki * Security * Insights batfish/batfish This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. master BranchesTags Go to file Code Folders and files Last commit Last Name Name message commit date Latest commit History 12,419 Commits .github .github docs docs networks networks projects projects python python questions questions skylark skylark tests tests tools tools .bazel-steward.yaml .bazel-steward.yaml .bazelignore .bazelignore .bazelrc .bazelrc .bazelversion .bazelversion .codecov.yml .codecov.yml .gitattributes .gitattributes .gitignore .gitignore .pre-commit-config.yaml .pre-commit-config.yaml .spr.yml .spr.yml .trivyignore .trivyignore BUILD.bazel BUILD.bazel CONTRIBUTING.md CONTRIBUTING.md LICENSE LICENSE README.md README.md WORKSPACE WORKSPACE batfish_notebook.png batfish_notebook.png batfish_video.png batfish_video.png library_deps.bzl library_deps.bzl maven_install.json maven_install.json View all files Repository files navigation * README * Apache-2.0 license Got questions, feedback, or feature requests? Join our community on Slack! codecov What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices). A primary use case for Batfish is to validate configuration changes before deployment (though it can be used to validate deployed configurations as well). Pre-deployment validation is a critical gap in existing network automation workflows. By including Batfish in automation workflows, network engineers can close this gap and ensure that only correct changes are deployed. Batfish does NOT require direct access to network devices. The core analysis requires only the configuration of network devices. This analysis may be enhanced using additional information from the network such as: * BGP routes received from external peers * Topology information represented by LLDP/CDP See www.batfish.org for technical information on how it works. What kinds of correctness checks does Batfish support? [batfish_video] [batfish_notebook] The Batfish YouTube channel (subscribe!) and Python notebooks illustrate many checks. Batfish checks span a range of network behaviors. Configuration Compliance * Flag undefined-but-referenced or defined-but-unreferenced structures (e.g., ACLs, route maps) * Configuration settings for MTUs, AAA, NTP, logging, etc. match templates * Devices can only be accessed using SSHv2 and password is not null Reliability * End-to-end reachability is not impacted for any flow after any single-link or single-device failure * Certain services (e.g., DNS) are globally reachable Security * Sensitive services can be reached only from specific subnets or devices * Paths between endpoints are as expected (e.g., traverse a firewall, have at least 2 way ECMP, etc...) Change Analysis * End-to-end reachability is identical across the current and a planned configuration * Planned ACL or firewall changes are provably correct and causes no collateral damage for other traffic * Two configurations, potentially from different vendors, are functionally equivalent How do I get started? 1. Run the Batfish service Getting started with Batfish is easy. Just pull and run the latest allinone Docker container that includes Batfish as well as example Jupyter notebooks. docker pull batfish/allinone docker run --name batfish -v batfish-data:/data -p 8888:8888 -p 9997:9997 -p 9996:9996 batfish/allinone The second command starts the Batfish service and maps the necessary TCP ports. Advanced Docker configuration: The amount of memory available to Batfish is determined by the Docker configuration. You may wish to supply the --memory command-line argument to explicitly set this value. On Linux systems that run the OOM Killer, you may also wish to supply the --oom-kill-disable argument, which runs in conjunction with the --memory argument to prevent Linux from killing Batfish when there is memory pressure on the system. 2. Browse example notebooks (optional) If you are new to Batfish, consider walking through our notebooks which highlight different capabilities and use cases of Batfish. Point your browser to http://localhost:8888, and in the Password or token: prompt, enter the token that Jupyter showed when you ran the container (e.g. token=abcdef123456...). Jupyter will show you the list of available notebooks. "Getting Started with Batfish" is a good one to start with. This README explains what each notebook does. 3. Install Pybatfish To analyze your network configurations, you also need Pybatfish, a Python 3 SDK to interact with the Batfish service. Though not strictly necessary, we recommend that you install Pybatfish in a virtual environment. To install Pybatfish run the following commands (in a virtual environment if applicable): python3 -m pip install --upgrade pybatfish 4. Develop your analysis After installing Pybatfish, use your Python environment of choice (e.g., PyCharm, interactive Python shell, Jupyter, ..) to interact with Batfish. The notebooks provide examples of such scripts. See complete documentation of Pybatfish on readthedocs. System Requirements for running Batfish Batfish can be run on any operating system that supports Docker. The containers are actively tested on Mac OS X and Ubuntu 16.04 LTS. To get started with the example Jupyter notebooks, all you need is a reasonably capable laptop: * Dual core CPU * 8 GB RAM * 256 GB hard-drive When you transition to running Batfish on your own network, we recommend a server that at least has: * Quad-core CPU with 2 threads per CPU * 32 GB RAM * 256 GB hard-drive Supported Network Device and Operating System List Batfish supports configurations for a large and growing set of (physical and virtual) devices, including: * A10 Networks * Arista * AWS (VPCs, Network ACLs, VPN GW, NAT GW, Internet GW, Security Groups, etc...) * Cisco (All Cisco NX-OS, IOS, IOS-XE, IOS-XR and ASA devices) * Check Point * Cumulus * F5 BIG-IP * Fortinet * Free-Range Routing (FRR) * iptables (on hosts) * Juniper (All JunOS platforms: MX, EX, QFX, SRX, T-series, PTX) * Palo Alto Networks * SONiC Batfish has limited support for the following platforms: * Aruba * Dell Force10 * Foundry If you'd like support for additional vendors or currently-unsupported configuration features, let us know via Slack or GitHub. We'll try to add support. Or, you can -- we welcome pull requests! :) License and Dependencies Batfish is released under The Apache Software License, Version 2.0. All third-party dependencies are compatible with this licensing. About Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve their network, without fear of outages or security breaches. www.batfish.org Topics network configuration network-analysis network-automation network-security configuration-parser network-verification configuration-analysis network-validation Resources Readme License Apache-2.0 license Activity Custom properties Stars 1.1k stars Watchers 55 watching Forks 229 forks Report repository Releases 80 Batfish v2023.12.16 Latest Dec 19, 2023 + 79 releases Packages 0 No packages published Contributors 56 * @dhalperi * @arifogel * @ratulm * @progwriter * @anothermattbrown * @sfraint * @millstein * @corinaminer * @yifeiyuan * @kidsbear * @erikljungman * @github-actions[bot] * @mkremerbbn * @adrianliaw + 42 contributors Languages * Java 92.1% * ANTLR 7.0% * Other 0.9% Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.