Giters

batfish / batfish

Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve their network, without fear of outages or security breaches.

Home Page:http://www.batfish.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Incorrect 'send community' Property for BGP Peer groups

amar-ox opened this issue · comments

commented

aristaevpn.zip
Description:
In aristaevpn example snapshot, the peer 192.168.255.1 in the group EVPN-OVERLAY-PEERS (and a few other peers also) has their 'send community' property set to false. According to the configuration, this property should be set to true.

Runnable example

import requests
import os
from pybatfish.client.session import Session

SNAPSHOT_URL = "https://github.com/user-attachments/files/15539543/aristaevpn.zip"
SNAPSHOT_PATH = "aristaevpn.zip"
SNAPSHOT_NAME = "aristaevpn"

response = requests.get(SNAPSHOT_URL)

if response.status_code == 200:
    # Save the file to the local path
    with open(SNAPSHOT_PATH, 'wb') as file:
        file.write(response.content)

bf = Session(host="localhost")


bf.set_network("github-bug-report")
bf.init_snapshot(SNAPSHOT_PATH, name=SNAPSHOT_NAME, overwrite=True)

# Verify that Batfish recognized the vendor format correctly
print(bf.q.fileParseStatus().answer())

# Insert command(s) below to demonstrate the problem
bgppeers = bf.q.bgpPeerConfiguration(nodes='/DC1-SVC3A/', properties="Peer_Group, Send_Community").answer().frame()
bgppeers = bgppeers[bgppeers['Remote_IP'] == '192.168.255.1']
display(bgppeers)

Produced output
Node VRF Local_Interface Remote_IP Peer_Group Send_Community
3 dc1-svc3a default None 192.168.255.1 EVPN-OVERLAY-PEERS False

commented

Sorry, a few confusions.

  1. Where did you post the example network you're using? I can't run your code as-is.
  2. Seems like you didn't post the output of the commands you ran, either.
commented

Updated the code, should be run as-is.
Added the produced output.

commented

This is an interesting one. Basically, these properties are actually overrideable at the address family level, so there's not really such as thing as "send-community" at the peer level. E.g., you can set it default true and turn it off for IPV4 Unicast, or you can set it off and turn it on for IPV4 Unicast.

What we did before is just report the IPV4 Unicast value, but this gave bad results when IPV4 was not on.

Now we fall back to the "first" address-family of interest, which is to say IPV4 then fallback to EVPN.