Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
314 lines (208 sloc) 9.14 KB

Assertions supported by bf_assert module

assert_all_flows_fail

Assert that all packets with specified start locations and headers fail

  • This is an all-to-all test that analyzes all (start location, header) combinations
  • If any flow (start location, header) can reach its destination, this assertion will return false.
  • If no flow (start location, header) can reach its destination, this assertion will return true.
  • This assertion is used to evaluate the security of select destinations in the network.

The following parameters may be specified for this assertion:

parameter type required default comments
headers
dict yes
startLocation
str yes

assert_all_flows_succeed

Assert that all packets with specified start locations and headers are successful

  • This is an all-to-all test that analyzes all (start location, header) combinations
  • If any flow (start location, header) cannot reach its destination, this assertion will return false.
  • If all flows (start location, header) can reach its destination, this assertion will return true.
  • This assertion is used to evaluate the accessibility of select destinations in the network.

The following parameters may be specified for this assertion:

parameter type required default comments
headers
dict yes
startLocation
str yes

assert_filter_has_no_unreachable_lines

Assert that the filters (e.g., ACLs) have no unreachable lines

  • A filter line is considered unreachable if it will never match a packet, e.g., because its match condition is empty or covered completely by those of prior lines.
  • This test will fail if any line in any of the specified filter(s) is unreachable.

The following parameters may be specified for this assertion:

parameter type required default comments
filters
dict yes

assert_filter_denies

Assert that the specified filters (e.g., ACLs) deny specified headers

  • This test will fail if any packet in the specified header space is permitted by any of the specified filter(s).

The following parameters may be specified for this assertion:

parameter type required default comments
filters
dict yes
headers
dict yes

assert_filter_permits

Assert that the specified filters (e.g., ACLs) permit specified headers

  • This test will fail if any packet in the specified header space is denied by any of the specified filter(s).

The following parameters may be specified for this assertion:

parameter type required default comments
filters
dict yes
headers
dict yes

assert_no_forwarding_loops

Assert that there are no forwarding loops

  • This test will fail if any flow will experience a forwarding loop in the snapshot.
  • This test takes no parameters.

assert_no_incompatible_bgp_sessions

Assert that all BGP sessions are compatibly configured

  • This test finds all pairs of BGP session endpoints in the snapshot and will fail if the configuration of any pair is incompatible.
  • This test takes no parameters.

assert_no_incompatible_ospf_sessions

Assert that all OSPF sessions are compatibly configured and established

  • This test finds all pairs of OSPF session endpoints in the snapshot and will fail if any pair is incompatible or otherwise unable to establish an OSPF session.
  • This test takes no parameters.

assert_no_unestablished_bgp_sessions

Assert that all compatibly-configured BGP sessions are established

  • This test fails if there are any BGP session in the snapshot that are compatibly configured but will not be established (e.g., due to ACLs).
  • This test takes no parameters.

assert_no_undefined_references

Assert that there are no undefined references

  • This test will fail if any device configuration refers to a structure (e.g., ACL, prefix-list, routemap) that is not defined in the configuration.
  • This test takes no parameters.
You can’t perform that action at this time.