In [1]:
#imports

import os
from pybatfish.client.session import Session
import pandas as pd
import yaml
from os.path import abspath, dirname, join, pardir, realpath
from netaddr import *

%run ../code/bgp_route_helpers
%run ../code/gen_external_bgp_adverts

In [2]:
#pandas display options
pd.set_option("display.width", 300)
pd.set_option("display.max_columns", 20)
pd.set_option("display.max_rows", 1000)
pd.set_option("display.max_colwidth", -1)

In [3]:
#snapshot directory and path setup
_this_dir = os.getcwd()
_root_dir = abspath(join(_this_dir, pardir))

NETWORK = "Nanog-demo1"
BASE_SNAPSHOT_DIR = f"{_root_dir}/snapshots/demo1/base"
BASE_SNAPSHOT_NAME = "base"

# create BF session and 
try:
    bf = Session.get('bfe') #Batfish Enterprise
except:
    bf = Session.get('bf') #Batfish Open-source

# Demo Network
<style>
    .image {
        display: block; 
        margin-left: 20px; 
        margin-right: 20px; 
        width:50%; 
    }
</style>
<img src="./nanog-demo1-network.png" class="image">

In [4]:
# initialize snapshot
bf.set_network(NETWORK)
bf.init_snapshot(BASE_SNAPSHOT_DIR, name=BASE_SNAPSHOT_NAME, overwrite=True) 

'base'

In [5]:
# run some Batfish questions in real-time
bf.q.nodeProperties(nodes='pe1', properties="Interfaces, IP_Access_Lists, Route_Filter_Lists").answer().frame()

Unnamed: 0,Node,IP_Access_Lists,Interfaces,Route_Filter_Lists
0,pe1,['101'],"['Ethernet1', 'Ethernet2', 'Loopback0']",['customer1']


In [6]:
# run some Batfish questions in real-time
bf.q.bgpPeerConfiguration(nodes='pe1').answer().frame()

Unnamed: 0,Node,VRF,Local_AS,Local_IP,Local_Interface,Confederation,Remote_AS,Remote_IP,Route_Reflector_Client,Cluster_ID,Peer_Group,Import_Policy,Export_Policy,Send_Community,Is_Passive
0,pe1,default,60001,9.1.1.0,,,609,9.1.1.1,False,,,['customer1-in'],[],True,False
1,pe1,default,60001,10.1.1.0,,,60001,10.1.1.1,False,,,[],[],True,False


# Now let's see how we can check the policy compliance of this demo network

**We are going to use the Batfish Python SDK (pybatfish) with pytest to define and execute policy evaluation**

In [7]:
# run pytest in command line and capture the output
report_file = f"{_root_dir}/manrs_report.html"
stream = os.popen(f"python -m pytest -s {_root_dir}/policies --network={NETWORK} --snapshot={BASE_SNAPSHOT_NAME} --html={report_file} --tb=no --css={_root_dir}/policies/custom.css")
print(f"Report can be found at {report_file}")

Report can be found at /Users/samir/git/nanog78/manrs_report.html
