Using open source tools to validate network configuration

Bugs in network configuration can lead to security breaches and significant downtime, which in turn leads to monetary losses and damages the organizations reputat …

Bugs in network configuration can lead to security breaches and significant downtime, which in turn leads to monetary losses and damages the organization’s reputation. At the same time, network configuration is hard to get right because of the scale and heterogeneity of modern networks, the low-level nature of vendor configuration languages, and the complexity of intended policies. The emerging field of formal network validation is a direct response to this challenge. Researchers have recently developed a range of techniques to scalably and comprehensively reason about the correctness of the network configuration. I will present a network validation tool, called Batfish (www.batfish.org), along with its new Python client library, which is completely open source and has been used successfully inside many large networks. The talk will cover its software architecture, provide a hands-on view of using it for common validation tasks, and how the technology can be embed into the network’s lifecycle. The talk will include a detailed discussion of many bugs that Batfish has uncovered in real large networks.