Mantra Networking Mantra Networking

Batfish: Analysis Output

Batfish: Analysis Output
Created By: Lauren R. Garcia

Table of Contents

  • Overview
  • Routing Table Analysis
  • Interface Status and Configuration Results
  • Access Control List (ACL) Evaluation
  • BGP Session and Route Analysis
  • Configuration Parse Status
  • Differential Analysis (Comparing Snapshots)
  • Typical Post-Processing with Batfish Output
  • Conclusion

Batfish: Analysis Output Overview

What Is Batfish Analysis Output?

Batfish analysis output refers to the structured results produced by Batfish when it ingests, parses, and examines network device configurations. Batfish, an open-source network configuration analysis tool, simulates your network’s control plane and computes outcomes such as routing tables, interface statuses, security policy behaviors, and more. The generated output includes tables, dataframes, and detailed lists capturing the operational intent and current state across your network, helping you visualize the exact “as-implemented” status.

Why Should You Care About Batfish Analysis Output?

Understanding Batfish’s analysis output brings several advantages to network engineers, architects, and security professionals:

  • Verification of Network Intent: Confirms that configurations match your documented design expectations, ensuring that routing, security, and connectivity requirements are met before deployment or after changes.
  • Troubleshooting and Audit Readiness: Quickly spots inconsistencies, configuration errors, missing routes, and policy gaps, reducing the time spent tracking down issues across large-scale environments.
  • Change Management Confidence: Compares snapshots before and after changes so you can confidently validate the effect of network updates, migrations, or rollbacks.
  • Automation and Compliance: The structured nature of the output can be integrated into automation pipelines or compliance checks, supporting proactive management and reducing manual effort.
  • Enhanced Visibility: Delivers actionable insight into not just individual device states, but whole-network operational health—ideal for both ongoing operations and pre-change validation.

How Does Batfish Analysis Output Work?

The process of using Batfish to generate and interpret analysis output involves several steps:

  1. Input Configuration Loading: Batfish takes snapshots of device configurations (from routers, switches, firewalls) as input.
  2. Parsing and Modeling: The tool ingests and parses these configs, building a comprehensive model of the network’s logical topology, interfaces, routing, and security policies.
  3. Simulated Analysis: Batfish performs a variety of queries—such as computing routing table entries, evaluating ACL effects, or testing reachability between endpoints—just as if the devices were active.
  4. Structured Result Generation: Each analysis produces structured output, often in table or dataframe format, that details the relevant findings (e.g., a full routing table per node, ACL match results, interface status inventories).
  5. Interpretation and Action: Users review the output, identify discrepancies, validate configuration intent, and can export or automate further processing using scripts or dashboarding tools.

Batfish analysis output transforms raw configuration files into meaningful, actionable data, empowering you to operate, secure, and evolve your network with greater confidence and efficiency.

Routing Table Analysis

Understanding the routing table output is foundational for verifying network reachability, path selection, and the operational state of routing protocols. Batfish provides clear tables summarizing forwarding information base (FIB) entries across all analyzed nodes.

  1. Snapshot Loading:
    Load the network snapshot that you want to analyze into Batfish. This snapshot may contain device configurations from your production, test, or intended network state.
  2. Trigger Routing Analysis:
    Use Batfish queries such as bfq.routes() or similar from the Batfish SDK or CLI to retrieve computed routing tables for one or more nodes.
  3. Inspect Output Table:
    Review the resulting table, which typically includes columns such as:
    • Node: Device name (e.g., router or switch)
    • Network: Destination subnet covered by the route
    • Next Hop IP: Next device or gateway for forwarding traffic
    • Interface: Outgoing interface used for the route
    • Protocol: Route source (e.g., OSPF, BGP, Static)

    Example:
    Node Network Next Hop IP Interface Protocol
    R1 10.0.0.0/24 192.0.2.2 eth0 OSPF
    R1 0.0.0.0/0 198.51.100.1 eth1 Static
    R2 10.0.0.0/24 192.0.2.1 eth0 OSPF
  4. Applications:
    Use this detailed data to:
    • Validate that all intended routes are present on each device
    • Audit routing policies and protocol operations
    • Spot unexpected or missing routes, which could indicate configuration errors or protocol issues

Interface Status and Configuration Results

Analyzing interface status and configuration results is crucial for verifying physical and logical connectivity, identifying misconfigurations, and ensuring interfaces operate as expected across your network devices. Batfish outputs structured tables that succinctly display interface properties and any detected issues.

  1. Load Snapshot:
    Begin by loading the network snapshot into Batfish that contains your device configurations. This snapshot represents the current or intended network state for analysis.
  2. Run Interface Analysis Query:
    Execute queries such as bfq.interfaces() or similar methods in the Batfish SDK or CLI to extract interface details across nodes.
  3. Review Output Table:
    Examine the resulting table, which commonly includes the following columns:
    • Node: Device name (e.g., router or switch)
    • Interface: Interface name (e.g., eth0, GigabitEthernet0/1)
    • Status: Operational state of the interface (e.g., Up, Down)
    • IP Address: Interface IP address and prefix (if assigned)
    • Issues: Any anomalies or mismatches found during analysis

    Example:
    Node Interface Status IP Address Issues
    R1 eth0 Up 192.0.2.1/24 -
    R1 eth1 Down 198.51.100.1/30 Mismatch
  4. Use Cases:
    This information helps in:
    • Spotting interfaces that are administratively down or physically disconnected
    • Verifying IP addressing and identifying overlaps or misconfigurations
    • Detecting inconsistencies that might cause connectivity problems or routing issues

Access Control List (ACL) Evaluation

Evaluating Access Control Lists (ACLs) is essential for understanding and verifying the security policies applied to network traffic flows. Batfish provides a structured analysis of ACL results, demonstrating the impact of rule order, match conditions, and default actions across devices.

  1. Load Configuration Snapshot:
    Import your network configuration snapshot into Batfish, containing the ACL definitions for routers, switches, or firewalls.
  2. Run ACL Evaluation:
    Initiate queries such as bfq.filterLineReachability() or related ACL evaluation commands in the Batfish SDK or CLI. These queries simulate packet flows to determine rule matches and resulting actions.
  3. Examine the Output Table:
    Review the resulting table, which typically presents these columns:
    • Node: Device evaluated
    • ACL Name: Filter or ACL applied
    • Action: What happens to the matching packet (e.g., Permit, Deny)
    • Src IP: Source IP or network
    • Dst IP: Destination IP or network
    • Protocol: IP protocol or transport type (e.g., TCP, UDP, ICMP)
    • Remarks: Notes, such as intent or function

    Example:
    Node ACL Name Action Src IP Dst IP Protocol Remarks
    R1 OUTBOUND Permit 192.0.2.0/24 203.0.113.0/24 TCP Allow HTTPS
    R1 OUTBOUND Deny 0.0.0.0/0 0.0.0.0/0 Any Block all else
  4. Analysis Benefits:
    This output lets you:
    • Verify that intended allow and block rules are functioning
    • Check for overly broad or missing rules that could cause security or connectivity issues
    • Ensure comments or remarks align with policy intent for better documentation

BGP Session and Route Analysis

BGP (Border Gateway Protocol) session and route analysis lets you check the health and behavior of dynamic routing relationships, verify route exchanges, and detect issues impacting network reachability. Batfish extracts and presents information about BGP peers, session states, and the routes exchanged across your network.

  1. Load Network Snapshot:
    Start by loading the snapshot with your network device configurations into Batfish. This should represent the network as it is currently deployed or as you intend it to be.
  2. Query BGP Information:
    Use queries such as bfq.bgpSessionStatus() or related methods available in the Batfish SDK or CLI to obtain data about BGP neighbor relationships and advertised routes.
  3. Review Session Status Table:
    Review the table that summarizes the BGP peering details, such as:
    • Node: Device name (e.g., router)
    • Peer IP: IP address of the BGP neighbor
    • ASN: Autonomous System Number of the neighbor
    • State: Status of the BGP session (e.g., Established, Idle)
    • Uptime: How long the session has been active
    • Messages Sent: Number of BGP messages sent to peer
    • Messages Received: Number of BGP messages received from peer

    Example:
    Node Peer IP ASN State Uptime Messages Sent Messages Received
    R1 203.0.113.2 65002 Established 02:37:15 320 318
  4. Analyze Advertised and Received Routes:
    Optionally, examine additional outputs that show which prefixes are being advertised to or accepted from each neighbor, enabling deeper verification of routing policy compliance.
  5. Use Cases:
    This analysis can help you:
    • Confirm that all BGP sessions are successfully established
    • Detect unstable, idle, or failed peerings that might impact connectivity
    • Audit route advertisements and reception per peer for policy alignment and troubleshooting

Configuration Parse Status

Checking the configuration parse status is important to quickly identify which device configuration files have been successfully loaded and parsed by Batfish, and which have errors preventing analysis. This step ensures the completeness and validity of your snapshot before deeper queries.

  1. Load Configuration Snapshot:
    Import your network device configurations into Batfish as a snapshot.
  2. Run Parse Status Query:
    Execute queries such as bfq.parseStatus() or use commands in the Batfish SDK or CLI that provide the parsing results for each config file.
  3. Review Status Table:
    Examine the output table, which typically has these columns:
    • File_Name: Name of the configuration file
    • Status: Parsing outcome (e.g., PASSED, FAILED)
    • File_Format: Device type or OS format detected (e.g., Cisco IOS, Juniper JUNOS)
    • Nodes: Logical node names created from this config file

    Example:
    File_Name Status File_Format Nodes
    config_r1.txt PASSED Cisco IOS R1
    config_r2.txt FAILED Cisco IOS R2
  4. Use Cases:
    Parsing results help you:
    • Quickly locate syntax or format errors preventing device inclusion in analysis
    • Verify all expected devices are processed and accounted for
    • Assist troubleshooting by identifying problematic config files early

Differential Analysis (Comparing Snapshots)

Differential analysis enables comparison between two network snapshots to identify and understand changes that have occurred over time. Batfish highlights additions, removals, and modifications across configurations, routing, ACLs, and other network elements, making it easier to validate migrations, updates, or rollback effects.

  1. Prepare Two Snapshots:
    Collect two network snapshots representing the different points in time you want to compare, such as before and after a change or migration.
  2. Load Both Snapshots into Batfish:
    Import the snapshots separately and ensure both are accessible within your Batfish environment for comparison.
  3. Run Differential Queries:
    Use Batfish differential query functions like bfq.differential() or relevant methods specialized for comparing specific elements (e.g., routes, ACLs, interfaces).
  4. Review Output Table:
    Examine the table which typically includes:
    • Change Type: Nature of change (e.g., Added, Removed, Modified)
    • Node: Device affected by the change
    • Affected Object: The specific network element that changed (e.g., Route, ACL Entry)
    • Old Value: The value or configuration before the change (if applicable)
    • New Value: The value or configuration after the change (if applicable)

    Example:
    Change Type Node Affected Object Old Value New Value
    Added R2 Route 10.0.2.0/24 - 192.0.2.2
    Removed R1 ACL Entry Permit TCP -
  5. Practical Uses:
    Utilizing differential analysis helps to:
    • Verify that planned changes have been correctly applied
    • Spot unexpected or unauthorized modifications
    • Support troubleshooting by isolating what changed between two network states

Typical Post-Processing with Batfish Output

Post-processing Batfish output transforms raw analysis results into actionable insights and generates reports for compliance, auditing, and troubleshooting. Most Batfish results are returned as structured data (often as Pandas DataFrames), making it simple to integrate with a broad range of data analysis tools.

  1. Export Results for Further Analysis:
    Save Batfish answer tables to formats such as CSV for use in scripting, dashboards, or documentation. In Python, this is often as simple as using to_csv() on a DataFrame. 
    output_df.to_csv("batfish_results.csv")
  2. Filter and Aggregate Data:
    Use standard data manipulation functions to highlight areas of concern, such as interfaces that are down, routes that are missing, or ACL rules that do not match policy. 
    
# Example: Find failed parse statuses
failed = parse_status[parse_status['Status'] != 'PASSED']
  3. Automate Compliance Checks:
    Integrate Batfish output into scripts or CI/CD pipelines to validate configurations automatically before or after network changes. This assists with continuous compliance and operational integrity.
  4. Visualize Findings:
    Build custom charts, dashboards, or summary tables using tools like Pandas, Matplotlib, or dashboard frameworks to communicate the health and compliance state across teams.
  5. Create Custom Reports:
    Compile post-processed outputs into documentation, audit logs, or governance reports for stakeholders and change boards.

Practical post-processing turns the detailed datasets from Batfish into powerful operational intelligence, tailored to your organization’s monitoring and reporting needs.

Conclusion

Throughout this blog post, we explored how Batfish’s analysis output provides comprehensive visibility into your network’s routing, interface states, security policies, and configuration integrity. By examining routing tables, interface configurations, ACL evaluations, BGP session details, parsing statuses, differential analysis, and tips for post-processing results, you are better equipped to validate, troubleshoot, and maintain your network infrastructure efficiently.

We saw the value of structured output data, which not only enhances understanding but also enables integration with automation and reporting tools to streamline operational workflows. This approach helps catch configuration discrepancies early, ensure compliance with network policies, and confidently manage network changes.

Harnessing Batfish in your toolset empowers you to bring automation, precision, and greater assurance to your network management practices.

Thank you for following along! If you have questions, comments, or want to share your experiences with Batfish, please feel free to reach out or leave a comment below. Happy networking!

Share Share Share Share Share Email