These are the essential components that make up the Batfish Question Framework and enable powerful network analysis and validation:

• Question Engine: Processes and executes questions against network snapshots. It performs the analysis by interpreting question parameters and retrieving results from modeled network data.
• Question Types: Provides a variety of built-in question formats (such as reachability, routing, and ACL analysis) that users can select for targeted investigations into network behavior.
• Question Parameters: Customizable filters and constraints that define the scope or specifics of a question, including source and destination IPs, protocols, device names, and more.
• Snapshots: Represent the state of the network at a particular moment, including all device configurations and topology. Questions are run against these snapshots for consistent and reproducible results.
• Answer Objects: Structured output data produced by the question engine, delivered in tabular or JSON formats. These objects present findings for further analysis or automation workflows.

This section lists primary question categories available within the Batfish Question Framework, which help analyze various aspects of your network configuration and behavior.

• Reachability: Checks whether traffic can flow between specified source and destination endpoints within the network.
• Routing Policy: Validates the effects and correctness of routing policies applied on devices and their influence on route selection.
• Layer 2 Trace: Analyzes forwarding paths at Layer 2 to understand how frames traverse the switching fabric.
• Route Propagation: Examines how routes are advertised and propagated across different routing protocols.
• Configuration Diff: Compares two network snapshots to identify changes or differences in device configurations.
• Firewall Reachability: Tests connectivity under the constraints of firewall and ACL rules to determine allowed and blocked traffic flows.
• Access Control List (ACL): Queries how ACLs are applied and the impact they have on traffic filtering.
• Compliance: Checks network configurations against predefined compliance standards or organizational policies.

Understanding the structure of a Batfish question is important to effectively analyze network properties. Each question is a well-defined set of fields that shapes what information Batfish extracts from the network snapshot.

• Name: Defines the specific type of analysis or check the question will perform (for example, "reachability" or "bgpRoute").
• Parameters: Sets the criteria or constraints for the question, such as source and destination IPs, node names, protocols, ports, or actions. These help focus the analysis on certain flows or objects.
• Headers/Filters: Enables further refinement by matching on packet headers (source/destination IP, protocol, port) and applying filters to traffic or configuration elements under examination.
• Actions: Specifies the network behaviors or outcomes of interest, such as ACCEPT or DROP, which determines which flows or paths are included in the results.
• Snapshot Reference: Points to the specific network snapshot against which the question is executed. This ensures analysis targets the intended configuration and topology.

Below is a simplified JSON example illustrating how a Batfish question might be constructed:

{
  "name": "reachability",
  "parameters": {
    "srcIps": "10.0.0.1",
    "dstIps": "10.0.0.2",
    "actions": ["ACCEPT"]
  }
}

Questions can be created and submitted using Batfish's Python API, CLI, or directly in JSON to fit your automation and workflow needs.

This section demonstrates how to run Batfish questions using both the command-line interface (CLI) and Python API, allowing you to interact with network snapshots and analyze results efficiently.

• Step 1: Prepare Your Snapshot
  Ensure that you've prepared and loaded a network snapshot containing device configurations and topology details. This snapshot serves as the analysis context for all questions.
• Step 2: Using the CLI
  Launch Batfish and use the CLI to execute built-in questions. For example, to check reachability between two hosts:

  bfq reachability --srcIps 10.0.0.1 --dstIps 10.0.0.2
      

  Replace IP addresses and parameters as needed for your analysis targets.
• Step 3: Using the Python API
  Utilize the Python API for more control and automation. After initializing your session and loading the snapshot:

  from pybatfish.client.session import Session
  
  bf = Session()
  bf.init_snapshot('/path/to/snapshot', name='mysnap')
  
  result = bf.q.reachability(srcIps='10.0.0.1', dstIps='10.0.0.2').answer()
  print(result.frame())
  
      

  This code submits a reachability question, collects the answer, and displays it in a readable tabular form.
• Step 4: Analyzing Results
  Answers returned by Batfish can be output as tables, exported to CSV, or even further processed with pandas or other tools for automation.

You can repeat these steps with any supported question, adjusting parameters to suit your validation or troubleshooting needs.

This section explains how you can tailor Batfish questions to fit your specific analysis needs, allowing advanced queries beyond the standard built-in options.

• What Are Custom Questions?
  Custom questions let you define exactly what to analyze in your network by specifying parameters and constraints. This approach is suited when default Batfish questions do not provide the granularity or focus you require.
• Methods for Creating Custom Questions
  • JSON Templates: Construct your own questions using JSON, specifying fields such as question type, parameters, and match conditions.
  • Python API: The Batfish Python client allows you to dynamically create custom questions by calling functions and passing precise arguments.
  • Combining Filters: Apply multiple parameter filters (such as node names, protocols, interfaces, ports) to form detailed queries that match your network audit requirements.
• Example: Custom Reachability Question (JSON)
  Below is a sample JSON object to define a targeted reachability question:

  {
    "name": "reachability",
    "parameters": {
      "srcIps": "10.10.100.1",
      "dstIps": "192.168.200.20",
      "protocol": "tcp",
      "dstPorts": [443],
      "actions": ["ACCEPT"]
    }
  }
  
      

  This example restricts the question to TCP flows on port 443 from a particular source to a destination.
• Example: Custom Question Using Python
  Batfish’s Python API gives flexibility for defining and submitting customized questions:

  result = bf.q.reachability(
      srcIps='10.10.100.1',
      dstIps='192.168.200.20',
      protocol='tcp',
      dstPorts=443,
      actions='ACCEPT'
  ).answer()
  print(result.frame())
  
      

  This provides the same logic as the JSON example, but allows you to automate or iterate over different parameters in code.
• Why Use Custom Questions?
  Custom questions are useful for advanced testing, compliance validation, troubleshooting, or automating checks unique to your infrastructure.

Custom questions can be reused, modified, and automated—establishing a powerful foundation for continuous network assurance and audit workflows.

This section provides practical advice for getting the most out of Batfish when querying or analyzing your network state.

• Start with Built-In Questions: Leverage the comprehensive set of standard questions to quickly evaluate network properties, spot misconfigurations, and verify compliance before diving into custom queries.
• Scope Using Parameters: Be specific with parameters—such as interfaces, node names, and IP prefixes—to focus the analysis and avoid unnecessary data, which streamlines output and boosts performance.
• Use Snapshots Strategically: Maintain precise snapshots of device configurations that reflect the network’s current or proposed state. Run differential analysis on multiple snapshots to detect changes or regressions.
• Iterate and Automate: Experiment iteratively—changing parameters, question types, or snapshots. Integrate Batfish queries into CI/CD pipelines or automation scripts to continuously validate your network as changes occur.
• Interpret Results with Data Tools: Export answer objects as CSV or DataFrames and use tools like pandas for advanced filtering, reporting, or integration into dashboards.
• Validate Against Ground Truth: Compare Batfish analysis results with real network observations to confirm accuracy and catch modeling gaps.
• Document and Reuse Queries: Save common questions as templates to ensure repeatability and make troubleshooting or auditing more efficient.
• Review for Issues Proactively: Regularly check for undefined references, configuration inconsistencies, or routing loops, all of which Batfish can help highlight before changes impact the network.

Following these practices supports robust, efficient, and reliable network analysis workflows using Batfish.