Assert that all packets with specified start locations and headers fail
- This is an all-to-all test that analyzes all (start location, header) combinations
- If any flow (start location, header) can reach its destination, this assertion will return false.
- If no flow (start location, header) can reach its destination, this assertion will return true.
- This assertion is used to evaluate the security of select destinations in the network.
The following parameters may be specified for this assertion:
| parameter | type | required | default | comments |
|---|---|---|---|---|
| headers |
dict | yes |
Constraints on packet headers. See https://pybatfish.readthedocs.io/en/latest/datamodel.html#pybatfish.datamodel.flow.HeaderConstraints for keys in this dictionary.
|
|
| startLocation |
str | yes |
Start location specifier. See https://github.com/batfish/batfish/blob/master/questions/Parameters.md#location-specifier for location specification.
|
Assert that all packets with specified start locations and headers are successful
- This is an all-to-all test that analyzes all (start location, header) combinations
- If any flow (start location, header) cannot reach its destination, this assertion will return false.
- If all flows (start location, header) can reach its destination, this assertion will return true.
- This assertion is used to evaluate the accessibility of select destinations in the network.
The following parameters may be specified for this assertion:
| parameter | type | required | default | comments |
|---|---|---|---|---|
| headers |
dict | yes |
Constraints on packet headers. See https://pybatfish.readthedocs.io/en/latest/datamodel.html#pybatfish.datamodel.flow.HeaderConstraints for keys in this dictionary.
|
|
| startLocation |
str | yes |
Start location specifier. See https://github.com/batfish/batfish/blob/master/questions/Parameters.md#location-specifier for location specification.
|
Assert that the filters (e.g., ACLs) have no unreachable lines
- A filter line is considered unreachable if it will never match a packet, e.g., because its match condition is empty or covered completely by those of prior lines.
- This test will fail if any line in any of the specified filter(s) is unreachable.
The following parameters may be specified for this assertion:
| parameter | type | required | default | comments |
|---|---|---|---|---|
| filters |
dict | yes |
Filter specifier. See https://github.com/batfish/batfish/blob/master/questions/Parameters.md#filter-specifier for filter specification.
|
Assert that the specified filters (e.g., ACLs) deny specified headers
- This test will fail if any packet in the specified header space is permitted by any of the specified filter(s).
The following parameters may be specified for this assertion:
| parameter | type | required | default | comments |
|---|---|---|---|---|
| filters |
dict | yes |
Filter specifier. See https://github.com/batfish/batfish/blob/master/questions/Parameters.md#filter-specifier for filter specification.
|
|
| headers |
dict | yes |
Constraints on packet headers. See https://pybatfish.readthedocs.io/en/latest/datamodel.html#pybatfish.datamodel.flow.HeaderConstraints for keys in this dictionary.
|
Assert that the specified filters (e.g., ACLs) permit specified headers
- This test will fail if any packet in the specified header space is denied by any of the specified filter(s).
The following parameters may be specified for this assertion:
| parameter | type | required | default | comments |
|---|---|---|---|---|
| filters |
dict | yes |
Filter specifier. See https://github.com/batfish/batfish/blob/master/questions/Parameters.md#filter-specifier for filter specification.
|
|
| headers |
dict | yes |
Constraints on packet headers. See https://pybatfish.readthedocs.io/en/latest/datamodel.html#pybatfish.datamodel.flow.HeaderConstraints for keys in this dictionary.
|
Assert that there are no forwarding loops
- This test will fail if any flow will experience a forwarding loop in the snapshot.
- This test takes no parameters.
Assert that all BGP sessions are compatibly configured
- This test finds all pairs of BGP session endpoints in the snapshot and will fail if the configuration of any pair is incompatible.
- This test takes no parameters.
Assert that all OSPF sessions are compatibly configured and established
- This test finds all pairs of OSPF session endpoints in the snapshot and will fail if any pair is incompatible or otherwise unable to establish an OSPF session.
- This test takes no parameters.
Assert that all compatibly-configured BGP sessions are established
- This test fails if any compatible BGP session cannot be established (e.g., due to ACLs).
- This test considers only sessions that are compatible from a configuration settings perspective To test that are no incompatible sessions, use the assert_no_incompatible_bgp_sessions assertion.
- This test takes no parameters.
Assert that there are no undefined references
- This test will fail if any device configuration refers to a structure (e.g., ACL, prefix-list, routemap) that is not defined in the configuration.
- This test takes no parameters.