Packet Forwarding

This category of questions allows you to query how different types of traffic is forwarded by the network and if endpoints are able to communicate. You can analyze these aspects in a few different ways.

Traceroute

Traces the path(s) for the specified flow.

Performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. Unlike a real traceroute, this traceroute is directional. That is, for it to succeed, the reverse connectivity is not needed. This feature can help debug connectivity issues by decoupling the two directions.

Inputs

Name

Description

Type

Optional

Default Value

startLocation

Location (node and interface combination) to start tracing from.

LocationSpec

False

headers

Packet header constraints.

HeaderConstraints

False

maxTraces

Limit the number of traces returned.

int

True

ignoreFilters

If set, filters/ACLs encountered along the path are ignored.

bool

True

Invocation

[5]:

result = bf.q.traceroute(startLocation='@enter(as2border1[GigabitEthernet2/0])', headers=HeaderConstraints(dstIps='2.34.201.10', srcIps='8.8.8.8')).answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[6]:

result.Flow

[6]:

0    start=as2border1 interface=GigabitEthernet2/0 [8.8.8.8:49152->2.34.201.10:33434 UDP length=512]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[7]:

len(result.Traces)

[7]:

1

[8]:

result.Traces[0]

[8]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.12.2)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.23.22.3, Output Interface: GigabitEthernet2/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Evaluating the first Trace

[9]:

result.Traces[0][0]

[9]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the disposition of the first Trace

[10]:

result.Traces[0][0].disposition

[10]:

'DELIVERED_TO_SUBNET'

Retrieving the first hop of the first Trace

[11]:

result.Traces[0][0][0]

[11]:
node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Trace

[12]:

result.Traces[0][0][-1]

[12]:
node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Bi-directional Traceroute

Traces the path(s) for the specified flow, along with path(s) for reverse flows.

This question performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. If the trace succeeds, a traceroute is performed in the reverse direction.

Inputs

Name

Description

Type

Optional

Default Value

startLocation

Location (node and interface combination) to start tracing from.

LocationSpec

False

headers

Packet header constraints.

HeaderConstraints

False

maxTraces

Limit the number of traces returned.

int

True

ignoreFilters

If set, filters/ACLs encountered along the path are ignored.

bool

True

Invocation

[15]:

result = bf.q.bidirectionalTraceroute(startLocation='@enter(as2border1[GigabitEthernet2/0])', headers=HeaderConstraints(dstIps='2.34.201.10', srcIps='8.8.8.8')).answer().frame()

Return Value

Name

Description

Type

Forward_Flow

The forward flow.

Flow

Forward_Traces

The forward traces.

List of Trace

New_Sessions

Sessions initialized by the forward trace.

List of str

Reverse_Flow

The reverse flow.

Flow

Reverse_Traces

The reverse traces.

List of Trace

Retrieving the Forward flow definition

[16]:

result.Forward_Flow

[16]:

0    start=as2border1 interface=GigabitEthernet2/0 [8.8.8.8:49152->2.34.201.10:33434 UDP length=512]
Name: Forward_Flow, dtype: object

Retrieving the detailed Forward Trace information

[17]:

len(result.Forward_Traces)

[17]:

1

[18]:

result.Forward_Traces[0]

[18]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.12.2)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.23.22.3, Output Interface: GigabitEthernet2/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Evaluating the first Forward Trace

[19]:

result.Forward_Traces[0][0]

[19]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the disposition of the first Forward Trace

[20]:

result.Forward_Traces[0][0].disposition

[20]:

'DELIVERED_TO_SUBNET'

Retrieving the first hop of the first Forward Trace

[21]:

result.Forward_Traces[0][0][0]

[21]:
node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Forward Trace

[22]:

result.Forward_Traces[0][0][-1]

[22]:
node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the Return flow definition

[23]:

result.Reverse_Flow

[23]:

0    start=as2dist2 interface=GigabitEthernet2/0 [2.34.201.10:33434->8.8.8.8:49152 UDP length=512]
Name: Reverse_Flow, dtype: object

Retrieving the detailed Return Trace information

[24]:

len(result.Reverse_Traces)

[24]:

1

[25]:

result.Reverse_Traces[0]

[25]:
NO_ROUTE
1. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE

Evaluating the first Reverse Trace

[26]:

result.Reverse_Traces[0][0]

[26]:
NO_ROUTE
1. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE

Retrieving the disposition of the first Reverse Trace

[27]:

result.Reverse_Traces[0][0].disposition

[27]:

'NO_ROUTE'

Retrieving the first hop of the first Reverse Trace

[28]:

result.Reverse_Traces[0][0][0]

[28]:
node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE

Retrieving the last hop of the first Reverse Trace

[29]:

result.Reverse_Traces[0][0][-1]

[29]:
node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE

Reachability

Finds flows that match the specified path and header space conditions.

Searches across all flows that match the specified conditions and returns examples of such flows. This question can be used to ensure that certain services are globally accessible and parts of the network are perfectly isolated from each other.

Inputs

Name

Description

Type

Optional

Default Value

pathConstraints

Constraint the path a flow can take (start/end/transit locations).

PathConstraints

True

headers

Packet header constraints.

HeaderConstraints

True

actions

Only return flows for which the disposition is from this set.

DispositionSpec

True

success

maxTraces

Limit the number of traces returned.

int

True

invertSearch

Search for packet headers outside the specified headerspace, rather than inside the space.

bool

True

ignoreFilters

Do not apply filters/ACLs during analysis.

bool

True

Invocation

[32]:

result = bf.q.reachability(pathConstraints=PathConstraints(startLocation = '/as2/'), headers=HeaderConstraints(dstIps='host1', srcIps='0.0.0.0/0', applications='DNS'), actions='SUCCESS').answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[33]:

result.Flow

[33]:

0    start=as2border1 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
1    start=as2border2 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
2      start=as2core1 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
3      start=as2core2 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
4      start=as2dept1 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
5      start=as2dist1 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
6      start=as2dist2 [10.0.0.0:49152->2.128.0.101:53 UDP length=512]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[34]:

len(result.Traces)

[34]:

7

[35]:

result.Traces[0]

[35]:
ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.11.3, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.23.22.3, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.201.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.12.2, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.23.21.3, Output Interface: GigabitEthernet3/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Evaluating the first Trace

[36]:

result.Traces[0][0]

[36]:
ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.11.3, Output Interface: GigabitEthernet2/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the disposition of the first Trace

[37]:

result.Traces[0][0].disposition

[37]:

'ACCEPTED'

Retrieving the first hop of the first Trace

[38]:

result.Traces[0][0][0]

[38]:
node: as2border1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop IP:2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Trace

[39]:

result.Traces[0][0][-1]

[39]:
node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Bi-directional Reachability

Searches for successfully delivered flows that can successfully receive a response.

Performs two reachability analyses, first originating from specified sources, then returning back to those sources. After the first (forward) pass, sets up sessions in the network and creates returning flows for each successfully delivered forward flow. The second pass searches for return flows that can be successfully delivered in the presence of the setup sessions.

Inputs

Name

Description

Type

Optional

Default Value

pathConstraints

Constraint the path a flow can take (start/end/transit locations).

PathConstraints

True

headers

Packet header constraints.

HeaderConstraints

False

returnFlowType

Specifies the type of return flows to search.

str

True

SUCCESS

Invocation

[42]:

result = bf.q.bidirectionalReachability(pathConstraints=PathConstraints(startLocation = '/as2dist1/'), headers=HeaderConstraints(dstIps='host1', srcIps='0.0.0.0/0', applications='DNS'), returnFlowType='SUCCESS').answer().frame()

Return Value

Name

Description

Type

Forward_Flow

The forward flow.

Flow

Forward_Traces

The forward traces.

List of Trace

New_Sessions

Sessions initialized by the forward trace.

List of str

Reverse_Flow

The reverse flow.

Flow

Reverse_Traces

The reverse traces.

List of Trace

Retrieving the Forward flow definition

[43]:

result.Forward_Flow

[43]:

0    start=as2dist1 [2.34.101.3:49152->2.128.0.101:53 UDP length=512]
Name: Forward_Flow, dtype: object

Retrieving the detailed Forward Trace information

[44]:

len(result.Forward_Traces)

[44]:

1

[45]:

result.Forward_Traces[0]

[45]:
ACCEPTED
1. node: as2dist1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
3. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Evaluating the first Forward Trace

[46]:

result.Forward_Traces[0][0]

[46]:
ACCEPTED
1. node: as2dist1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet2/0)
3. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the disposition of the first Forward Trace

[47]:

result.Forward_Traces[0][0].disposition

[47]:

'ACCEPTED'

Retrieving the first hop of the first Forward Trace

[48]:

result.Forward_Traces[0][0][0]

[48]:
node: as2dist1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.34.101.4, Output Interface: GigabitEthernet2/0, Routes: [bgp (Network: 2.128.0.0/24, Next Hop IP:2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)

Retrieving the last hop of the first Forward Trace

[49]:

result.Forward_Traces[0][0][-1]

[49]:
node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the Return flow definition

[50]:

result.Reverse_Flow

[50]:

0    start=host1 [2.128.0.101:53->2.34.101.3:49152 UDP length=512]
Name: Reverse_Flow, dtype: object

Retrieving the detailed Return Trace information

[51]:

len(result.Reverse_Traces)

[51]:

1

[52]:

result.Reverse_Traces[0]

[52]:
ACCEPTED
1. node: host1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.128.0.1, Output Interface: eth0, Routes: [static (Network: 0.0.0.0/0, Next Hop IP:2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)
2. node: as2dept1
  RECEIVED(GigabitEthernet2/0)
  PERMITTED(RESTRICT_HOST_TRAFFIC_IN (INGRESS_FILTER))
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet0/0, Routes: [connected (Network: 2.34.101.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Evaluating the first Reverse Trace

[53]:

result.Reverse_Traces[0][0]

[53]:
ACCEPTED
1. node: host1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.128.0.1, Output Interface: eth0, Routes: [static (Network: 0.0.0.0/0, Next Hop IP:2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)
2. node: as2dept1
  RECEIVED(GigabitEthernet2/0)
  PERMITTED(RESTRICT_HOST_TRAFFIC_IN (INGRESS_FILTER))
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet0/0, Routes: [connected (Network: 2.34.101.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Retrieving the disposition of the first Reverse Trace

[54]:

result.Reverse_Traces[0][0].disposition

[54]:

'ACCEPTED'

Retrieving the first hop of the first Reverse Trace

[55]:

result.Reverse_Traces[0][0][0]

[55]:
node: host1
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.128.0.1, Output Interface: eth0, Routes: [static (Network: 0.0.0.0/0, Next Hop IP:2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)

Retrieving the last hop of the first Reverse Trace

[56]:

result.Reverse_Traces[0][0][-1]

[56]:
node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Loop detection

Detects forwarding loops.

Searches across all possible flows in the network and returns example flows that will experience forwarding loops.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[59]:

result = bf.q.detectLoops().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Print the first 5 rows of the returned Dataframe

[60]:

result.head(5)

[60]:
Flow Traces TraceCount

Multipath Consistency for host-subnets

Validates multipath consistency between all pairs of subnets.

Searches across all flows between subnets that are treated differently (i.e., dropped versus forwarded) by different paths in the network and returns example flows.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[63]:

result = bf.q.subnetMultipathConsistency().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[64]:

result.Flow

[64]:

0    start=as2dept1 interface=GigabitEthernet0/0 [2.34.101.1:49152->1.0.1.3:23 TCP length=512]
1    start=as2dept1 interface=GigabitEthernet1/0 [2.34.201.1:49152->1.0.1.3:23 TCP length=512]
2     start=as2dept1 interface=GigabitEthernet2/0 [2.128.0.2:49152->1.0.1.3:23 TCP length=512]
3     start=as2dept1 interface=GigabitEthernet3/0 [2.128.1.2:49152->1.0.1.3:23 TCP length=512]
4     start=as2dist1 interface=GigabitEthernet0/0 [2.23.11.1:49152->1.0.1.3:23 TCP length=512]
5     start=as2dist1 interface=GigabitEthernet1/0 [2.23.21.1:49152->1.0.1.3:23 TCP length=512]
6    start=as2dist1 interface=GigabitEthernet2/0 [2.34.101.1:49152->1.0.1.3:23 TCP length=512]
7     start=as2dist2 interface=GigabitEthernet0/0 [2.23.22.1:49152->1.0.1.3:23 TCP length=512]
8     start=as2dist2 interface=GigabitEthernet1/0 [2.23.12.1:49152->1.0.1.3:23 TCP length=512]
9    start=as2dist2 interface=GigabitEthernet2/0 [2.34.201.1:49152->1.0.1.3:23 TCP length=512]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[65]:

len(result.Traces)

[65]:

10

[66]:

result.Traces[0]

[66]:
DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.3, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.23.11.2, Output Interface: GigabitEthernet0/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

DELIVERED_TO_SUBNET
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.3, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.23.21.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core2
  RECEIVED(GigabitEthernet3/0)
  FORWARDED(ARP IP: 2.12.12.1, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
4. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 10.12.11.1, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  PERMITTED(INSIDE_TO_AS1 (EGRESS_FILTER))
  TRANSMITTED(GigabitEthernet0/0)
5. node: as1border1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet0/0, Routes: [connected (Network: 1.0.1.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet0/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet0/0, Resolved Next Hop IP: 1.0.1.3)

DELIVERED_TO_SUBNET
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.201.3, Output Interface: GigabitEthernet1/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.201.3)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.23.22.2, Output Interface: GigabitEthernet0/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.12.1, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
4. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 10.12.11.1, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  PERMITTED(INSIDE_TO_AS1 (EGRESS_FILTER))
  TRANSMITTED(GigabitEthernet0/0)
5. node: as1border1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: AUTO/NONE(-1l), Output Interface: GigabitEthernet0/0, Routes: [connected (Network: 1.0.1.0/24, Next Hop IP:AUTO/NONE(-1l))])
  TRANSMITTED(GigabitEthernet0/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet0/0, Resolved Next Hop IP: 1.0.1.3)

DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.201.3, Output Interface: GigabitEthernet1/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.201.3)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.23.12.2, Output Interface: GigabitEthernet1/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet3/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Evaluating the first Trace

[67]:

result.Traces[0][0]

[67]:
DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.3, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.23.11.2, Output Interface: GigabitEthernet0/0, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop IP:10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Retrieving the disposition of the first Trace

[68]:

result.Traces[0][0].disposition

[68]:

'DENIED_IN'

Retrieving the first hop of the first Trace

[69]:

result.Traces[0][0][0]

[69]:
node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.34.101.3, Output Interface: GigabitEthernet0/0, Routes: [bgp (Network: 1.0.1.0/24, Next Hop IP:2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)

Retrieving the last hop of the first Trace

[70]:

result.Traces[0][0][-1]

[70]:
node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Multipath Consistency for router loopbacks

Validates multipath consistency between all pairs of loopbacks.

Finds flows between loopbacks that are treated differently (i.e., dropped versus forwarded) by different paths in the presence of multipath routing.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[73]:

result = bf.q.loopbackMultipathConsistency().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[74]:

result.Flow

[74]:

0    start=as2core2 [2.1.2.2:49152->2.1.2.1:23 TCP length=512]
1    start=as2dist1 [2.1.3.1:49152->2.1.1.1:23 TCP length=512]
2    start=as2dist2 [2.1.3.2:49152->2.1.1.1:23 TCP length=512]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[75]:

len(result.Traces)

[75]:

3

[76]:

result.Traces[0]

[76]:
ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.22.1, Output Interface: GigabitEthernet0/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2border2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.12.21.2, Output Interface: GigabitEthernet2/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.21.2)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)

ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.12.1, Output Interface: GigabitEthernet1/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.12.1)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(ARP IP: 2.12.11.2, Output Interface: GigabitEthernet1/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  ACCEPTED(Loopback0)

DENIED_IN
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.23.22.3, Output Interface: GigabitEthernet2/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(ARP IP: 2.23.12.2, Output Interface: GigabitEthernet1/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.23.12.2)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet3/0)
  DENIED(blocktelnet (INGRESS_FILTER))

DENIED_IN
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.23.21.3, Output Interface: GigabitEthernet3/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.23.21.3)])
  TRANSMITTED(GigabitEthernet3/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.23.11.2, Output Interface: GigabitEthernet0/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.23.11.2)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Evaluating the first Trace

[77]:

result.Traces[0][0]

[77]:
ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.22.1, Output Interface: GigabitEthernet0/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2border2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(ARP IP: 2.12.21.2, Output Interface: GigabitEthernet2/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.21.2)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)

Retrieving the disposition of the first Trace

[78]:

result.Traces[0][0].disposition

[78]:

'ACCEPTED'

Retrieving the first hop of the first Trace

[79]:

result.Traces[0][0][0]

[79]:
node: as2core2
  ORIGINATED(default)
  FORWARDED(ARP IP: 2.12.22.1, Output Interface: GigabitEthernet0/0, Routes: [ospf (Network: 2.1.2.1/32, Next Hop IP:2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)

Retrieving the last hop of the first Trace

[80]:

result.Traces[0][0][-1]

[80]:
node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)