Packet Forwarding

This category of questions allows you to query how different types of traffic is forwarded by the network and if endpoints are able to communicate. You can analyze these aspects in a few different ways.

Traceroute

Traces the path(s) for the specified flow.

Performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. Unlike a real traceroute, this traceroute is directional. That is, for it to succeed, the reverse connectivity is not needed. This feature can help debug connectivity issues by decoupling the two directions.

Inputs

Name

Description

Type

Optional

Default Value

startLocation

Location (node and interface combination) to start tracing from.

LocationSpec

False

headers

Packet header constraints.

HeaderConstraints

False

maxTraces

Limit the number of traces returned.

int

True

ignoreFilters

If set, filters/ACLs encountered along the path are ignored.

bool

True

Invocation

[5]:

result = bf.q.traceroute(startLocation='@enter(as2border1[GigabitEthernet2/0])', headers=HeaderConstraints(dstIps='2.34.201.10', srcIps='8.8.8.8')).answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[6]:

result.Flow

[6]:

0    start=as2border1 interface=GigabitEthernet2/0 [8.8.8.8:49152->2.34.201.10:33434 UDP]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[7]:

len(result.Traces)

[7]:

1

[8]:

result.Traces[0]

[8]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.12.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet3/0 ip 2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.12.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0 ip 2.12.12.2)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.22.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0 ip 2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Evaluating the first Trace

[9]:

result.Traces[0][0]

[9]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.12.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet3/0 ip 2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the disposition of the first Trace

[10]:

result.Traces[0][0].disposition

[10]:

'DELIVERED_TO_SUBNET'

Retrieving the first hop of the first Trace

[11]:

result.Traces[0][0][0]

[11]:
node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Trace

[12]:

result.Traces[0][0][-1]

[12]:
node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Bi-directional Traceroute

Traces the path(s) for the specified flow, along with path(s) for reverse flows.

This question performs a virtual traceroute in the network from a starting node. A destination IP and ingress (source) node must be specified. Other IP headers are given default values if unspecified. If the trace succeeds, a traceroute is performed in the reverse direction.

Inputs

Name

Description

Type

Optional

Default Value

startLocation

Location (node and interface combination) to start tracing from.

LocationSpec

False

headers

Packet header constraints.

HeaderConstraints

False

maxTraces

Limit the number of traces returned.

int

True

ignoreFilters

If set, filters/ACLs encountered along the path are ignored.

bool

True

Invocation

[15]:

result = bf.q.bidirectionalTraceroute(startLocation='@enter(as2border1[GigabitEthernet2/0])', headers=HeaderConstraints(dstIps='2.34.201.10', srcIps='8.8.8.8')).answer().frame()

Return Value

Name

Description

Type

Forward_Flow

The forward flow.

Flow

Forward_Traces

The forward traces.

List of Trace

New_Sessions

Sessions initialized by the forward trace.

List of str

Reverse_Flow

The reverse flow.

Flow

Reverse_Traces

The reverse traces.

List of Trace

Retrieving the Forward flow definition

[16]:

result.Forward_Flow

[16]:

0    start=as2border1 interface=GigabitEthernet2/0 [8.8.8.8:49152->2.34.201.10:33434 UDP]
Name: Forward_Flow, dtype: object

Retrieving the detailed Forward Trace information

[17]:

len(result.Forward_Traces)

[17]:

1

[18]:

result.Forward_Traces[0]

[18]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.12.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet3/0 ip 2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.12.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0 ip 2.12.12.2)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.22.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0 ip 2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Evaluating the first Forward Trace

[19]:

result.Forward_Traces[0][0]

[19]:
DELIVERED_TO_SUBNET
1. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.12.3, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet3/0 ip 2.23.12.3)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the disposition of the first Forward Trace

[20]:

result.Forward_Traces[0][0].disposition

[20]:

'DELIVERED_TO_SUBNET'

Retrieving the first hop of the first Forward Trace

[21]:

result.Forward_Traces[0][0][0]

[21]:
node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospfE2 (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Forward Trace

[22]:

result.Forward_Traces[0][0][-1]

[22]:
node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.34.201.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet2/0, Resolved Next Hop IP: 2.34.201.10)

Retrieving the Return flow definition

[23]:

result.Reverse_Flow

[23]:

0    start=as2dist2 interface=GigabitEthernet2/0 [2.34.201.10:33434->8.8.8.8:49152 UDP]
Name: Reverse_Flow, dtype: object

Retrieving the detailed Return Trace information

[24]:

len(result.Reverse_Traces)

[24]:

1

[25]:

result.Reverse_Traces[0]

[25]:
NO_ROUTE
1. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE(Discarded)

Evaluating the first Reverse Trace

[26]:

result.Reverse_Traces[0][0]

[26]:
NO_ROUTE
1. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE(Discarded)

Retrieving the disposition of the first Reverse Trace

[27]:

result.Reverse_Traces[0][0].disposition

[27]:

'NO_ROUTE'

Retrieving the first hop of the first Reverse Trace

[28]:

result.Reverse_Traces[0][0][0]

[28]:
node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE(Discarded)

Retrieving the last hop of the first Reverse Trace

[29]:

result.Reverse_Traces[0][0][-1]

[29]:
node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  NO_ROUTE(Discarded)

Reachability

Finds flows that match the specified path and header space conditions.

Searches across all flows that match the specified conditions and returns examples of such flows. This question can be used to ensure that certain services are globally accessible and parts of the network are perfectly isolated from each other.

Inputs

Name

Description

Type

Optional

Default Value

pathConstraints

Constraint the path a flow can take (start/end/transit locations).

PathConstraints

True

headers

Packet header constraints.

HeaderConstraints

True

actions

Only return flows for which the disposition is from this set.

DispositionSpec

True

success

maxTraces

Limit the number of traces returned.

int

True

invertSearch

Search for packet headers outside the specified headerspace, rather than inside the space.

bool

True

ignoreFilters

Do not apply filters/ACLs during analysis.

bool

True

Invocation

[32]:

result = bf.q.reachability(pathConstraints=PathConstraints(startLocation = '/as2/'), headers=HeaderConstraints(dstIps='host1', srcIps='0.0.0.0/0', applications='DNS'), actions='SUCCESS').answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[33]:

result.Flow

[33]:

0    start=as2border1 [10.0.0.0:49152->2.128.0.101:53 UDP]
1    start=as2border2 [10.0.0.0:49152->2.128.0.101:53 UDP]
2      start=as2core1 [10.0.0.0:49152->2.128.0.101:53 UDP]
3      start=as2core2 [10.0.0.0:49152->2.128.0.101:53 UDP]
4      start=as2dept1 [10.0.0.0:49152->2.128.0.101:53 UDP]
5      start=as2dist1 [10.0.0.0:49152->2.128.0.101:53 UDP]
6      start=as2dist2 [10.0.0.0:49152->2.128.0.101:53 UDP]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[34]:

len(result.Traces)

[34]:

7

[35]:

result.Traces[0]

[35]:
ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.11.3, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.12.3, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.201.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.12.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.22.3, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.201.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.12.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2core2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.21.3, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet3/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Evaluating the first Trace

[36]:

result.Traces[0][0]

[36]:
ACCEPTED
1. node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.11.3, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
4. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
5. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the disposition of the first Trace

[37]:

result.Traces[0][0].disposition

[37]:

'ACCEPTED'

Retrieving the first hop of the first Trace

[38]:

result.Traces[0][0][0]

[38]:
node: as2border1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4),ibgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.201.4)])
  TRANSMITTED(GigabitEthernet1/0)

Retrieving the last hop of the first Trace

[39]:

result.Traces[0][0][-1]

[39]:
node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Bi-directional Reachability

Searches for successfully delivered flows that can successfully receive a response.

Performs two reachability analyses, first originating from specified sources, then returning back to those sources. After the first (forward) pass, sets up sessions in the network and creates returning flows for each successfully delivered forward flow. The second pass searches for return flows that can be successfully delivered in the presence of the setup sessions.

Inputs

Name

Description

Type

Optional

Default Value

pathConstraints

Constraint the path a flow can take (start/end/transit locations).

PathConstraints

True

headers

Packet header constraints.

HeaderConstraints

False

returnFlowType

Specifies the type of return flows to search.

str

True

SUCCESS

Invocation

[42]:

result = bf.q.bidirectionalReachability(pathConstraints=PathConstraints(startLocation = '/as2dist1/'), headers=HeaderConstraints(dstIps='host1', srcIps='0.0.0.0/0', applications='DNS'), returnFlowType='SUCCESS').answer().frame()

Return Value

Name

Description

Type

Forward_Flow

The forward flow.

Flow

Forward_Traces

The forward traces.

List of Trace

New_Sessions

Sessions initialized by the forward trace.

List of str

Reverse_Flow

The reverse flow.

Flow

Reverse_Traces

The reverse traces.

List of Trace

Retrieving the Forward flow definition

[43]:

result.Forward_Flow

[43]:

0    start=as2dist1 [2.34.101.3:49152->2.128.0.101:53 UDP]
Name: Forward_Flow, dtype: object

Retrieving the detailed Forward Trace information

[44]:

len(result.Forward_Traces)

[44]:

1

[45]:

result.Forward_Traces[0]

[45]:
ACCEPTED
1. node: as2dist1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Evaluating the first Forward Trace

[46]:

result.Forward_Traces[0][0]

[46]:
ACCEPTED
1. node: as2dist1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0, Routes: [connected (Network: 2.128.0.0/24, Next Hop: interface GigabitEthernet2/0)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the disposition of the first Forward Trace

[47]:

result.Forward_Traces[0][0].disposition

[47]:

'ACCEPTED'

Retrieving the first hop of the first Forward Trace

[48]:

result.Forward_Traces[0][0][0]

[48]:
node: as2dist1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.34.101.4, Routes: [bgp (Network: 2.128.0.0/24, Next Hop: ip 2.34.101.4)])
  TRANSMITTED(GigabitEthernet2/0)

Retrieving the last hop of the first Forward Trace

[49]:

result.Forward_Traces[0][0][-1]

[49]:
node: host1
  RECEIVED(eth0)
  PERMITTED(filter::INPUT (INGRESS_FILTER))
  ACCEPTED(eth0)

Retrieving the Return flow definition

[50]:

result.Reverse_Flow

[50]:

0    start=host1 [2.128.0.101:53->2.34.101.3:49152 UDP]
Name: Reverse_Flow, dtype: object

Retrieving the detailed Return Trace information

[51]:

len(result.Reverse_Traces)

[51]:

1

[52]:

result.Reverse_Traces[0]

[52]:
ACCEPTED
1. node: host1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: eth0 with resolved next-hop IP: 2.128.0.1, Routes: [static (Network: 0.0.0.0/0, Next Hop: interface eth0 ip 2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)
2. node: as2dept1
  RECEIVED(GigabitEthernet2/0)
  PERMITTED(RESTRICT_HOST_TRAFFIC_IN (INGRESS_FILTER))
  FORWARDED(Forwarded out interface: GigabitEthernet0/0, Routes: [connected (Network: 2.34.101.0/24, Next Hop: interface GigabitEthernet0/0)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Evaluating the first Reverse Trace

[53]:

result.Reverse_Traces[0][0]

[53]:
ACCEPTED
1. node: host1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: eth0 with resolved next-hop IP: 2.128.0.1, Routes: [static (Network: 0.0.0.0/0, Next Hop: interface eth0 ip 2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)
2. node: as2dept1
  RECEIVED(GigabitEthernet2/0)
  PERMITTED(RESTRICT_HOST_TRAFFIC_IN (INGRESS_FILTER))
  FORWARDED(Forwarded out interface: GigabitEthernet0/0, Routes: [connected (Network: 2.34.101.0/24, Next Hop: interface GigabitEthernet0/0)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Retrieving the disposition of the first Reverse Trace

[54]:

result.Reverse_Traces[0][0].disposition

[54]:

'ACCEPTED'

Retrieving the first hop of the first Reverse Trace

[55]:

result.Reverse_Traces[0][0][0]

[55]:
node: host1
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: eth0 with resolved next-hop IP: 2.128.0.1, Routes: [static (Network: 0.0.0.0/0, Next Hop: interface eth0 ip 2.128.0.1)])
  PERMITTED(filter::OUTPUT (EGRESS_FILTER))
  TRANSMITTED(eth0)

Retrieving the last hop of the first Reverse Trace

[56]:

result.Reverse_Traces[0][0][-1]

[56]:
node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  ACCEPTED(GigabitEthernet2/0)

Loop detection

Detects forwarding loops.

Searches across all possible flows in the network and returns example flows that will experience forwarding loops.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[59]:

result = bf.q.detectLoops().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Print the first 5 rows of the returned Dataframe

[60]:

result.head(5)

[60]:
Flow Traces TraceCount

Multipath Consistency for host-subnets

Validates multipath consistency between all pairs of subnets.

Searches across all flows between subnets that are treated differently (i.e., dropped versus forwarded) by different paths in the network and returns example flows.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[63]:

result = bf.q.subnetMultipathConsistency().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[64]:

result.Flow

[64]:

0    start=as2dept1 interface=GigabitEthernet0/0 [2.34.101.1:49152->1.0.1.3:23 TCP (SYN)]
1    start=as2dept1 interface=GigabitEthernet1/0 [2.34.201.1:49152->1.0.1.3:23 TCP (SYN)]
2     start=as2dept1 interface=GigabitEthernet2/0 [2.128.0.2:49152->1.0.1.3:23 TCP (SYN)]
3     start=as2dept1 interface=GigabitEthernet3/0 [2.128.1.2:49152->1.0.1.3:23 TCP (SYN)]
4     start=as2dist1 interface=GigabitEthernet0/0 [2.23.11.1:49152->1.0.1.3:23 TCP (SYN)]
5     start=as2dist1 interface=GigabitEthernet1/0 [2.23.21.1:49152->1.0.1.3:23 TCP (SYN)]
6    start=as2dist1 interface=GigabitEthernet2/0 [2.34.101.1:49152->1.0.1.3:23 TCP (SYN)]
7     start=as2dist2 interface=GigabitEthernet0/0 [2.23.22.1:49152->1.0.1.3:23 TCP (SYN)]
8     start=as2dist2 interface=GigabitEthernet1/0 [2.23.12.1:49152->1.0.1.3:23 TCP (SYN)]
9    start=as2dist2 interface=GigabitEthernet2/0 [2.34.201.1:49152->1.0.1.3:23 TCP (SYN)]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[65]:

len(result.Traces)

[65]:

10

[66]:

result.Traces[0]

[66]:
DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.34.101.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.23.11.2, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

DELIVERED_TO_SUBNET
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.34.101.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.23.21.2, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core2
  RECEIVED(GigabitEthernet3/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.12.1, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
4. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 10.12.11.1, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  PERMITTED(INSIDE_TO_AS1 (EGRESS_FILTER))
  TRANSMITTED(GigabitEthernet0/0)
5. node: as1border1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0, Routes: [connected (Network: 1.0.1.0/24, Next Hop: interface GigabitEthernet0/0)])
  TRANSMITTED(GigabitEthernet0/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet0/0, Resolved Next Hop IP: 1.0.1.3)

DELIVERED_TO_SUBNET
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.34.201.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.201.3)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.23.22.2, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.12.1, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
4. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 10.12.11.1, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  PERMITTED(INSIDE_TO_AS1 (EGRESS_FILTER))
  TRANSMITTED(GigabitEthernet0/0)
5. node: as1border1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0, Routes: [connected (Network: 1.0.1.0/24, Next Hop: interface GigabitEthernet0/0)])
  TRANSMITTED(GigabitEthernet0/0)
  DELIVERED_TO_SUBNET(Output Interface: GigabitEthernet0/0, Resolved Next Hop IP: 1.0.1.3)

DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.34.201.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.201.3)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.23.12.2, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet3/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Evaluating the first Trace

[67]:

result.Traces[0][0]

[67]:
DENIED_IN
1. node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.34.101.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.23.11.2, Routes: [ibgp (Network: 1.0.1.0/24, Next Hop: ip 10.12.11.1)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Retrieving the disposition of the first Trace

[68]:

result.Traces[0][0].disposition

[68]:

'DENIED_IN'

Retrieving the first hop of the first Trace

[69]:

result.Traces[0][0][0]

[69]:
node: as2dept1
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.34.101.3, Routes: [bgp (Network: 1.0.1.0/24, Next Hop: ip 2.34.101.3)])
  TRANSMITTED(GigabitEthernet0/0)

Retrieving the last hop of the first Trace

[70]:

result.Traces[0][0][-1]

[70]:
node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Multipath Consistency for router loopbacks

Validates multipath consistency between all pairs of loopbacks.

Finds flows between loopbacks that are treated differently (i.e., dropped versus forwarded) by different paths in the presence of multipath routing.

Inputs

Name

Description

Type

Optional

Default Value

maxTraces

Limit the number of traces returned.

int

True

Invocation

[73]:

result = bf.q.loopbackMultipathConsistency().answer().frame()

Return Value

Name

Description

Type

Flow

The flow

Flow

Traces

The traces for this flow

Set of Trace

TraceCount

The total number traces for this flow

int

Retrieving the flow definition

[74]:

result.Flow

[74]:

0    start=as2core2 [2.1.2.2:49152->2.1.2.1:23 TCP (SYN)]
1    start=as2dist1 [2.1.3.1:49152->2.1.1.1:23 TCP (SYN)]
2    start=as2dist2 [2.1.3.2:49152->2.1.1.1:23 TCP (SYN)]
Name: Flow, dtype: object

Retrieving the detailed Trace information

[75]:

len(result.Traces)

[75]:

3

[76]:

result.Traces[0]

[76]:
ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.12.22.1, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet0/0 ip 2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2border2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.21.2, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet2/0 ip 2.12.21.2)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)

ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.12.1, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet1/0 ip 2.12.12.1)])
  TRANSMITTED(GigabitEthernet1/0)
2. node: as2border1
  RECEIVED(GigabitEthernet2/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.12.11.2, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet1/0 ip 2.12.11.2)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet0/0)
  ACCEPTED(Loopback0)

DENIED_IN
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.23.22.3, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet2/0 ip 2.23.22.3)])
  TRANSMITTED(GigabitEthernet2/0)
2. node: as2dist2
  RECEIVED(GigabitEthernet0/0)
  FORWARDED(Forwarded out interface: GigabitEthernet1/0 with resolved next-hop IP: 2.23.12.2, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet1/0 ip 2.23.12.2)])
  TRANSMITTED(GigabitEthernet1/0)
3. node: as2core1
  RECEIVED(GigabitEthernet3/0)
  DENIED(blocktelnet (INGRESS_FILTER))

DENIED_IN
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet3/0 with resolved next-hop IP: 2.23.21.3, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet3/0 ip 2.23.21.3)])
  TRANSMITTED(GigabitEthernet3/0)
2. node: as2dist1
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.23.11.2, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet0/0 ip 2.23.11.2)])
  TRANSMITTED(GigabitEthernet0/0)
3. node: as2core1
  RECEIVED(GigabitEthernet2/0)
  DENIED(blocktelnet (INGRESS_FILTER))

Evaluating the first Trace

[77]:

result.Traces[0][0]

[77]:
ACCEPTED
1. node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.12.22.1, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet0/0 ip 2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)
2. node: as2border2
  RECEIVED(GigabitEthernet1/0)
  FORWARDED(Forwarded out interface: GigabitEthernet2/0 with resolved next-hop IP: 2.12.21.2, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet2/0 ip 2.12.21.2)])
  TRANSMITTED(GigabitEthernet2/0)
3. node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)

Retrieving the disposition of the first Trace

[78]:

result.Traces[0][0].disposition

[78]:

'ACCEPTED'

Retrieving the first hop of the first Trace

[79]:

result.Traces[0][0][0]

[79]:
node: as2core2
  ORIGINATED(default)
  FORWARDED(Forwarded out interface: GigabitEthernet0/0 with resolved next-hop IP: 2.12.22.1, Routes: [ospf (Network: 2.1.2.1/32, Next Hop: interface GigabitEthernet0/0 ip 2.12.22.1)])
  TRANSMITTED(GigabitEthernet0/0)

Retrieving the last hop of the first Trace

[80]:

result.Traces[0][0][-1]

[80]:
node: as2core1
  RECEIVED(GigabitEthernet1/0)
  ACCEPTED(Loopback0)