As we’ll see next, it also enables you to mimic your full production network and embed testing in your CI framework. Thus, Batfish enables comprehensive testing with strong correctness guarantees and vendor-neutral APIs.
#GNS3 SIMULATION MANUAL#
Doing such inferences in GNS3 will take lots of careful test generation, vendor-specific parsing of RIBs and “show” data, and manual correlation. These APIs make it trivial, for instance, to check that packets take all expected paths (ECMP) and understand why a traceroute path was taken. This is not possible with GNS3.įinally, while both tools will let you check network behaviors by running traceroutes and examining RIBs, only Batfish offers simple, vendor-neutral APIs. Batfish builds a vendor-neutral configuration model that you can query to validate, for instance, that the TACACS servers are correct and that the correct route map is attached to each BGP peer. Second, with Batfish you can not only test that the configuration produces the right behavior, but also that it complies with your site standards and has not drifted from its desired state. Such guarantees are not possible in GNS3 but are almost trivial in Batfish. For instance, when opening access to a new /24 prefix, you may want to know that no port to that destination prefix is blocked from any source, or that you have not accidentally impacted any other destination. First, only Batfish can provide correctness guarantees that span all possible flows.
#GNS3 SIMULATION SOFTWARE#
Our recommendation: Use the fish for day-to-day configuration changes, and use the lizard for qualifying new software images and lighting up new features.īatfish has three unique strengths. Before proceeding, I should add that GNS3 is an excellent tool and we use it extensively to build and test high-fidelity device models in Batfish. The table summarizes our view which I’ll discuss in more detail below. The answer is: Both tools should be part of your testing toolkit as they are built to solve different problems. The title of this blog post is a play on their logos (and of course Big Bang Theory), though the discussion below applies equally to other emulation tools such as EVE-NG and VIRL.Īs Batfish developers, we are frequently asked if engineers need both tools.
GNS3 is a popular emulation tool, and Batfish is a comprehensive, multi-vendor simulation tool. You can simulate the change using models of network devices.You can build a lab that emulates the production network, using physical or virtual devices, and apply and test the changes there.How can you validate network behavior that a change will produce before the change is deployed to the production network? You have two options. It provides the strongest form of protection by validating the end-to-end impact of changes. I will focus on network behavior validation in this blog. Network behavior validation (e.g., firewall rule change will permit intended flows).Syntax validation (e.g., configuration commands are syntactically valid).Data validation (e.g., the input for an IP address is a valid IP address).
There are multiple types of testing that you should consider, such as: But in a world where network changes are automated, testing of changes must be automated as well. When building a network automation pipeline, one of the most important questions to consider is: How do you test network changes to prove that they will work as intended and won’t cause an outage or open a security hole? In a world without automation, this burden falls on network engineers and approval boards.
0 kommentar(er)
