initial copy

README.md

@@ -0,0 +1,111 @@
+## Getting Started
+
+For this repository/webinar a simple topology was created and looks like the below image:
+
+![webinar topology](./docs/img/webinar-simple-topology.png)
+
+## Pre-change Validation Steps
+
+1. Ansible is used to generate configuration via Jinja2 templates.
+2. A docker-compose with `invoke` is provided to demonstrate a local pipeline testing.
+3. Update `vars` files based on required changes.
+
+### Create Virtual Environment and Install
+
+```bash
+cd webinars/batfish-routing
+```
+
+```bash
+poetry shell
+```
+
+```bash
+poetry install
+```
+
+## Running the Pipeline (locally)
+
+```
+invoke tests
+```
+
+Invoke test will build two docker containers. One with this `application` and the other is `batfish` itself.
+
+## Invoke Tests In Action
+
+*What does invoke tests do?*
+
+1. Bring up containers.
+2. Generates the configurations.
+3. Run `tests`.
+
+```
+▶ invoke tests
+Running docker-compose command "ps --services --filter status=running"
+Running docker-compose command "run --entrypoint 'yamllint .' batfish-routing"
+[dim]PYTHON_VER=3.9 \
+    docker-compose \
+    --project-name "batfish_routing" \
+    --project-directory "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/" \
+    -f "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/docker-compose.yml" \
+    run --entrypoint 'yamllint .' batfish-routing[/dim]
+Creating batfish_routing_batfish-routing_run ... done
+Running docker-compose command "ps --services --filter status=running"
+Running docker-compose command "run --entrypoint 'ansible-playbook /local/config_gen/pb_generate_configs.yml -i /local/config_gen/inventory.yml' batfish-routing"
+[dim]PYTHON_VER=3.9 \
+    docker-compose \
+    --project-name "batfish_routing" \
+    --project-directory "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/" \
+    -f "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/docker-compose.yml" \
+    run --entrypoint 'ansible-playbook /local/config_gen/pb_generate_configs.yml -i /local/config_gen/inventory.yml' batfish-routing[/dim]
+Creating batfish_routing_batfish-routing_run ... done
+
+PLAY [10000 - GENERATE CONFIGURATIONS] *********************************************************************************************************************************************************************
+
+TASK [10010 - GENERATE CONFIGURATIONS] *********************************************************************************************************************************************************************
+ok: [edge-1]
+ok: [sw-1]
+ok: [edge-2]
+ok: [sw-2]
+ok: [isp-0]
+
+PLAY RECAP *************************************************************************************************************************************************************************************************
+edge-1                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+edge-2                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+isp-0                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+sw-1                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+sw-2                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+
+Running docker-compose command "ps --services --filter status=running"
+Running docker-compose command "run --entrypoint 'python /local/config_gen/tests/test_routing.py' batfish-routing"
+[dim]PYTHON_VER=3.9 \
+    docker-compose \
+    --project-name "batfish_routing" \
+    --project-directory "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/" \
+    -f "/Users/jeffkala/2022-ntc-content/webinars/batfish-routing/development/docker-compose.yml" \
+    run --entrypoint 'python /local/config_gen/tests/test_routing.py' batfish-routing[/dim]
+Creating batfish_routing_batfish-routing_run ... done
+Your snapshot was successfully initialized but Batfish failed to fully recognized some lines in one or more input files. Some unrecognized configuration lines are not uncommon for new networks, and it is often fine to proceed with further analysis. You can help the Batfish developers improve support for your network by running:
+
+    bf.upload_diagnostics(dry_run=False, contact_info='<optional email address>')
+
+to share private, anonymized information. For more information, see the documentation with:
+
+    help(bf.upload_diagnostics)
+====================
+Starting Batfish Setup.....
+====================
+Validated Assert No Unestablished Bgp Sessions
+Validated Assert No Incompatible Bgp Sessions
+Validated Assert No Incompatible Ospf Sessions
+Test from @enter(sw-1[GigabitEthernet0/0]) to DNS has passed!
+Test from @enter(sw-2[GigabitEthernet0/0]) to DNS has passed!
+/usr/local/lib/python3.9/site-packages/pybatfish/client/asserts.py:224: BatfishAssertWarning: No node: sw-1
+  warnings.warn("No node: {}".format(node), category=BatfishAssertWarning)
+Desktop pod has no routes to security servers. passed!
+Route to DNS must be a OSPF E2 route from Desktop pod. passed!
+There is always at least one BGP session towards an ISP in Established state. passed!
+All tests have passed!
+```
+

config_gen/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+host_key_checking=False
+interpreter_python=/usr/bin/env python

config_gen/data/configs/edge-1.cfg

@@ -0,0 +1,180 @@
+!
+! Last configuration change at 17:22:06 UTC Thu Sep 8 2022
+!
+version 15.9
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname edge-1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
+enable password cisco
+!
+no aaa new-model
+!
+!
+!
+mmi polling-interval 60
+no mmi auto-configure
+no mmi pvc
+mmi snmp-timeout 180
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name virl.info
+ip cef
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+username cisco privilege 15 secret 9 $9$N7aRodw43LgdBt$4JeCjXGYmGkn9waA4Ib2tlxqtOIlJRs5q99ZCPYb8Ag
+!
+redundancy
+!
+no cdp run
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Loopback0
+ description to 
+ no ip address
+ shutdown
+!
+interface GigabitEthernet0/0
+ description to GigabitEthernet3/3.sw-1
+ ip address 192.168.11.1 255.255.255.252
+ ip ospf 100 area 0
+ duplex auto
+ speed auto
+ media-type rj45
+!
+interface GigabitEthernet0/1
+ description to GigabitEthernet2.isp-0
+ ip address 192.1.11.1 255.255.255.252
+ duplex auto
+ speed auto
+ media-type rj45
+!
+interface GigabitEthernet0/2
+ description to 
+ no ip address
+ shutdown
+ duplex auto
+ speed auto
+ media-type rj45
+!
+interface GigabitEthernet0/3
+ description to 
+ no ip address
+ shutdown
+ duplex auto
+ speed auto
+ media-type rj45
+!
+interface GigabitEthernet0/4
+ description to 
+ no ip address
+ shutdown
+ duplex auto
+ speed auto
+ media-type rj45
+!
+interface GigabitEthernet0/5
+ description to port2.mgmt-sw1
+ ip address dhcp
+ duplex auto
+ speed auto
+ media-type rj45
+!
+router ospf 100
+ router-id 1.1.1.1
+ redistribute bgp 100 subnets
+ passive-interface default
+ no passive-interface GigabitEthernet0/0
+!
+router bgp 100
+ bgp log-neighbor-changes
+ redistribute ospf 100
+ neighbor 192.1.11.2 remote-as 200
+!
+ip forward-protocol nd
+!
+!
+no ip http server
+no ip http secure-server
+ip ssh server algorithm authentication password
+!
+ipv6 ioam timestamp
+!
+!
+!
+control-plane
+!
+banner exec ^C
+**************************************************************************
+* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
+* education. IOSv is provided as-is and is not supported by Cisco's      *
+* Technical Advisory Center. Any use or disclosure, in whole or in part, *
+* of the IOSv Software or Documentation to any third party for any       *
+* purposes is expressly prohibited except as otherwise authorized by     *
+* Cisco in writing.                                                      *
+**************************************************************************^C
+banner incoming ^C
+**************************************************************************
+* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
+* education. IOSv is provided as-is and is not supported by Cisco's      *
+* Technical Advisory Center. Any use or disclosure, in whole or in part, *
+* of the IOSv Software or Documentation to any third party for any       *
+* purposes is expressly prohibited except as otherwise authorized by     *
+* Cisco in writing.                                                      *
+**************************************************************************^C
+banner login ^C
+**************************************************************************
+* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
+* education. IOSv is provided as-is and is not supported by Cisco's      *
+* Technical Advisory Center. Any use or disclosure, in whole or in part, *
+* of the IOSv Software or Documentation to any third party for any       *
+* purposes is expressly prohibited except as otherwise authorized by     *
+* Cisco in writing.                                                      *
+**************************************************************************^C
+!
+line con 0
+ password cisco
+line aux 0
+line vty 0 4
+ exec-timeout 720 0
+ password cisco
+ login local
+ transport input telnet ssh
+!
+no scheduler allocate
+!
+end