Does Batfish support reachability verification of encapsulated data packets, such as reachability verification of data packets forwarded to the tunnel endpoint through a VXLAN tunnel? - Githubissues

batfish / batfish

Batfish is a network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations. It enables network engineers to rapidly and safely evolve their network, without fear of outages or security breaches.

http://www.batfish.org

Apache License 2.0

1.17k stars 233 forks source link

Does Batfish support reachability verification of encapsulated data packets, such as reachability verification of data packets forwarded to the tunnel endpoint through a VXLAN tunnel? #9190

Open leo123lx opened 2 months ago

leo123lx commented 2 months ago

Does Batfish support reachability verification of encapsulated data packets, such as reachability verification of data packets forwarded to the tunnel endpoint through a VXLAN tunnel?

ratulm commented 2 months ago

@anothermattbrown can confirm but my understanding is that the forwarding/reachability across the overlay/underlay divide is not supported. You can either analyze the underlay or the overlay.

dhalperi commented 2 months ago

No it actually does work depending on the analysis being done. So if the VXLAN tunnel is established and then new L3 adjacencies are established as a result, Batfish will properly support verification between those L3 endpoints. It will assume that all packets through the successfully established tunnel are delivered, however.