Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Palo Alto Interface missing bandwidth, cannot compute OSPF cost #9013

Closed
netops501 opened this issue May 18, 2024 · 3 comments · Fixed by #9024
Closed

Palo Alto Interface missing bandwidth, cannot compute OSPF cost #9013

netops501 opened this issue May 18, 2024 · 3 comments · Fixed by #9024

Comments

@netops501
Copy link

netops501 commented May 18, 2024
edited

Describe the bug and expected behavior

Palo Alto firewall doesn't support "bandwidth" under the interface. However, it has metric keyword for OSPF interface instead. For example,

set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 metric 5001

Runnable example

from pybatfish.client.session import Session
TXT = """
!RANCID-CONTENT-TYPE: paloalto
set network interface tunnel units tunnel.11 comment "tun11 VPN hq"
set network interface tunnel units tunnel.11 ip 169.254.11.2/30
set network interface tunnel units tunnel.11 mtu 1427
set network virtual-router default protocol bgp enable no
set network virtual-router default protocol bgp routing-options graceful-restart enable yes
set network virtual-router default protocol rip enable no
set network virtual-router default protocol ospf enable yes
set network virtual-router default protocol ospf router-id 10.10.10.1
set network virtual-router default protocol ospf reject-default-route yes
set network virtual-router default protocol ospf allow-redist-default-route yes
set network virtual-router default protocol ospf area 0.0.0.0 type normal
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 enable yes
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 passive no
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 authentication ospf_md5
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 metric 5001
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 priority 1
set network virtual-router default protocol ospf area 0.0.0.0 interface tunnel.11 link-type p2p
set network virtual-router default ecmp algorithm ip-modulo
set network virtual-router default interface [ tunnel.11 ]
set network virtual-router default routing-table ip static-route vpn-hq-0 interface tunnel.11
set network virtual-router default routing-table ip static-route vpn-hq-0 metric 10
set network virtual-router default routing-table ip static-route vpn-hq-0 destination 10.0.1.0/24
set network virtual-router default routing-table ip static-route vpn-hq-0 route-table unicast
set zone VPN network layer3 tunnel.11
set import network interface [ tunnel.11 ]
[edit]
"""
bf = Session()
bf.set_network("github-bug-report")
bf.init_snapshot_from_text(TXT)
# Verify that Batfish recognized the vendor format correctly
print(bf.q.fileParseStatus().answer())
# Insert command(s) below to demonstrate the problem
print(bf.q.initIssues().answer())

Additional context

Error message on the console:

2024-05-18 02:18:20,730 ERROR common.BatfishLogger Exception in container:241d5675-11a8-4cde-b7d1-34b045ce3916, testrig:1c8c3cd5-bae1-44fb-b236-deebc6219018; exception:java.lang.IllegalStateException: Interface tunnel.11 on paloalto-test is missing bandwidth, cannot compute OSPF cost
at com.google.common.base.Preconditions.checkState(Preconditions.java:835)
at org.batfish.datamodel.ospf.OspfProcess.computeInterfaceCost(OspfProcess.java:373)
at org.batfish.datamodel.ospf.OspfProcess.computeInterfaceCost(OspfProcess.java:362)
at org.batfish.datamodel.ospf.OspfProcess.lambda$initInterfaceCosts$4(OspfProcess.java:514)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at java.base/java.util.Collections$2.tryAdvance(Collections.java:4747)
at java.base/java.util.Collections$2.forEachRemaining(Collections.java:4755)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658)
at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274)
at java.base/java.util.Collections$2.tryAdvance(Collections.java:4747)
at java.base/java.util.Collections$2.forEachRemaining(Collections.java:4755)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at org.batfish.datamodel.ospf.OspfProcess.initInterfaceCosts(OspfProcess.java:514)
at org.batfish.main.Batfish.lambda$postProcessOspfCosts$34(Batfish.java:1653)
at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:422)
at org.batfish.main.Batfish.lambda$postProcessOspfCosts$35(Batfish.java:1653)
at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:422)
at org.batfish.main.Batfish.lambda$postProcessOspfCosts$36(Batfish.java:1650)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.batfish.main.Batfish.postProcessOspfCosts(Batfish.java:1646)
at org.batfish.main.Batfish.postProcessSnapshot(Batfish.java:1950)
at org.batfish.main.Batfish.serializeIndependentConfigs(Batfish.java:2314)
at org.batfish.main.Batfish.run(Batfish.java:2041)
at org.batfish.main.Driver.lambda$runBatfish$0(Driver.java:155)
at java.base/java.lang.Thread.run(Thread.java:829)
@ratulm
Copy link
Member

ratulm commented May 27, 2024

Looking at the code the metric annotation is supported but it expects an 8-bit integer.

Documentation indicates 16-bit integers.

I'll try to fix this soon unless you or someone else beats me to it.

@dhalperi
Copy link
Member

@ratulm - looks like 2 bugs, one parsing and one not using the default of 10.

@dhalperi dhalperi mentioned this issue May 29, 2024
Closed
dhalperi added a commit that referenced this issue May 29, 2024
@dhalperi
PAN: fix OSPF metric grammar and values
afb795c 
There are two types of OSPF metrics with different bounds. Separate them
grammatically and make the interface metric one correctly u16. Improve testing
for new behavior including both 16 bit support and using the PAN default when
metric is not configured in configs.

Fix #9013, thanks @netops501!

commit-id:267766ed
@dhalperi dhalperi mentioned this issue May 29, 2024
Merged
@dhalperi
Copy link
Member

Ended up being even more involved with requiring disambiguating two different types of metric concepts in PAN. #9024

dhalperi added a commit that referenced this issue May 29, 2024
@dhalperi
PAN: fix OSPF metric grammar and values (#9024)
4f400c4 
There are two types of OSPF metrics with different bounds. Separate them
grammatically and make the interface metric one correctly u16. Improve testing
for new behavior including both 16 bit support and using the PAN default when
metric is not configured in configs.

Fix #9013, thanks @netops501!

commit-id:267766ed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@dhalperi @ratulm @netops501