samwthomas site logo ================
== Sam Thomas ==
================
Technical engineering, plus anything which interests me

Blog Posts Linting Status Blog Posts Linting Status

SPOF NetworkX Detection

automation graph ipv4 networkx ciscoconfparse python spof

Detecting Single Points of Failure using NetworkX

The ability to think of a TCP/IP Network as just a mathematical graph is underutilised by typical (network automation) engineers in my opinion. Graph theory is a well established field of mathematics, and converting a (computer) network to it’s graphical state enables us to reap benefits at minimal cost.

In this blog post, I introduce converting a (basic) network to a graph, at the IPv4 layer, using Cisco .cfg files. We can manipulate this graph to detect Single Points of Failure (SPoF) and audit network reliability. This will be the first post in using graphs to gain visibility into (computer) networks.

GitHub Repository for NetApollo, Python implementation of the approach discussed: https://github.com/sam-w-thomas/NetApollo

Is is worthwhile pointing out, networking modelling is already a well-practiced discipline. This is just my contribution!

Graph Theory

Many Network Engineers, without a background in Computer Science, may scratch their head at what a ‘graph’ is? That’s just a bar chart or something right? In the world of Computer Science, it has a different meaning - explained below from MIT.

"Informally, a graph is a bunch of dots and lines where the lines connect some pairs of dots"

“Graphs are ubiquitous in computer science because they provide a handy way to represent a relationship between pairs of objects. The objects represent items of interest such as programs, people, cities, or web pages, and we place an edge between a pair of nodes if they are related in a certain way”

Graphs come in two typical flavours:

  • Directed Graphs - edges have a concept of direction
  • Undirected Graphs - edges have no concept of direction

Example of a basic graph.

Basic graph

Here is the graph, but it’s in it’s (physical) network form.

Graph converted to a (basic) physical view of a network

For the purposes of simplicity, all graphs in this post will be undirected graphs. Although, we could use a directed Graph to represent receive and transmit.

Converting a TCP/IP network to a graph

Now, you can’t convert a TCP/IP network into just a single graph; We have control, data and management planes for a reason.

However, we can convert parts of a network to a single graph. For example, the IPv4 layer or the OSPF Link State Database. We shall create a single graph at the IPv4 layer in this blog post.

However, to increase complexity and ability, you could layer graphs. As you’d expect, graph theory has a word and ability for this already - Multilayer graphs.

Example of a Multilayer Graph

Converting a TCP/IP network to a graph - Implementation

As mentioned above, we shall create a graph at the IPv4 layer, and use this to detect SPoFs. I break this problem down into the following domains:

  1. Gathering IPv4 addressing
  2. Filtering interfaces based on state (Optional)
  3. Determining neighbors using IPv4 addressing and convert to adjacency list
  4. Convert adjacency list into a graph
  5. Iterate through graph to find SPoFs

Gathering IPv4 addressing

Fundamentally, there are two approaches we can use to gather addressing, neither are mutually exclusive:

  • Configuration files
  • State information (e.g. “show” commands in Cisco)

In NetApollo I demonstrate using just configuration files. This has the following advantages:

  • Enables a third-party to audit configuration with no live connectivity requirements (or equivalent)
  • Provides a building block for other information. For example, we could add state information onto the configuration files

In NetApollo, IPv4 addressing is achieved using ciscoconfparse. This scrapes the configuration files in a folder, and is used to produce the following structure for each interface:

enter image description here

If we apply this logic to an actual network, the one below, we get the following result(s):

enter image description here

enter image description here

We now have a table of the IPv4 addressing for an entire network, an “interface-address table”. Using scale techniques, such as Pandas Dataframes and Numpy, we could increase the efficiency of processing.

Filtering interfaces based on state

I want to keep this relatively short, as I did not implement this approach. However, you could use keys in the static configuration (e.g. interface names) and combine this with tools, such as paramiko/TextFSM, which would enable you to filter links based on a state of your choosing, such as down. Alternatively, you could also layer on information such as errors; increasing graph complexity to achieve aims.

Determining neighbors using IPv4 addressing

Iterating through the interface-address table produced, enables us to build an adjacency list. An adjacency list of the network above looks like:
R1: R2, R3
R2: R1, R3
R3: R1, R4, R5
R4: R3, R5
R5: R3, R4

Please note, we are looking at this at the IPv4 layer. R4, R5 and R3 share an NBMA network segment so there is more actual complexity; however, we simplify for our purposes.

This adjacency list can then be converted to a (NetworkX graph)[https://networkx.org/].

To determine the adjacency list from the interface-address table produced, we follow the logic:

C i i t o n n a n t t b t e e l i r r e n f f u a a f e c c o e e r t - o i a i n d n n d n e r e x e r t s - s l o o p S P a n S e e d e A C o e l r d i d o n l e f r g d m e c o e h p a c t r s b P a d t m s o r r j I r i i a I n X a s m s c n t O n a o e t e R d r n n e r y c r f o s a y f a n u A a s N a c b r n l O c e P n e d n i e r m e s f i e N i t f r m t e g r o a m i h o m r a g b m y s h o i k b r i n a o s n t n t r t e d o s e r r f C d f a o e a c m t c e p e e - a r - a r m a d i i d d s n d r o e r e n e s i s s u f s s L i t i s a n t a n e s t a b g g t e b l m r l e e i f e n n a t t c ( ( e e P C r - r o A f a i m r a d m p e c d a a e r r r N e y i o i s ) s t n s o n N t ) e a i b g l h e b o r s Y E S C i t o n a n t b t e l i r e n f u a f e c o e r t o i o n u n t e i e x n r t t - e l r o f o a p c e - a d d r e s s

In practice, the adjacency list takes the form of a dictionary of lists. This demonstrated below for the example topology shown above.

{
  "R1": ["R2", "R3"],
  "R2": ["R1", "R3"],  
  "R3": ["R1", "R4", "R5"],  
  "R4": ["R3", "R5"],  
  "R5": ["R3", "R4"]  
}

Convert adjacency list into a graph

Here is when we are introduced to NetworkX. NetworkX describes itself as “.. a Python package for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks”. It provides the basis for (our) python graph manipulation, without us having to do the hard work.

To load our adjacency list as a NetworkX Graph, we only need the following code:

import networkx as nx

networkx_graph = nx.from_dict_of_lists(adj_list)

Iterate through the graph to find Single Points of Failure

To identify SPoFs, we iterate through every node. Removing the node, and seeing if it is a disconnected graph. A “disconnected graph” is a graph theory term which states the graph that has two distinct/seperate components, i.e. there are at least two nodes with no path between them.

Please note, when implementing this in python you need to use the .copy() function to create a separate graph each iteration. Otherwise, you would eventually remove all nodes from your original graph; We want a fresh (original) graph every iteration.

spof_nodes = []
    for node in original_graph.nodes:
        iteration_graph = original_graph.copy()
        iteration_graph.remove_node(node)
        if not nx.is_connected(demo_graph):
            spof_nodes.append(node)

Using the above example, spof_nodes now represents all nodes which are SPoFs at the IPv4 layer.

Scalability

I don’t want to delve to much into this, as I don’t have the time to demonstrate this approach on 10,000’s of nodes. However, given the simple data structures explored. I believe this approach could be scaled up to networks with 100,000’s of devices. This could potentially be achieved by breaking tasks and using tools such as Apache Hadoop.


Practical Applications

Whilst this approach could be used to pull static configuration files and quickly identify Single Points of Failure. There exist more complete solutions which may be more appropriate for your particular needs. For example, Batfish has a comprehensive approach to analyse the impact of network failure in greater complexity than is covered here. However, we hope this blog post can provide a reference for simpler analysis and fundamental learning. Furthermore, proprietary tools/products exist, such as IPFabric.