Veriflow as a Platform: Building Applications Using Veriflow APIs

In today’s networking world, a wide variety of technologies at different layers are applied to solve problems: high availability, load balancing, address translation, access control, packet forwarding and traffic engineering to name a few. Due to this large problem and solution space, it does not take much time to realize that every network is truly unique. Computer networks are heterogeneous and complex, and existing network administration and operation tools are either too generic to the point it merely becomes useful for everyone or is too specific to the point it solves only a well defined and scoped subset of the problems that can’t be used widely. We observe that most networking teams are building their own custom scripts or tools to deal with the complexity of their own networks.

Veriflow Overview

Veriflow, with its patented verification technology, takes a unique approach to understanding your network at the data plane. Veriflow builds a complete mathematical model of your network and delivers detailed information on network topology, device and interface properties, and statistics, and most importantly, all potential network-wide packet flows that could take place in the network. The network states and generated models are stored as historical data making Veriflow a big data repository of how a given network evolves over time.

As seen in the block diagram below, Veriflow is a platform that allows third-party applications to interact with well-defined Veriflow APIs, and operate on this big data to unlock many exciting possibilities. In this write-up, you will learn what Veriflow APIs offer, and how to utilize them for your own needs. Whether you want to write a new networking application or you want to enhance your own existing application with Veriflow’s patented verification technology, Veriflow APIs have what you need.


Exploring the API

Veriflow APIs have many features that help developers building networking applications, and networking teams building custom scripts or tools to ease their day to day operations. Veriflow APIs provide the capability to observe and verify the state of physical network topology including devices, interfaces, and links. For instance, one can check for MTU mismatches between connected interfaces. Similarly, to aid the upgrade process, you can check software versions of all devices to ensure they are greater than the minimum supported version with a few simple API calls.

Veriflow APIs allow analysis of network-wide flow graph including packet transformations along the flow paths. This is powerful when you are troubleshooting the network or verifying potential network-wide packet flows after a change. With a few API calls, you can manage and verify your intents from your application using Veriflow’s best practices intent library. If you want to build customized queries into your application, Veriflow APIs provide search capability using Veriflow’s query language for detailed analysis of the network. With one API call, users can travel back and forth in a timeline and observe the network state or search for a specific potential packet flow within the network at different times.

Sample Application #1 using Veriflow APIs: Detecting MTU mismatch

In order to demonstrate basics of Veriflow APIs, we will tackle a real-world problem: how to detect MTU mismatches between connected interfaces in the network to avoid packet drops. Following Python code imports Veriflow REST API Client library and checks the MTU across the connecting interfaces given a device name and an interface name on that device. Note that Veriflow builds the network topology, and knows which interfaces are connected, so we only need one interface to start with. This check can be generalized to cover all devices and interfaces in your network so that you can quickly catch MTU mismatch errors with one script.

from vf_restful_api import VeriflowRESTfulAPIClient

def mtu_mismatch_check(api_client, device_name, interface_name):
   cur_time = api_client.get_latest_snapshot_timestamp()
   if cur_time is not None:
       api_client.load_snapshot(cur_time)

       #get spine devices, i.e., device.name.matches(.*sm.*)
       device_list = api_client.get_matching_devices(device_name)
       if len(device_list) != 1:
           print "Failed. Expecting exactly one device matching to given device name."
           return

       device = device_list[0]
       interface = None
       for intf in device["interfaces"]:
           if intf["name"] == interface_name:
               interface = intf
               break

       if interface == None:
           print "Failed. Interface not found."
           return

       mtu = interface["properties"]["attribute_mtu"]["value"]

       connecting_interface_id = interface["links"][0]["next_hop_interface_id"]
       connecting_interface = api_client.get_interface_by_id(connecting_interface_id)

       connecting_interface_mtu = connecting_interface["properties"]["attribute_mtu"]["value"]
       if mtu != connecting_interface_mtu:
           print "MTU mismatch detected. Found MTUs: " + str(mtu) + " and " + str(connecting_interface_mtu)
       else:
           print "MTU values are consistent across the link. Found MTU: " + str(mtu)

if __name__ == "__main__":
   api_client = VeriflowRESTfulAPIClient(user_name="veriflow", password = "veriflow")
   mtu_mismatch_check(api_client, "ny-acc-1", "Ethernet4")

Sample Application #2 using Veriflow APIs: Checking Existence of a Flow Path

Most networks have critical services that should always be reachable. Veriflow has a reachability intent that you can enable with a few clicks for verification of reachability of your critical services, but for advanced users comfortable using APIs, we will demonstrate the flow search capability in the APIs. In this example, we will check for the existence of a potential flow path from source device named “ny-acc-1” to target device named “pr-dc-acc-ws-1”, and if no flow paths exist, that means reachability is violated, and we will send an alert to networking team manager!

from vf_restful_api import VeriflowRESTfulAPIClient

def flow_path_existence_check(api_client, source_device, target_device, args):
   query = “@” + source_device + “ --> @“ + target_device
   flow_paths = api_client.get_flow_paths_by_search(query);
   if len(flow_paths) == 0:
       print "Flow path existence failed, sending alert..."
       send_alert(api_client.loaded_snapshot_timestamp, args.msg, args.email)

if __name__ == "__main__":
   args = ...
   api_client = VeriflowRESTfulAPIClient(user_name="veriflow", password = "veriflow")

   prev_time = None
   if prev_time is None:
      print "No snapshot available, waiting"

   while True:
       cur_time = c.get_latest_snapshot_timestamp()
       if cur_time is not None:
           if cur_time != prev_time:
               print "New snapshot:", cur_time
               c.load_snapshot(cur_time)
               flow_path_existence_check(api_client, "ny-acc-1", “pr-dc-acc-ws-1", args)
               prev_time = cur_time

       time.sleep(args.poll_time)

Wrapping Up

The two examples above show how Veriflow APIs allow developers to build incredibly complex networking features into their applications with a few lines of code. Features that historically would have required a lot of effort is now extremely easy to implement. Network operations teams can build their favorite tools using Veriflow APIs to make their daily lives less stressful. We are excited to deliver an extensible platform that provides capabilities to analyze networks from high-level network topology to low-level details of potential network-wide packet flows that was not possible before Veriflow.

To learn more about Veriflow, custom APIs and our approaches to building available and resilient networks read our white paper, A Proactive Approach to Assuring Network Resilience and Protection