Skip to content

junos_commit_check: add lab and test for Junos prefix normalization enforcement#171

Merged
dhalperi merged 1 commit into
mainfrom
spr/main/82759006
May 5, 2026
Merged

junos_commit_check: add lab and test for Junos prefix normalization enforcement#171
dhalperi merged 1 commit into
mainfrom
spr/main/82759006

Conversation

@dhalperi
Copy link
Copy Markdown
Member

@dhalperi dhalperi commented May 5, 2026

Add infrastructure to detect and regression-test which Junos configuration
contexts reject unnormalized prefixes (host bits set) at commit time.

Two layers:

  • infra/examples/junos-commit-check/: containerlab lab with
    commit_check_rejects and commit_check_accepts check types for empirical
    discovery on vJunos
  • snapshots/junos_commit_check/: CI regression test with per-host
    test_parse_warnings driven by validation/parse_warnings.yaml

Empirical results from vJunos 25.4R1.12: Junos rejects host bits in
static route, aggregate route, generate route, OSPF area-range, firewall
from-address, firewall next-ip, and condition if-route-exists. Junos
accepts host bits in prefix-list, route-filter, SNMP client-list, BGP
allow, MPLS LSP install, interface address, and VGA tracking route.

All 7 "rejects" cases are sickbayed pending Batfish implementation
(batfish/batfish#9928 covers static routes only).

Prompt:

Read https://github.com/batfish/batfish/pull/9928. The underlying issue is
the ability to easily detect, automatically, when Junos will reject a
specific piece of syntax. Design a repeatable procedure to do this, and
apply it to this problem.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.50%. Comparing base (21eafe8) to head (c3ae28b).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #171   +/-   ##
=======================================
  Coverage   83.50%   83.50%           
=======================================
  Files          87       87           
  Lines        4165     4165           
=======================================
  Hits         3478     3478           
  Misses        687      687
Flag Coverage Δ
unittests 83.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dhalperi
junos_commit_check: add lab and test for Junos prefix normalization e…
c3ae28b 
…nforcement

Add infrastructure to detect and regression-test which Junos configuration
contexts reject unnormalized prefixes (host bits set) at commit time.

Two layers:
- infra/examples/junos-commit-check/: containerlab lab with
  commit_check_rejects and commit_check_accepts check types for empirical
  discovery on vJunos
- snapshots/junos_commit_check/: CI regression test with per-host
  test_parse_warnings driven by validation/parse_warnings.yaml

Empirical results from vJunos 25.4R1.12: Junos rejects host bits in
static route, aggregate route, generate route, OSPF area-range, firewall
from-address, firewall next-ip, and condition if-route-exists. Junos
accepts host bits in prefix-list, route-filter, SNMP client-list, BGP
allow, MPLS LSP install, interface address, and VGA tracking route.

All 7 "rejects" cases are sickbayed pending Batfish implementation
(batfish/batfish#9928 covers static routes only).

Prompt:
```
Read batfish/batfish#9928. The underlying issue is
the ability to easily detect, automatically, when Junos will reject a
specific piece of syntax. Design a repeatable procedure to do this, and
apply it to this problem.
```

commit-id:82759006
@dhalperi dhalperi force-pushed the spr/main/82759006 branch from 8e96af1 to c3ae28b Compare May 5, 2026 22:06
@dhalperi dhalperi enabled auto-merge (squash) May 5, 2026 22:10
@dhalperi dhalperi merged commit becdc0c into main May 5, 2026
110 checks passed
@dhalperi dhalperi deleted the spr/main/82759006 branch May 5, 2026 22:16
dhalperi pushed a commit to batfish/batfish that referenced this pull request May 6, 2026
@anothermattbrown
Junos: fatal error for prefixes with host bits set (#9928)
2dbe572 
Junos commit checks require that static route prefixes be normalized
(i.e. not host bits set). Add a fatal red flag warning for that and
several other known cases (batfish/lab-validation#171)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@anothermattbrown anothermattbrown anothermattbrown approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dhalperi @codecov-commenter @anothermattbrown