Identifying the viability of tens of thousands of cloud routes can be a daunting and time consuming task for network operators, especially if the next hop interface and instance association is not clearly delineated. 

Did you know that the FN platform can do repetitive evaluations on the viability of a cloud route based on the next hop instance state?

FN’s NQE feature can greatly reduce the time it typically takes to identify such conditions through automation - a “force multiplier,” allowing operators to accomplish more tasks efficiently.

An NQE query has been created and included with the platform to streamline this determination, while also identifying potential blackhole routes in AWS. (/Forward Library/Cloud/AWS/Routes with invalid next hop).

The NQE query repetitively evaluates all AWS route table entries to determine if there is an instance (EC2) in a running (UP) state associated with the next hop interface (ENI).

The results of the NQE query provide “actionable” insights to which VPC’s contain specific route table prefixes with instances that are not in a running state as well as detached interfaces.

To validate the NQE results, we do a search for the specific route table ID and select Cloud route table details.

The cloud route table reveals that the prefixes (10.151.0.0/24 and 10.1515.1.0/24) are in blackhole status due to lack of ENI to instance association.

Armed with this insight, network operators can take the appropriate remediation steps needed to address the blackhole issue.

========= NQE Snippet =========

/**

 * @intent Verifies, for AWS projects, compute instances that are targets of 

 * routes exist and are up.

 */

nullRefObj = null : {refObjId: String, refObjType: RefObjType};

missingComputeInstance = { id: "", name: "", isUp: false };

foreach cloudAccount in network.cloudAccounts

foreach vpc in cloudAccount.vpcs

where vpc.cloudType == CloudType.AWS

foreach routeTable in vpc.routeTables

foreach route in routeTable.routes

where isPresent(route.nextHop)

let refObj = when route.nextHop is refObj(r) -> r; otherwise -> nullRefObj

where isPresent(refObj)

where refObj.refObjType == RefObjType.INTERFACE

let matchedComputeInstance = max(foreach computeInstance in vpc.computeInstances

                                 foreach computeInstanceIface

                                   in computeInstance.instanceIfaces

                                 where refObj.refObjId ==

                                       computeInstanceIface.ifaceId

                                 select {

                                   id: computeInstance.id,

                                   name: computeInstance.name,

                                   isUp: computeInstance.isUp

                                 })

let computeInstance = if isPresent(matchedComputeInstance)

                      then matchedComputeInstance

                      else missingComputeInstance

select {

  violation: !computeInstance.isUp,

  CloudProject: cloudAccount.name,

  Vpc: vpc.name,

  VpcId: vpc.id,

  RouteTable: routeTable.name,

  RouteTableId: routeTable.id,

  Prefixes: route.prefixes,

  NextHopInterfaceId: refObj.refObjId,

  ComputeInstance: computeInstance.name,

  ComputeInstanceId: computeInstance.id,

  ComputeInstanceIsUp: computeInstance.isUp

}