Process flow for predeployment validation with Batfish Enterprise

  1. Upload Configurations

    Upload your configurations and Batfish goes to work building models of device configurations, routing, and forwarding.

  2. Define Policy

    Define your policy intent, or leverage the built-in policies Batfish Enterprise identifies based on your configurations

  3. Validate

    Batfish turns the various models and policies into mathematical equations, evaluating current and potential network states and traffic flows to ensure your network security, reliability and compliance policies are met.

  4. Iterate & Deploy

    Iterate on your configurations until Batfish verifies that all policies are met. Then safely push the changes to your network


Vendor Neutral Device Models

They form the foundation on which the Batfish analysis occurs. Regardless of the device vendor (Cisco, Juniper, Arista, etc…) or device function (router, switch, firewall, etc…) or type (physical, virtual) or cloud provider (AWS, GCP, Azure, etc…) Batfish builds a device agnostic model upon which all analysis is performed.

Network Behaviour Models

Using the vendor neutral device models and the route simulation, Batfish builds a series of network behavior models that allow it to predict traffic flows and compare them against the network policy/intent.

Route Simulation

Route simulation is the cornerstone of Batfish, the capability that uniquely allows it to be used for pre-deployment validation. By building the RIBs and FIBs of each device, Batfish builds a predictive model of network behavior.

Open APIs

A robust set of REST APIs with a native Python SDK allows users to seamlessly integrate Batfish into their design, validation and operational workflow.

Batfish Enterprise


The Batfish Enterprise Dashboard provides a single-pane of glass from which users can interrogate and analyze a proposed change to the network, or the actual network to ensure that it meets their policy intent.

Network Analyzers

Within Batfish Enterprise are a number of pre-built network analyzers, powered by advanced models and heuristics, that can identify potential landmines without any user input. These analyzers deliver immediate value, before users train Batfish Enterprise about their specific network design and policy.

See What's Possible

Pre-deployment validation of your network’s security, reliability and compliance policies, fully-automated with Batfish.

Request Your Demo