paloaltonetworks.panos.panos_logical_router_vrf module – Manage Logical Router VRFs

Note

This module is part of the paloaltonetworks.panos collection (version 3.2.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_logical_router_vrf.

New in paloaltonetworks.panos 3.3.0

Synopsis

  • Manage PANOS Logical Router VRFs.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

ad_bgp_external

integer

Administrative distance for this protocol

ad_bgp_internal

integer

Administrative distance for this protocol

ad_bgp_local

integer

Administrative distance for this protocol

ad_ospf_ext

integer

Administrative distance for this protocol

ad_ospf_inter

integer

Administrative distance for this protocol

ad_ospf_intra

integer

Administrative distance for this protocol

ad_ospfv3_ext

integer

Administrative distance for this protocol

ad_ospfv3_inter

integer

Administrative distance for this protocol

ad_ospfv3_intra

integer

Administrative distance for this protocol

ad_rip

integer

Administrative distance for this protocol

ad_static

integer

Administrative distance for this protocol

ad_static_ipv6

integer

Administrative distance for this protocol

api_key

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.

bgp_always_advertise_network_route

boolean

Always advertise network routes even if not present in RIB

Choices:

  • false

  • true

bgp_default_local_preference

integer

Global Default Local Preference

bgp_ecmp_multi_as

boolean

Support multiple AS in ECMP

Choices:

  • false

  • true

bgp_enable

boolean

Enable BGP

Choices:

  • false

  • true

bgp_enforce_first_as

boolean

Enforce First AS

Choices:

  • false

  • true

bgp_fast_external_failover

boolean

Immediately reset session if a link to a directly connected external peer goes down

Choices:

  • false

  • true

bgp_global_bfd

string

BGP Global BFD Profile

bgp_graceful_local_restart_time

integer

Local restart time to advertise to peer

bgp_graceful_max_peer_restart_time

integer

Maximum of peer restart time accepted

bgp_graceful_restart_enable

boolean

Graceful-restart options enabled

Choices:

  • false

  • true

bgp_graceful_restart_stale_route_time

integer

Time to remove stale routes after peer restart

bgp_graceful_shutdown

boolean

Gracefully Shutdown BGP following RFC-8326

Choices:

  • false

  • true

bgp_install_route

boolean

Populate BGP learned route to global route table

Choices:

  • false

  • true

bgp_local_as

string

Local AS number

bgp_med_always_compare_med

boolean

Always compare MEDs

Choices:

  • false

  • true

bgp_med_deterministic_med_comparison

boolean

Deterministic MEDs comparison

Choices:

  • false

  • true

bgp_redistribution_profile_ipv4_unicast

string

IPv4 Redistribution Profile

bgp_redistribution_profile_ipv6_unicast

string

IPv6 Redistribution Profile

bgp_router_id

string

Router id of this BGP instance

commit

boolean

Deprecated

Please use paloaltonetworks.panos.panos_commit_firewall, paloaltonetworks.panos.panos_commit_panorama, paloaltonetworks.panos.panos_commit_push instead.

Commit changes after creating object. If ip_address is a Panorama device, and device_group or template are also set, perform a commit to Panorama and a commit-all to the device group/template.

Choices:

  • false

  • true

ecmp_algorithm

string

Load balancing algorithm

ecmp_algorithm_hash_seed

integer

User-specified hash seed

ecmp_algorithm_src_only

boolean

Only use source address for hash

Choices:

  • false

  • true

ecmp_algorithm_use_port

boolean

Use source/destination port for hash

Choices:

  • false

  • true

ecmp_enable

boolean

Enable Equal Cost Multipath

Choices:

  • false

  • true

ecmp_max_path

integer

Maximum number of ECMP paths supported, change this configuration will result in a virtual router restart

ecmp_strict_source_path

boolean

Force VPN traffic to exit interface that the source-ip belongs to

Choices:

  • false

  • true

ecmp_symmetric_return

boolean

Allows return packets to egress out of the ingress interface of the flow

Choices:

  • false

  • true

gathered_filter

string

When state=gathered.

An advanced filtering option to filter results returned from PAN-OS.

Refer to the guide discussing gathered_filter for more information.

interface

list / elements=string

List of interface names

ip_address

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.

logical_router

string / required

Name of the Logical Router

name

string

Name of VRF

ospf_enable

boolean

Enable OSPF

Choices:

  • false

  • true

ospf_global_bfd

string

OSPF Global BFD Profile

ospf_global_if_timer

string

Global protocol timer setting

ospf_graceful_restart_enable

boolean

Enable OSPF graceful restart

Choices:

  • false

  • true

ospf_graceful_restart_grace_period

integer

Graceful restart period

ospf_graceful_restart_helper_enable

boolean

Graceful restart helper enable

Choices:

  • false

  • true

ospf_graceful_restart_max_neighbor_restart_time

integer

Graceful restart neighbor restart time

ospf_graceful_restart_strict_lsa_checking

boolean

Graceful restart strict lsa checking

Choices:

  • false

  • true

ospf_redistribution_profile

string

Redistribution profile setting

ospf_rfc1583

boolean

RFC 1583 compatibility

Choices:

  • false

  • true

ospf_router_id

string

Router ID in IP format (eg. 1.1.1.1)

ospf_spf_timer

string

SPF timer setting

ospfv3_disable_transit_traffic

boolean

Disable R-Bit and v6-Bit

Choices:

  • false

  • true

ospfv3_enable

boolean

Enable OSPFv3

Choices:

  • false

  • true

ospfv3_global_bfd

string

OSPFv3 Global BFD Profile

ospfv3_global_if_timer

string

Global protocol timer setting

ospfv3_graceful_restart_enable

boolean

Enable OSPFv3 graceful restart

Choices:

  • false

  • true

ospfv3_graceful_restart_grace_period

integer

Graceful restart period

ospfv3_graceful_restart_helper_enable

boolean

Graceful restart helper enable

Choices:

  • false

  • true

ospfv3_graceful_restart_max_neighbor_restart_time

integer

Graceful restart neighbor restart time

ospfv3_graceful_restart_strict_lsa_checking

boolean

Graceful restart strict lsa checking

Choices:

  • false

  • true

ospfv3_redistribution_profile

string

Redistribution profile setting

ospfv3_router_id

string

Router ID in IP format (eg. 1.1.1.1)

ospfv3_spf_timer

string

SPF timer setting

password

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.

port

integer

Deprecated

Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.

Default: 443

provider

dictionary

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: 443

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

rib_filter_ipv4_bgp

string

IPv4 BGP route map

rib_filter_ipv4_ospf

string

IPv4 OSPF route map

rib_filter_ipv4_static

string

IPv4 static route map

rib_filter_ipv6_bgp

string

IPv6 BGP route map

rib_filter_ipv6_ospfv3

string

IPv6 OSPFv3 route map

rib_filter_ipv6_static

string

IPv6 static route map

state

string

The state.

Choices:

  • "present" ← (default)

  • "absent"

  • "replaced"

  • "merged"

  • "deleted"

  • "gathered"

template

string

(Panorama only) The template this operation should target. Mutually exclusive with template_stack.

template_stack

string

(Panorama only) The template stack this operation should target. Mutually exclusive with template.

username

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

Notes

Note

  • Checkmode is supported.

  • Panorama is supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

  • If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.

Examples

- name: Add ethernet1/1 to VRF "default" on logical router "default"
  paloaltonetworks.panos.panos_logical_router_vrf:
    provider: '{{ provider }}'
    logical_router: default
    name: default
    interfaces:
      - ethernet1/1

- name: Enable BGP
  paloaltonetworks.panos.panos_logical_router_vrf:
    provider: '{{ device }}'
    logical_router: default
    name: default
    bgp_enable: true
    bgp_router_id: 10.10.10.10
    bgp_local_as: 65500
    template: '{{ template | default(omit) }}'
  register: result

Authors

  • Adam Baumeister (@abaumeister)