| Parameter |
Choices/Defaults |
Comments |
|
config
dictionary
|
|
A dict of BGP global configuration for interfaces.
|
|
address_family
list
/ elements=dictionary
|
|
BGP address-family parameters.
|
|
|
afi
string
|
|
BGP address family settings.
|
|
|
aggregate_address
list
/ elements=dictionary
|
|
BGP aggregate network.
|
|
|
|
as_set
boolean
|
|
Generate AS-set path information for this aggregate address.
|
|
|
|
prefix
string
|
|
BGP aggregate network.
|
|
|
|
summary_only
boolean
|
|
Announce the aggregate summary network only.
|
|
|
networks
list
/ elements=dictionary
|
|
BGP network
|
|
|
|
backdoor
boolean
|
|
Network as a backdoor route.
|
|
|
|
path_limit
integer
|
|
AS path hop count limit
|
|
|
|
prefix
string
|
|
BGP network address
|
|
|
|
route_map
string
|
|
Route-map to modify route attributes
|
|
|
redistribute
list
/ elements=dictionary
|
|
Redistribute routes from other protocols into BGP
|
|
|
|
metric
integer
|
|
Metric for redistributed routes.
|
|
|
|
protocol
string
|
Choices:
- connected
- kernel
- ospf
- ospfv3
- rip
- ripng
- static
|
types of routes to be redistributed.
|
|
|
|
route_map
string
|
|
Route map to filter redistributed routes
|
|
|
|
table
string
|
|
Redistribute non-main Kernel Routing Table.
|
|
as_number
integer
|
|
AS number.
|
|
neighbors
list
/ elements=dictionary
|
|
BGP neighbor
|
|
|
address_family
list
/ elements=dictionary
|
|
address family.
|
|
|
|
afi
string
|
|
BGP neighbor parameters.
|
|
|
|
allowas_in
integer
|
|
Number of occurrences of AS number.
|
|
|
|
as_override
boolean
|
|
AS for routes sent to this neighbor to be the local AS.
|
|
|
|
attribute_unchanged
dictionary
|
|
BGP attributes are sent unchanged.
|
|
|
|
|
as_path
boolean
|
|
as_path attribute
|
|
|
|
|
med
boolean
|
|
med attribute
|
|
|
|
|
next_hop
boolean
|
|
next_hop attribute
|
|
|
|
capability
dictionary
|
|
Advertise capabilities to this neighbor.
|
|
|
|
|
dynamic
boolean
|
|
Advertise dynamic capability to this neighbor.
|
|
|
|
|
orf
string
|
|
Advertise ORF capability to this neighbor.
|
|
|
|
default_originate
string
|
|
Send default route to this neighbor
|
|
|
|
distribute_list
list
/ elements=dictionary
|
|
Access-list to filter route updates to/from this neighbor.
|
|
|
|
|
acl
integer
|
|
- Acess-list number.
+ Access-list number.
|
|
|
|
|
action
string
|
|
Access-list to filter outgoing/incoming route updates to this neighbor
|
|
|
|
filter_list
list
/ elements=dictionary
|
|
As-path-list to filter route updates to/from this neighbor.
|
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
|
path_list
string
|
|
As-path-list to filter
|
|
|
|
maximum_prefix
integer
|
|
Maximum number of prefixes to accept from this neighbor nexthop-self Nexthop for routes sent to this neighbor to be the local router.
|
|
|
|
nexthop_local
boolean
|
|
Nexthop attributes.
|
|
|
|
nexthop_self
boolean
|
|
Nexthop for routes sent to this neighbor to be the local router.
|
|
|
|
peer_group
string
|
|
IPv4 peer group for this peer
|
|
|
|
prefix_list
list
/ elements=dictionary
|
|
Prefix-list to filter route updates to/from this neighbor.
|
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
|
prefix_list
string
|
|
Prefix-list to filter
|
|
|
|
remove_private_as
boolean
|
|
Remove private AS numbers from AS path in outbound route updates
|
|
|
|
route_map
list
/ elements=dictionary
|
|
Route-map to filter route updates to/from this neighbor.
|
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
|
route_map
string
|
|
route-map to filter
|
|
|
|
route_reflector_client
boolean
|
|
Neighbor as a route reflector client
|
|
|
|
route_server_client
boolean
|
|
Neighbor is route server client
|
|
|
|
soft_reconfiguration
boolean
|
|
Soft reconfiguration for neighbor
|
|
|
|
unsupress_map
string
|
|
Route-map to selectively unsuppress suppressed routes
|
|
|
|
weight
integer
|
|
Default weight for routes from this neighbor
|
|
|
neighbor_address
string
|
|
BGP neighbor address (v4/v6).
|
|
running_config
string
|
|
This option is used only with state parsed.
The value of this option should be the output received from the IOS device by executing the command show configuration command | match bgp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
|
|
state
string
|
Choices:
merged ← - replaced
- deleted
- gathered
- parsed
- rendered
- purged
- overridden
|
The state the configuration should be left in.
|
| Parameter |
Choices/Defaults |
Comments |
|
config
dictionary
|
|
A dict of BGP global configuration for interfaces.
|
|
aggregate_address
list
/ elements=dictionary
|
|
BGP aggregate network.
|
|
|
as_set
boolean
|
|
Generate AS-set path information for this aggregate address.
|
|
|
prefix
string
|
|
BGP aggregate network.
|
|
|
summary_only
boolean
|
|
Announce the aggregate summary network only.
|
|
as_number
integer
|
|
AS number.
|
|
bgp_params
dictionary
|
|
BGP parameters
|
|
|
always_compare_med
boolean
|
|
Always compare MEDs from different neighbors
|
|
|
bestpath
dictionary
|
|
Default bestpath selection mechanism
|
|
|
|
as_path
string
|
|
AS-path attribute comparison parameters
|
|
|
|
compare_routerid
boolean
|
|
Compare the router-id for identical EBGP paths
|
|
|
|
med
string
|
Choices:
- confed
- missing-as-worst
|
MED attribute comparison parameters
|
|
|
cluster_id
string
|
|
Route-reflector cluster-id
|
|
|
confederation
list
/ elements=dictionary
|
|
AS confederation parameters
|
|
|
|
identifier
integer
|
|
Confederation AS identifier
|
|
|
|
peers
integer
|
|
Peer ASs in the BGP confederation
|
|
|
dampening
dictionary
|
|
Enable route-flap dampening
|
|
|
|
half_life
integer
|
|
Half-life penalty in seconds
|
|
|
|
max_suppress_time
integer
|
|
Maximum duration to suppress a stable route
|
|
|
|
re_use
integer
|
|
Time to start reusing a route
|
|
|
|
start_suppress_time
integer
|
|
When to start suppressing a route
|
|
|
default
dictionary
|
|
BGP defaults
|
|
|
|
local_pref
integer
|
|
Default local preference
|
|
|
|
no_ipv4_unicast
boolean
|
|
Deactivate IPv4 unicast for a peer by default
|
|
|
deterministic_med
boolean
|
|
Compare MEDs between different peers in the same AS
|
|
|
disable_network_import_check
boolean
|
|
Disable IGP route check for network statements
|
|
|
distance
list
/ elements=dictionary
|
|
- Administratives distances for BGP routes
+ Administrative distances for BGP routes
|
|
|
|
prefix
integer
|
|
Administrative distance for a specific BGP prefix
|
|
|
|
type
string
|
Choices:
- external
- internal
- local
|
Type of route
|
|
|
|
value
integer
|
|
distance
|
|
|
enforce_first_as
boolean
|
|
Require first AS in the path to match peer's AS
|
|
|
graceful_restart
integer
|
|
Maximum time to hold onto restarting peer's stale paths
|
|
|
log_neighbor_changes
boolean
|
|
Log neighbor up/down changes and reset reason
|
|
|
no_client_to_client_reflection
boolean
|
|
Disable client to client route reflection
|
|
|
no_fast_external_failover
boolean
|
|
- Disable immediate sesison reset if peer's connected link goes down
+ Disable immediate session reset if peer's connected link goes down
|
|
|
router_id
string
|
|
BGP router-id
|
|
|
scan_time
integer
|
|
BGP route scanner interval
|
|
maximum_paths
list
/ elements=dictionary
|
|
BGP multipaths
|
|
|
count
integer
|
|
No. of paths.
|
|
|
path
string
|
|
BGP multipaths
|
|
neighbor
list
/ elements=dictionary
|
|
BGP neighbor
|
|
|
address
string
|
|
BGP neighbor address (v4/v6).
|
|
|
advertisement_interval
integer
|
|
Minimum interval for sending routing updates.
|
|
|
allowas_in
integer
|
|
Number of occurrences of AS number.
|
|
|
as_override
boolean
|
|
AS for routes sent to this neighbor to be the local AS.
|
|
|
attribute_unchanged
dictionary
|
|
BGP attributes are sent unchanged.
|
|
|
|
as_path
boolean
|
|
as_path
|
|
|
|
med
boolean
|
|
med
|
|
|
|
next_hop
boolean
|
|
next_hop
|
|
|
capability
dictionary
|
|
Advertise capabilities to this neighbor.
|
|
|
|
dynamic
boolean
|
|
Advertise dynamic capability to this neighbor.
|
|
|
|
orf
string
|
|
Advertise ORF capability to this neighbor.
|
|
|
default_originate
string
|
|
Send default route to this neighbor
|
|
|
description
string
|
|
description text
|
|
|
disable_capability_negotiation
boolean
|
|
Disbale capability negotiation with the neighbor
|
|
|
disable_connected_check
boolean
|
|
Disable check to see if EBGP peer's address is a connected route.
|
|
|
disable_send_community
string
|
Choices:
- extended
- standard
|
Disable sending community attributes to this neighbor.
|
|
|
distribute_list
list
/ elements=dictionary
|
|
Access-list to filter route updates to/from this neighbor.
|
|
|
|
acl
integer
|
|
- Acess-list number.
+ Access-list number.
|
|
|
|
action
string
|
|
Access-list to filter outgoing/incoming route updates to this neighbor
|
|
|
ebgp_multihop
integer
|
|
Allow this EBGP neighbor to not be on a directly connected network. Specify the number hops.
|
|
|
filter_list
list
/ elements=dictionary
|
|
As-path-list to filter route updates to/from this neighbor.
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
path_list
string
|
|
As-path-list to filter
|
|
|
local_as
integer
|
|
local as number not to be prepended to updates from EBGP peers
|
|
|
maximum_prefix
integer
|
|
Maximum number of prefixes to accept from this neighbor nexthop-self Nexthop for routes sent to this neighbor to be the local router.
|
|
|
nexthop_self
boolean
|
|
Nexthop for routes sent to this neighbor to be the local router.
|
|
|
override_capability
boolean
|
|
Ignore capability negotiation with specified neighbor.
|
|
|
passive
boolean
|
|
Do not initiate a session with this neighbor
|
|
|
password
string
|
|
BGP MD5 password
|
|
|
peer_group
boolean
|
|
- True if all the configs unde this neighbor key is for peer group template.
+ True if all the configs under this neighbor key is for peer group template.
|
|
|
peer_group_name
string
|
|
IPv4 peer group for this peer
|
|
|
port
integer
|
|
Neighbor's BGP port
|
|
|
prefix_list
list
/ elements=dictionary
|
|
Prefix-list to filter route updates to/from this neighbor.
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
prefix_list
string
|
|
Prefix-list to filter
|
|
|
remote_as
integer
|
|
Neighbor BGP AS number
|
|
|
remove_private_as
boolean
|
|
Remove private AS numbers from AS path in outbound route updates
|
|
|
route_map
list
/ elements=dictionary
|
|
Route-map to filter route updates to/from this neighbor.
|
|
|
|
action
string
|
|
filter outgoing/incoming route updates
|
|
|
|
route_map
string
|
|
route-map to filter
|
|
|
route_reflector_client
boolean
|
|
Neighbor as a route reflector client
|
|
|
route_server_client
boolean
|
|
Neighbor is route server client
|
|
|
shutdown
boolean
|
|
Administratively shut down neighbor
|
|
|
soft_reconfiguration
boolean
|
|
Soft reconfiguration for neighbor
|
|
|
strict_capability_match
boolean
|
|
Enable strict capability negotiation
|
|
|
timers
dictionary
|
|
Neighbor timers
|
|
|
|
connect
integer
|
|
BGP connect timer for this neighbor.
|
|
|
|
holdtime
integer
|
|
BGP hold timer for this neighbor
|
|
|
|
keepalive
integer
|
|
BGP keepalive interval for this neighbor
|
|
|
ttl_security
integer
|
|
Ttl security mechanism for this BGP peer
|
|
|
unsuppress_map
string
|
|
Route-map to selectively unsuppress suppressed routes
|
|
|
update_source
string
|
|
Source IP of routing updates
|
|
|
weight
integer
|
|
Default weight for routes from this neighbor
|
|
network
list
/ elements=dictionary
|
|
BGP network
|
|
|
address
string
|
|
BGP network address
|
|
|
backdoor
boolean
|
|
Network as a backdoor route
|
|
|
route_map
string
|
|
Route-map to modify route attributes
|
|
redistribute
list
/ elements=dictionary
|
|
Redistribute routes from other protocols into BGP
|
|
|
metric
integer
|
|
Metric for redistributed routes.
|
|
|
protocol
string
|
Choices:
- connected
- kernel
- ospf
- rip
- static
|
types of routes to be redistributed.
|
|
|
route_map
string
|
|
Route map to filter redistributed routes
|
|
timers
dictionary
|
|
BGP protocol timers
|
|
|
holdtime
integer
|
|
Hold time interval
|
|
|
keepalive
integer
|
|
Keepalive interval
|
|
running_config
string
|
|
This option is used only with state parsed.
The value of this option should be the output received from the EOS device by executing the command show running-config | section bgp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
|
|
state
string
|
Choices:
- deleted
merged ← - purged
- replaced
- gathered
- rendered
- parsed
|
The state the configuration should be left in.
State purged removes all the BGP configurations from the target device. Use caution with this state.('delete protocols bgp <x>')
State deleted only removes BGP attributes that this modules manages and does not negate the BGP process completely. Thereby, preserving address-family related configurations under BGP context.
Running states deleted and replaced will result in an error if there are address-family configuration lines present under neighbor context that is is to be removed. Please use the vyos.vyos.vyos_bgp_address_family module for prior cleanup.
Refer to examples for more details.
|
| Parameter |
Choices/Defaults |
Comments |
|
config
dictionary
|
|
A dictionary of Firewall global configuration options.
|
|
config_trap
boolean
|
|
SNMP trap generation on firewall configuration changes.
|
|
group
dictionary
|
|
Defines a group of objects for referencing in firewall rules.
|
|
|
address_group
list
/ elements=dictionary
|
|
Defines a group of IP addresses for referencing in firewall rules.
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the address group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Address-group members.
IPv4 address to match.
IPv4 range to match.
|
|
|
|
|
address
string
|
|
IP address.
|
|
|
|
name
string
/ required
|
|
Name of the firewall address group.
|
|
|
network_group
list
/ elements=dictionary
|
|
Defines a group of networks for referencing in firewall rules.
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the network group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Adds an IPv4 network to the specified network group.
The format is ip-address/prefix.
|
|
|
|
|
address
string
|
|
IP address.
|
|
|
|
name
string
/ required
|
|
Name of the firewall network group.
|
|
|
port_group
list
/ elements=dictionary
|
|
Defines a group of ports for referencing in firewall rules.
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the port group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Port-group member.
|
|
|
|
|
port
string
|
|
Defines the number.
|
|
|
|
name
string
/ required
|
|
Name of the firewall port group.
|
|
log_martians
boolean
|
|
Specifies whether or not to record packets with invalid addresses in the log.
(True) Logs packets with invalid addresses.
(False) Does not log packets with invalid addresses.
|
|
ping
dictionary
|
|
Policy for handling of all IPv4 ICMP echo requests.
|
|
|
all
boolean
|
|
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
The system responds to IPv4 ICMP Echo Request messages.
|
|
|
broadcast
boolean
|
|
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
IPv4 ICMP Echo and Timestamp Request messages are not processed.
|
|
route_redirects
list
/ elements=dictionary
|
|
-A dictionary of Firewall icmp redirect and source route global configuration options.
|
|
|
afi
string
/ required
|
|
Specifies IP address type
|
|
|
icmp_redirects
dictionary
|
|
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
|
|
|
|
receive
boolean
|
|
Permits or denies receiving packets ICMP redirect messages.
|
|
|
|
send
boolean
|
|
Permits or denies transmitting packets ICMP redirect messages.
|
|
|
ip_src_route
boolean
|
|
Specifies whether or not to process source route IP options.
|
|
state_policy
list
/ elements=dictionary
|
|
Specifies global firewall state-policy.
|
|
|
action
string
|
Choices:
- accept
- drop
- reject
|
Action for packets part of an established connection.
|
|
|
connection_type
string
|
Choices:
- established
- invalid
- related
|
Specifies connection type.
|
|
|
log
boolean
|
|
Enable logging of packets part of an established connection.
|
|
syn_cookies
boolean
|
|
Specifies policy for using TCP SYN cookies with IPv4.
(True) Enables TCP SYN cookies with IPv4.
(False) Disables TCP SYN cookies with IPv4.
|
|
twa_hazards_protection
boolean
|
|
- RFC1337 TCP TIME-WAIT assasination hazards protection.
+ RFC1337 TCP TIME-WAIT assassination hazards protection.
|
|
validation
string
|
Choices:
- strict
- loose
- disable
|
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
(disable) No source validation is performed.
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
|
|
running_config
string
|
|
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
|
|
state
string
|
Choices:
merged ← - replaced
- deleted
- gathered
- rendered
- parsed
|
The state the configuration should be left in.
|