bgp_element - BGP Elements for BGP configuratons

New in version 2.5.

Synopsis

  • BGP elements are the building blocks to building a BGP configuration on a layer 3 engine. Use this module to obtain available elements and their values.

Options

parameter required default choices comments
case_sensitive
 no True

Whether to do a case sensitive match on the filter specified
element
 yes

List of device hashes/dictionaries with custom configurations based on the element type

Valid elements include: ip_access_list, ip_prefix_list, ipv6_access_list, ipv6_prefix_list, as_path_access_list, community_access_list, extended_community_access_list, external_bgp_peer, bgp_peering, autonomous_system. See the example bgp_element.yaml for a full list of supported parameters per item. Also see smc python documentation for routing elements http://smc-python.readthedocs.io/en/latest/pages/reference.html#dynamic-routing-elements

exact_match
 no

Whether to do an exact match on the filter specified
filter
 no *

String value to match against when making query. Matches all if not specified. A filter will attempt to find a match in the name, primary key field or comment field of a given record.
limit
 no 10

Limit the number of results. Set to 0 to remove limit.
overwrite_existing
 no
  • yes
  • no

Overwrite existing will replace the contents of the Access List type with the values provided in the element configuration. Otherwise operations will be update_or_create, where an update will add new entries if they do not exist or fully create and add entries if the acl doesnt exist. To replace entries you should fully define the access list and set overwrite_existing to true.
smc_address
 no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath
 no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key
 no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version
 no

Optional API version to connect to. If none is provided, the latest SMC version API will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain
 no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args
 no
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
Dictionary object smc_extra_args
parameter required default choices comments
verify
 no True
  • yes
  • no
Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging
 no
Optionally enable SMC API logging to a file
Dictionary object smc_logging
parameter required default choices comments
path
 yes
Full path to the log file
level
 no
Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout
 no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT
state
 no present
  • present
  • absent

Create or delete a BGP Element. If state=absent, the element dict must have at least the type of element and name field as a valid value.

Examples

- name: Create all BGP element types
  register: result
  bgp_element:
    smc_logging:
      level: 10
      path: ansible-smc.log
    elements:
      - ip_access_list:
          name: myservice2
          comment: my ip acl without min and max prefix length
          entries:
            - subnet: 1.1.3.0/24
              action: permit
            - subnet: 2.2.2.0/24
              action: deny
      - ip_prefix_list:
          name: aprefix
          comment: prefix lists without min and max prefix
          entries:
            - subnet: 10.0.0.0/8
              action: deny
            - subnet: 192.16.2.0/24
              action: permit
      - ipv6_access_list:
          name: myipv6acl
          comment: an ipv6 acl
          entries:
            - subnet: '2001:db8:1::1/128'
              action: permit
      - ipv6_prefix_list:
          name: ipv6prefix
          entries:
            - subnet: 'ab00::/64'
              min_prefix_length: 65
              max_prefix_length: 128
              action: deny
      - as_path_access_list:
          name: mytestaccesslist
          comment: an as path
          entries:
            - expression: '123-456'
              action: permit
            - expression: '1234-567'
              action: deny
      - community_access_list:
          name: cmtyacl
          type: standard
          comment: my community
          entries:
            - community: '123'
              action: permit
            - community: '456'
              action: deny
      - extended_community_access_list:
          name: extcommacl
          type: standard
          comment: Some acl
          entries:
            - community: '123'
              action: permit
              type: rt
            - community: '456'
              action: deny
              type: soo
      - bgp_peering:
          name: extpeer
          comment: my peering
      - external_bgp_peer:
          name: mypeer666
          neighbor_as: myas123
          neighbor_ip: 12.12.12.12
          #neighbor_port: 179
          comment: mypeer
      - autonomous_system:
          name: myas123
          as_number: '123.123'
          comment: foo comment
    #state: absent
    #overwrite_existing: true

- name: Update an existing IP Access List and overwrite all entries
  register: result
  bgp_element:
    smc_logging:
      level: 10
      path: ansible-smc.log
    elements:
      - ip_access_list:
          name: myservice2
          comment: my ip acl
          entries:
            - subnet: 1.1.4.0/24
              action: permit
            - subnet: 2.2.2.0/24
              action: deny
      overwrite_existing: true

- name: Delete an IP Access List by name
  register: result
  bgp_element:
    smc_logging:
      level: 10
      path: ansible-smc.log
    elements:
      - ip_access_list:
          name: myservice2

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name description returned type sample
state
Full json definition of NGFW
 always list [{'action': 'created', 'type': 'ip_access_list', 'name': 'myservice2'}, {'action': 'modified', 'type': 'ip_access_list', 'name': 'myservice2'}, {'action': 'deleted', 'type': 'ip_access_list', 'name': 'myservice2'}]
changed
Whether or not the change succeeded
 always bool


Notes

Note

  • If a filter is not used in the query, this will return all results for the element type specified. The return data in this case will only contain the metadata for the element which will be name and type. To get detailed information about an element, use a filter. When using filters on network or service elements, the filter value will search the element fields, for example, you could use a filter of ‘1.1.1.1’ when searching for hosts and all hosts with this IP will be returned. The same applies for services. If you are unsure of the service name but know the port you require, your filter can be by port.

Author

  • David LePage (@gabstopper)

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.