fortinet.fortios.fortios_router_bgp module – Configure BGP in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.3.4).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_router_bgp
.
New in fortinet.fortios 2.0.0
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bgp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.14
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Configure BGP. |
|
Enable/disable selection of BGP IPv4 additional paths. Choices:
|
|
Enable/disable selection of BGP IPv6 additional paths. Choices:
|
|
Number of additional paths to be selected for each IPv4 NLRI. |
|
Number of additional paths to be selected for each IPv6 NLRI. |
|
Number of additional paths to be selected for each VPNv4 NLRI. |
|
Enable/disable selection of BGP VPNv4 additional paths. Choices:
|
|
Administrative distance modifications. |
|
Administrative distance to apply (1 - 255). |
|
ID. see <a href=’#notes’>Notes</a>. |
|
Neighbor address prefix. |
|
Access list of routes to apply new distance to. Source router.access-list.name. |
|
BGP aggregate address table. |
|
Enable/disable generate AS set path information. Choices:
|
|
ID. see <a href=’#notes’>Notes</a>. |
|
Aggregate prefix. |
|
Enable/disable filter more specific routes from updates. Choices:
|
|
BGP IPv6 aggregate address table. |
|
Enable/disable generate AS set path information. Choices:
|
|
ID. see <a href=’#notes’>Notes</a>. |
|
Aggregate IPv6 prefix. |
|
Enable/disable filter more specific routes from updates. Choices:
|
|
Enable/disable always compare MED. Choices:
|
|
Router AS number, asplain/asdot/asdot+ format, 0 to disable BGP. |
|
Enable/disable ignore AS path. Choices:
|
|
Enable/disable compare federation AS path length. Choices:
|
|
Enable/disable compare router ID for identical EBGP paths. Choices:
|
|
Enable/disable compare MED among confederation paths. Choices:
|
|
Enable/disable treat missing MED as least preferred. Choices:
|
|
Enable/disable client-to-client route reflection. Choices:
|
|
Route reflector cluster ID. |
|
Confederation identifier. |
|
Confederation peers. |
|
Peer ID. |
|
Enable/disable cross address family conditional advertisement. Choices:
|
|
Enable/disable route-flap dampening. Choices:
|
|
Maximum minutes a route can be suppressed. |
|
Reachability half-life time for penalty (min). |
|
Threshold to reuse routes. |
|
Criteria for dampening. Source router.route-map.name. |
|
Threshold to suppress routes. |
|
Unreachability half-life time for penalty (min). |
|
Default local preference. |
|
Enable/disable enforce deterministic comparison of MED. Choices:
|
|
Distance for routes external to the AS. |
|
Distance for routes internal to the AS. |
|
Distance for routes local to the AS. |
|
Enable/disable EBGP multi-path. Choices:
|
|
Enable/disable enforce first AS for EBGP routes. Choices:
|
|
Enable/disable reset peer BGP session if link goes down. Choices:
|
|
Enable/disable to exit graceful restart on timer only. Choices:
|
|
Enable/disable BGP graceful restart capabilities. Choices:
|
|
Time needed for neighbors to restart (sec). |
|
Time to hold stale paths of restarting neighbor (sec). |
|
Route advertisement/selection delay after restart (sec). |
|
Number of seconds to mark peer as dead. |
|
Enable/disable IBGP multi-path. Choices:
|
|
Do not send unknown optional capability notification message. Choices:
|
|
Frequency to send keep alive requests. |
|
Log BGP neighbor changes. Choices:
|
|
Enable/disable use of recursive distance to select multipath. Choices:
|
|
BGP neighbor table. |
|
Enable/disable address family IPv4 for this neighbor. Choices:
|
|
Enable/disable address family IPv6 for this neighbor. Choices:
|
|
Enable/disable address family L2VPN EVPN for this neighbor. Choices:
|
|
Enable/disable address family VPNv4 for this neighbor. Choices:
|
|
Enable/disable IPv4 additional-path capability. Choices:
|
|
Enable/disable IPv6 additional-path capability. Choices:
|
|
Enable/disable VPNv4 additional-path capability. Choices:
|
|
Number of IPv4 additional paths that can be advertised to this neighbor. |
|
Number of IPv6 additional paths that can be advertised to this neighbor. |
|
Number of VPNv4 additional paths that can be advertised to this neighbor. |
|
Minimum interval (sec) between sending updates. |
|
IPv4 The maximum number of occurrence of my AS number allowed. |
|
IPv6 The maximum number of occurrence of my AS number allowed. |
|
Enable/disable IPv4 Enable to allow my AS in AS path. Choices:
|
|
Enable/disable IPv6 Enable to allow my AS in AS path. Choices:
|
|
Enable/disable to allow my AS in AS path for L2VPN EVPN route. Choices:
|
|
Enable/disable to allow my AS in AS path for VPNv4 route. Choices:
|
|
The maximum number of occurrence of my AS number allowed for L2VPN EVPN route. |
|
The maximum number of occurrence of my AS number allowed for VPNv4 route. |
|
Enable/disable replace peer AS with own AS for IPv4. Choices:
|
|
Enable/disable replace peer AS with own AS for IPv6. Choices:
|
|
IPv4 List of attributes that should be unchanged. Choices:
|
|
IPv6 List of attributes that should be unchanged. Choices:
|
|
List of attributes that should be unchanged for VPNv4 route. Choices:
|
|
Enable/disable BFD for this neighbor. Choices:
|
|
Enable/disable advertise default IPv4 route to this neighbor. Choices:
|
|
Enable/disable advertise default IPv6 route to this neighbor. Choices:
|
|
Enable/disable advertise dynamic capability to this neighbor. Choices:
|
|
Enable/disable advertise IPv4 graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertise IPv6 graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertisement of L2VPN EVPN graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertise VPNv4 graceful restart capability to this neighbor. Choices:
|
|
Accept/Send IPv4 ORF lists to/from this neighbor. Choices:
|
|
Accept/Send IPv6 ORF lists to/from this neighbor. Choices:
|
|
Enable/disable advertise route refresh capability to this neighbor. Choices:
|
|
Conditional advertisement. |
|
Name of advertising route map. Source router.route-map.name. |
|
List of conditional route maps. Source router.route-map.name. |
|
Route map. Source router.route-map.name. |
|
Type of condition. Choices:
|
|
IPv6 conditional advertisement. |
|
Name of advertising route map. Source router.route-map.name. |
|
List of conditional route maps. Source router.route-map.name. |
|
Route map. Source router.route-map.name. |
|
Type of condition. Choices:
|
|
Interval (sec) for connect timer. |
|
Route map to specify criteria to originate IPv4 default. Source router.route-map.name. |
|
Route map to specify criteria to originate IPv6 default. Source router.route-map.name. |
|
Description. |
|
Filter for IPv4 updates from this neighbor. Source router.access-list.name. |
|
Filter for IPv6 updates from this neighbor. Source router.access-list6.name. |
|
Filter for VPNv4 updates from this neighbor. Source router.access-list.name. |
|
Filter for IPv4 updates to this neighbor. Source router.access-list.name. |
|
Filter for IPv6 updates to this neighbor. Source router.access-list6.name. |
|
Filter for VPNv4 updates to this neighbor. Source router.access-list.name. |
|
Do not negotiate capabilities with this neighbor. Choices:
|
|
Enable/disable allow multi-hop EBGP neighbors. Choices:
|
|
EBGP multihop TTL for this peer. |
|
BGP filter for IPv4 inbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv6 inbound routes. Source router.aspath-list.name. |
|
BGP filter for VPNv4 inbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv4 outbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv6 outbound routes. Source router.aspath-list.name. |
|
BGP filter for VPNv4 outbound routes. Source router.aspath-list.name. |
|
Interval (sec) before peer considered dead. |
|
Specify outgoing interface for peer connection. For IPv6 peer, the interface should have link-local address. Source system .interface.name. |
|
IP/IPv6 address of neighbor. |
|
Keep alive timer interval (sec). |
|
Enable/disable failover upon link down. Choices:
|
|
Local AS number of neighbor. |
|
Do not prepend local-as to incoming updates. Choices:
|
|
Replace real AS with local-as in outgoing updates. Choices:
|
|
Maximum number of IPv4 prefixes to accept from this peer. |
|
Maximum number of IPv6 prefixes to accept from this peer. |
|
Maximum number of L2VPN EVPN prefixes to accept from this peer. |
|
Maximum IPv4 prefix threshold value (1 - 100 percent). |
|
Maximum IPv6 prefix threshold value (1 - 100 percent). |
|
Maximum L2VPN EVPN prefix threshold value (1 - 100 percent). |
|
Maximum VPNv4 prefix threshold value (1 - 100 percent). |
|
Maximum number of VPNv4 prefixes to accept from this peer. |
|
Enable/disable IPv4 Only give warning message when limit is exceeded. Choices:
|
|
Enable/disable IPv6 Only give warning message when limit is exceeded. Choices:
|
|
Enable/disable only sending warning message when exceeding limit of L2VPN EVPN routes. Choices:
|
|
Enable/disable only giving warning message when limit is exceeded for VPNv4 routes. Choices:
|
|
Enable/disable IPv4 next-hop calculation for this neighbor. Choices:
|
|
Enable/disable IPv6 next-hop calculation for this neighbor. Choices:
|
|
Enable/disable setting nexthop”s address to interface”s IPv4 address for route-reflector routes. Choices:
|
|
Enable/disable setting nexthop”s address to interface”s IPv6 address for route-reflector routes. Choices:
|
|
Enable/disable setting VPNv4 next-hop to interface”s IP address for this neighbor. Choices:
|
|
Enable/disable override result of capability negotiation. Choices:
|
|
Enable/disable sending of open messages to this neighbor. Choices:
|
|
Password used in MD5 authentication. |
|
IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. |
|
IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. |
|
Inbound filter for VPNv4 updates from this neighbor. Source router.prefix-list.name. |
|
IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. |
|
IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. |
|
Outbound filter for VPNv4 updates to this neighbor. Source router.prefix-list.name. |
|
AS number of neighbor. |
|
Enable/disable remove private AS number from IPv4 outbound updates. Choices:
|
|
Enable/disable remove private AS number from IPv6 outbound updates. Choices:
|
|
Enable/disable removing private AS number from L2VPN EVPN outbound updates. Choices:
|
|
Enable/disable remove private AS number from VPNv4 outbound updates. Choices:
|
|
Graceful restart delay time (sec, 0 = global default). |
|
Time to retain stale routes. |
|
IPv4 Inbound route map filter. Source router.route-map.name. |
|
IPv6 Inbound route map filter. Source router.route-map.name. |
|
L2VPN EVPN inbound route map filter. Source router.route-map.name. |
|
VPNv4 inbound route map filter. Source router.route-map.name. |
|
IPv4 outbound route map filter. Source router.route-map.name. |
|
IPv6 Outbound route map filter. Source router.route-map.name. |
|
IPv6 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
L2VPN EVPN outbound route map filter. Source router.route-map.name. |
|
IPv4 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
VPNv4 outbound route map filter. Source router.route-map.name. |
|
VPNv4 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
Enable/disable IPv4 AS route reflector client. Choices:
|
|
Enable/disable IPv6 AS route reflector client. Choices:
|
|
Enable/disable L2VPN EVPN AS route reflector client for this neighbor. Choices:
|
|
Enable/disable VPNv4 AS route reflector client for this neighbor. Choices:
|
|
Enable/disable IPv4 AS route server client. Choices:
|
|
Enable/disable IPv6 AS route server client. Choices:
|
|
Enable/disable L2VPN EVPN AS route server client for this neighbor. Choices:
|
|
Enable/disable VPNv4 AS route server client for this neighbor. Choices:
|
|
IPv4 Send community attribute to neighbor. Choices:
|
|
IPv6 Send community attribute to neighbor. Choices:
|
|
Enable/disable sending community attribute to neighbor for L2VPN EVPN address family. Choices:
|
|
Send community attribute to neighbor for VPNv4 address family. Choices:
|
|
Enable/disable shutdown this neighbor. Choices:
|
|
Enable/disable allow IPv4 inbound soft reconfiguration. Choices:
|
|
Enable/disable allow IPv6 inbound soft reconfiguration. Choices:
|
|
Enable/disable L2VPN EVPN inbound soft reconfiguration. Choices:
|
|
Enable/disable allow VPNv4 inbound soft reconfiguration. Choices:
|
|
Enable/disable stale route after neighbor down. Choices:
|
|
Enable/disable strict capability matching. Choices:
|
|
IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. |
|
IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. |
|
Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. |
|
Neighbor weight. |
|
BGP neighbor group table. |
|
Enable/disable address family IPv4 for this neighbor. Choices:
|
|
Enable/disable address family IPv6 for this neighbor. Choices:
|
|
Enable/disable address family L2VPN EVPN for this neighbor. Choices:
|
|
Enable/disable address family VPNv4 for this neighbor. Choices:
|
|
Enable/disable IPv4 additional-path capability. Choices:
|
|
Enable/disable IPv6 additional-path capability. Choices:
|
|
Enable/disable VPNv4 additional-path capability. Choices:
|
|
Number of IPv4 additional paths that can be advertised to this neighbor. |
|
Number of IPv6 additional paths that can be advertised to this neighbor. |
|
Number of VPNv4 additional paths that can be advertised to this neighbor. |
|
Minimum interval (sec) between sending updates. |
|
IPv4 The maximum number of occurrence of my AS number allowed. |
|
IPv6 The maximum number of occurrence of my AS number allowed. |
|
Enable/disable IPv4 Enable to allow my AS in AS path. Choices:
|
|
Enable/disable IPv6 Enable to allow my AS in AS path. Choices:
|
|
Enable/disable to allow my AS in AS path for L2VPN EVPN route. Choices:
|
|
Enable/disable to allow my AS in AS path for VPNv4 route. Choices:
|
|
The maximum number of occurrence of my AS number allowed for L2VPN EVPN route. |
|
The maximum number of occurrence of my AS number allowed for VPNv4 route. |
|
Enable/disable replace peer AS with own AS for IPv4. Choices:
|
|
Enable/disable replace peer AS with own AS for IPv6. Choices:
|
|
IPv4 List of attributes that should be unchanged. Choices:
|
|
IPv6 List of attributes that should be unchanged. Choices:
|
|
List of attributes that should be unchanged for VPNv4 route. Choices:
|
|
Enable/disable BFD for this neighbor. Choices:
|
|
Enable/disable advertise default IPv4 route to this neighbor. Choices:
|
|
Enable/disable advertise default IPv6 route to this neighbor. Choices:
|
|
Enable/disable advertise dynamic capability to this neighbor. Choices:
|
|
Enable/disable advertise IPv4 graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertise IPv6 graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertisement of L2VPN EVPN graceful restart capability to this neighbor. Choices:
|
|
Enable/disable advertise VPNv4 graceful restart capability to this neighbor. Choices:
|
|
Accept/Send IPv4 ORF lists to/from this neighbor. Choices:
|
|
Accept/Send IPv6 ORF lists to/from this neighbor. Choices:
|
|
Enable/disable advertise route refresh capability to this neighbor. Choices:
|
|
Interval (sec) for connect timer. |
|
Route map to specify criteria to originate IPv4 default. Source router.route-map.name. |
|
Route map to specify criteria to originate IPv6 default. Source router.route-map.name. |
|
Description. |
|
Filter for IPv4 updates from this neighbor. Source router.access-list.name. |
|
Filter for IPv6 updates from this neighbor. Source router.access-list6.name. |
|
Filter for VPNv4 updates from this neighbor. Source router.access-list.name. |
|
Filter for IPv4 updates to this neighbor. Source router.access-list.name. |
|
Filter for IPv6 updates to this neighbor. Source router.access-list6.name. |
|
Filter for VPNv4 updates to this neighbor. Source router.access-list.name. |
|
Do not negotiate capabilities with this neighbor. Choices:
|
|
Enable/disable allow multi-hop EBGP neighbors. Choices:
|
|
EBGP multihop TTL for this peer. |
|
BGP filter for IPv4 inbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv6 inbound routes. Source router.aspath-list.name. |
|
BGP filter for VPNv4 inbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv4 outbound routes. Source router.aspath-list.name. |
|
BGP filter for IPv6 outbound routes. Source router.aspath-list.name. |
|
BGP filter for VPNv4 outbound routes. Source router.aspath-list.name. |
|
Interval (sec) before peer considered dead. |
|
Specify outgoing interface for peer connection. For IPv6 peer, the interface should have link-local address. Source system .interface.name. |
|
Keep alive timer interval (sec). |
|
Enable/disable failover upon link down. Choices:
|
|
Local AS number of neighbor. |
|
Do not prepend local-as to incoming updates. Choices:
|
|
Replace real AS with local-as in outgoing updates. Choices:
|
|
Maximum number of IPv4 prefixes to accept from this peer. |
|
Maximum number of IPv6 prefixes to accept from this peer. |
|
Maximum number of L2VPN EVPN prefixes to accept from this peer. |
|
Maximum IPv4 prefix threshold value (1 - 100 percent). |
|
Maximum IPv6 prefix threshold value (1 - 100 percent). |
|
Maximum L2VPN EVPN prefix threshold value (1 - 100 percent). |
|
Maximum VPNv4 prefix threshold value (1 - 100 percent). |
|
Maximum number of VPNv4 prefixes to accept from this peer. |
|
Enable/disable IPv4 Only give warning message when limit is exceeded. Choices:
|
|
Enable/disable IPv6 Only give warning message when limit is exceeded. Choices:
|
|
Enable/disable only sending warning message when exceeding limit of L2VPN EVPN routes. Choices:
|
|
Enable/disable only giving warning message when limit is exceeded for VPNv4 routes. Choices:
|
|
Neighbor group name. |
|
Enable/disable IPv4 next-hop calculation for this neighbor. Choices:
|
|
Enable/disable IPv6 next-hop calculation for this neighbor. Choices:
|
|
Enable/disable setting nexthop”s address to interface”s IPv4 address for route-reflector routes. Choices:
|
|
Enable/disable setting nexthop”s address to interface”s IPv6 address for route-reflector routes. Choices:
|
|
Enable/disable setting VPNv4 next-hop to interface”s IP address for this neighbor. Choices:
|
|
Enable/disable override result of capability negotiation. Choices:
|
|
Enable/disable sending of open messages to this neighbor. Choices:
|
|
Password used in MD5 authentication. |
|
IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. |
|
IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. |
|
Inbound filter for VPNv4 updates from this neighbor. Source router.prefix-list.name. |
|
IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. |
|
IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. |
|
Outbound filter for VPNv4 updates to this neighbor. Source router.prefix-list.name. |
|
AS number of neighbor. |
|
Enable/disable remove private AS number from IPv4 outbound updates. Choices:
|
|
Enable/disable remove private AS number from IPv6 outbound updates. Choices:
|
|
Enable/disable removing private AS number from L2VPN EVPN outbound updates. Choices:
|
|
Enable/disable remove private AS number from VPNv4 outbound updates. Choices:
|
|
Graceful restart delay time (sec, 0 = global default). |
|
Time to retain stale routes. |
|
IPv4 Inbound route map filter. Source router.route-map.name. |
|
IPv6 Inbound route map filter. Source router.route-map.name. |
|
L2VPN EVPN inbound route map filter. Source router.route-map.name. |
|
VPNv4 inbound route map filter. Source router.route-map.name. |
|
IPv4 outbound route map filter. Source router.route-map.name. |
|
IPv6 Outbound route map filter. Source router.route-map.name. |
|
IPv6 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
L2VPN EVPN outbound route map filter. Source router.route-map.name. |
|
IPv4 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
VPNv4 outbound route map filter. Source router.route-map.name. |
|
VPNv4 outbound route map filter if the peer is preferred. Source router.route-map.name. |
|
Enable/disable IPv4 AS route reflector client. Choices:
|
|
Enable/disable IPv6 AS route reflector client. Choices:
|
|
Enable/disable L2VPN EVPN AS route reflector client for this neighbor. Choices:
|
|
Enable/disable VPNv4 AS route reflector client for this neighbor. Choices:
|
|
Enable/disable IPv4 AS route server client. Choices:
|
|
Enable/disable IPv6 AS route server client. Choices:
|
|
Enable/disable L2VPN EVPN AS route server client for this neighbor. Choices:
|
|
Enable/disable VPNv4 AS route server client for this neighbor. Choices:
|
|
IPv4 Send community attribute to neighbor. Choices:
|
|
IPv6 Send community attribute to neighbor. Choices:
|
|
Enable/disable sending community attribute to neighbor for L2VPN EVPN address family. Choices:
|
|
Send community attribute to neighbor for VPNv4 address family. Choices:
|
|
Enable/disable shutdown this neighbor. Choices:
|
|
Enable/disable allow IPv4 inbound soft reconfiguration. Choices:
|
|
Enable/disable allow IPv6 inbound soft reconfiguration. Choices:
|
|
Enable/disable L2VPN EVPN inbound soft reconfiguration. Choices:
|
|
Enable/disable allow VPNv4 inbound soft reconfiguration. Choices:
|
|
Enable/disable stale route after neighbor down. Choices:
|
|
Enable/disable strict capability matching. Choices:
|
|
IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. |
|
IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. |
|
Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. |
|
Neighbor weight. |
|
BGP neighbor range table. |
|
Neighbor range ID. see <a href=’#notes’>Notes</a>. |
|
Maximum number of neighbors. |
|
Neighbor group name. Source router.bgp.neighbor-group.name. |
|
Neighbor range prefix. |
|
BGP IPv6 neighbor range table. |
|
IPv6 neighbor range ID. see <a href=’#notes’>Notes</a>. |
|
Maximum number of neighbors. |
|
Neighbor group name. Source router.bgp.neighbor-group.name. |
|
IPv6 prefix. |
|
BGP network table. |
|
Enable/disable route as backdoor. Choices:
|
|
ID. see <a href=’#notes’>Notes</a>. |
|
Configure insurance of BGP network route existence in IGP. Choices:
|
|
Network prefix. |
|
Route map to modify generated route. Source router.route-map.name. |
|
BGP IPv6 network table. |
|
Enable/disable route as backdoor. Choices:
|
|
ID. see <a href=’#notes’>Notes</a>. |
|
Configure insurance of BGP network route existence in IGP. Choices:
|
|
Network IPv6 prefix. |
|
Route map to modify generated route. Source router.route-map.name. |
|
Enable/disable ensure BGP network route exists in IGP. Choices:
|
|
Enable/disable priority inheritance for recursive resolution. Choices:
|
|
Enable/disable recursive resolution of next-hop using BGP route. Choices:
|
|
BGP IPv4 redistribute table. |
|
Distribute list entry name. |
|
Route map name. Source router.route-map.name. |
|
Status. Choices:
|
|
BGP IPv6 redistribute table. |
|
Distribute list entry name. |
|
Route map name. Source router.route-map.name. |
|
Status. Choices:
|
|
Router ID. |
|
Background scanner interval (sec), 0 to disable it. |
|
Enable/disable only advertise routes from iBGP if routes present in an IGP. Choices:
|
|
Configure tag-match mode. Resolves BGP routes with other routes containing the same tag. Choices:
|
|
BGP VRF leaking table. |
|
List of export route target. |
|
Attribute: AA:NN|A.B.C.D:NN. |
|
Import route map. Source router.route-map.name. |
|
List of import route target. |
|
Attribute: AA:NN|A.B.C.D:NN |
|
Target VRF table. |
|
Interface which is used to leak routes to target VRF. Source system.interface.name. |
|
Route map of VRF leaking. Source router.route-map.name. |
|
Target VRF ID (0 - 251). |
|
Route Distinguisher: AA:NN|A.B.C.D:NN. |
|
VRF role. Choices:
|
|
Origin VRF ID (0 - 251). |
|
BGP IPv6 VRF leaking table. |
|
Target VRF table. |
|
Interface which is used to leak routes to target VRF. Source system.interface.name. |
|
Route map of VRF leaking. Source router.route-map.name. |
|
Target VRF ID (0 - 251). |
|
Origin VRF ID (0 - 251). |
|
BGP VRF leaking table. |
|
Target VRF table. |
|
Interface which is used to leak routes to target VRF. Source system.interface.name. |
|
Route map of VRF leaking. Source router.route-map.name. |
|
Target VRF ID (0 - 31). |
|
Origin VRF ID (0 - 31). |
|
BGP IPv6 VRF leaking table. |
|
Target VRF table. |
|
Interface which is used to leak routes to target VRF. Source system.interface.name. |
|
Route map of VRF leaking. Source router.route-map.name. |
|
Target VRF ID (0 - 31). |
|
Origin VRF ID (0 - 31). |
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure BGP.
fortios_router_bgp:
vdom: "{{ vdom }}"
router_bgp:
additional_path: "enable"
additional_path_select: "2"
additional_path_select_vpnv4: "2"
additional_path_select6: "2"
additional_path_vpnv4: "enable"
additional_path6: "enable"
admin_distance:
-
distance: "0"
id: "11"
neighbour_prefix: "<your_own_value>"
route_list: "<your_own_value> (source router.access-list.name)"
aggregate_address:
-
as_set: "enable"
id: "16"
prefix: "<your_own_value>"
summary_only: "enable"
aggregate_address6:
-
as_set: "enable"
id: "21"
prefix6: "<your_own_value>"
summary_only: "enable"
always_compare_med: "enable"
as: "<your_own_value>"
bestpath_as_path_ignore: "enable"
bestpath_cmp_confed_aspath: "enable"
bestpath_cmp_routerid: "enable"
bestpath_med_confed: "enable"
bestpath_med_missing_as_worst: "enable"
client_to_client_reflection: "enable"
cluster_id: "<your_own_value>"
confederation_identifier: "0"
confederation_peers:
-
peer: "<your_own_value>"
cross_family_conditional_adv: "enable"
dampening: "enable"
dampening_max_suppress_time: "60"
dampening_reachability_half_life: "15"
dampening_reuse: "750"
dampening_route_map: "<your_own_value> (source router.route-map.name)"
dampening_suppress: "2000"
dampening_unreachability_half_life: "15"
default_local_preference: "100"
deterministic_med: "enable"
distance_external: "20"
distance_internal: "200"
distance_local: "200"
ebgp_multipath: "enable"
enforce_first_as: "enable"
fast_external_failover: "enable"
graceful_end_on_timer: "enable"
graceful_restart: "enable"
graceful_restart_time: "120"
graceful_stalepath_time: "360"
graceful_update_delay: "120"
holdtime_timer: "180"
ibgp_multipath: "enable"
ignore_optional_capability: "enable"
keepalive_timer: "60"
log_neighbour_changes: "enable"
multipath_recursive_distance: "enable"
neighbor:
-
activate: "enable"
activate_evpn: "enable"
activate_vpnv4: "enable"
activate6: "enable"
additional_path: "send"
additional_path_vpnv4: "send"
additional_path6: "send"
adv_additional_path: "2"
adv_additional_path_vpnv4: "2"
adv_additional_path6: "2"
advertisement_interval: "30"
allowas_in: "3"
allowas_in_enable: "enable"
allowas_in_enable_evpn: "enable"
allowas_in_enable_vpnv4: "enable"
allowas_in_enable6: "enable"
allowas_in_evpn: "3"
allowas_in_vpnv4: "3"
allowas_in6: "3"
as_override: "enable"
as_override6: "enable"
attribute_unchanged: "as-path"
attribute_unchanged_vpnv4: "as-path"
attribute_unchanged6: "as-path"
bfd: "enable"
capability_default_originate: "enable"
capability_default_originate6: "enable"
capability_dynamic: "enable"
capability_graceful_restart: "enable"
capability_graceful_restart_evpn: "enable"
capability_graceful_restart_vpnv4: "enable"
capability_graceful_restart6: "enable"
capability_orf: "none"
capability_orf6: "none"
capability_route_refresh: "enable"
conditional_advertise:
-
advertise_routemap: "<your_own_value> (source router.route-map.name)"
condition_routemap:
-
name: "default_name_102 (source router.route-map.name)"
condition_type: "exist"
conditional_advertise6:
-
advertise_routemap: "<your_own_value> (source router.route-map.name)"
condition_routemap:
-
name: "default_name_107 (source router.route-map.name)"
condition_type: "exist"
connect_timer: "4294967295"
default_originate_routemap: "<your_own_value> (source router.route-map.name)"
default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
description: "<your_own_value>"
distribute_list_in: "<your_own_value> (source router.access-list.name)"
distribute_list_in_vpnv4: "<your_own_value> (source router.access-list.name)"
distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
distribute_list_out: "<your_own_value> (source router.access-list.name)"
distribute_list_out_vpnv4: "<your_own_value> (source router.access-list.name)"
distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
dont_capability_negotiate: "enable"
ebgp_enforce_multihop: "enable"
ebgp_multihop_ttl: "255"
filter_list_in: "<your_own_value> (source router.aspath-list.name)"
filter_list_in_vpnv4: "<your_own_value> (source router.aspath-list.name)"
filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
filter_list_out: "<your_own_value> (source router.aspath-list.name)"
filter_list_out_vpnv4: "<your_own_value> (source router.aspath-list.name)"
filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
holdtime_timer: "4294967295"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
keep_alive_timer: "4294967295"
link_down_failover: "enable"
local_as: "<your_own_value>"
local_as_no_prepend: "enable"
local_as_replace_as: "enable"
maximum_prefix: "0"
maximum_prefix_evpn: "0"
maximum_prefix_threshold: "75"
maximum_prefix_threshold_evpn: "75"
maximum_prefix_threshold_vpnv4: "75"
maximum_prefix_threshold6: "75"
maximum_prefix_vpnv4: "0"
maximum_prefix_warning_only: "enable"
maximum_prefix_warning_only_evpn: "enable"
maximum_prefix_warning_only_vpnv4: "enable"
maximum_prefix_warning_only6: "enable"
maximum_prefix6: "0"
next_hop_self: "enable"
next_hop_self_rr: "enable"
next_hop_self_rr6: "enable"
next_hop_self_vpnv4: "enable"
next_hop_self6: "enable"
override_capability: "enable"
passive: "enable"
password: "<your_own_value>"
prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in_vpnv4: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out_vpnv4: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
remote_as: "<your_own_value>"
remove_private_as: "enable"
remove_private_as_evpn: "enable"
remove_private_as_vpnv4: "enable"
remove_private_as6: "enable"
restart_time: "0"
retain_stale_time: "0"
route_map_in: "<your_own_value> (source router.route-map.name)"
route_map_in_evpn: "<your_own_value> (source router.route-map.name)"
route_map_in_vpnv4: "<your_own_value> (source router.route-map.name)"
route_map_in6: "<your_own_value> (source router.route-map.name)"
route_map_out: "<your_own_value> (source router.route-map.name)"
route_map_out_evpn: "<your_own_value> (source router.route-map.name)"
route_map_out_preferable: "<your_own_value> (source router.route-map.name)"
route_map_out_vpnv4: "<your_own_value> (source router.route-map.name)"
route_map_out_vpnv4_preferable: "<your_own_value> (source router.route-map.name)"
route_map_out6: "<your_own_value> (source router.route-map.name)"
route_map_out6_preferable: "<your_own_value> (source router.route-map.name)"
route_reflector_client: "enable"
route_reflector_client_evpn: "enable"
route_reflector_client_vpnv4: "enable"
route_reflector_client6: "enable"
route_server_client: "enable"
route_server_client_evpn: "enable"
route_server_client_vpnv4: "enable"
route_server_client6: "enable"
send_community: "standard"
send_community_evpn: "standard"
send_community_vpnv4: "standard"
send_community6: "standard"
shutdown: "enable"
soft_reconfiguration: "enable"
soft_reconfiguration_evpn: "enable"
soft_reconfiguration_vpnv4: "enable"
soft_reconfiguration6: "enable"
stale_route: "enable"
strict_capability_match: "enable"
unsuppress_map: "<your_own_value> (source router.route-map.name)"
unsuppress_map6: "<your_own_value> (source router.route-map.name)"
update_source: "<your_own_value> (source system.interface.name)"
weight: "4294967295"
neighbor_group:
-
activate: "enable"
activate_evpn: "enable"
activate_vpnv4: "enable"
activate6: "enable"
additional_path: "send"
additional_path_vpnv4: "send"
additional_path6: "send"
adv_additional_path: "2"
adv_additional_path_vpnv4: "2"
adv_additional_path6: "2"
advertisement_interval: "30"
allowas_in: "3"
allowas_in_enable: "enable"
allowas_in_enable_evpn: "enable"
allowas_in_enable_vpnv4: "enable"
allowas_in_enable6: "enable"
allowas_in_evpn: "3"
allowas_in_vpnv4: "3"
allowas_in6: "3"
as_override: "enable"
as_override6: "enable"
attribute_unchanged: "as-path"
attribute_unchanged_vpnv4: "as-path"
attribute_unchanged6: "as-path"
bfd: "enable"
capability_default_originate: "enable"
capability_default_originate6: "enable"
capability_dynamic: "enable"
capability_graceful_restart: "enable"
capability_graceful_restart_evpn: "enable"
capability_graceful_restart_vpnv4: "enable"
capability_graceful_restart6: "enable"
capability_orf: "none"
capability_orf6: "none"
capability_route_refresh: "enable"
connect_timer: "4294967295"
default_originate_routemap: "<your_own_value> (source router.route-map.name)"
default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
description: "<your_own_value>"
distribute_list_in: "<your_own_value> (source router.access-list.name)"
distribute_list_in_vpnv4: "<your_own_value> (source router.access-list.name)"
distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
distribute_list_out: "<your_own_value> (source router.access-list.name)"
distribute_list_out_vpnv4: "<your_own_value> (source router.access-list.name)"
distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
dont_capability_negotiate: "enable"
ebgp_enforce_multihop: "enable"
ebgp_multihop_ttl: "255"
filter_list_in: "<your_own_value> (source router.aspath-list.name)"
filter_list_in_vpnv4: "<your_own_value> (source router.aspath-list.name)"
filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
filter_list_out: "<your_own_value> (source router.aspath-list.name)"
filter_list_out_vpnv4: "<your_own_value> (source router.aspath-list.name)"
filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
holdtime_timer: "4294967295"
interface: "<your_own_value> (source system.interface.name)"
keep_alive_timer: "4294967295"
link_down_failover: "enable"
local_as: "<your_own_value>"
local_as_no_prepend: "enable"
local_as_replace_as: "enable"
maximum_prefix: "0"
maximum_prefix_evpn: "0"
maximum_prefix_threshold: "75"
maximum_prefix_threshold_evpn: "75"
maximum_prefix_threshold_vpnv4: "75"
maximum_prefix_threshold6: "75"
maximum_prefix_vpnv4: "0"
maximum_prefix_warning_only: "enable"
maximum_prefix_warning_only_evpn: "enable"
maximum_prefix_warning_only_vpnv4: "enable"
maximum_prefix_warning_only6: "enable"
maximum_prefix6: "0"
name: "default_name_277"
next_hop_self: "enable"
next_hop_self_rr: "enable"
next_hop_self_rr6: "enable"
next_hop_self_vpnv4: "enable"
next_hop_self6: "enable"
override_capability: "enable"
passive: "enable"
password: "<your_own_value>"
prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in_vpnv4: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out_vpnv4: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
remote_as: "<your_own_value>"
remove_private_as: "enable"
remove_private_as_evpn: "enable"
remove_private_as_vpnv4: "enable"
remove_private_as6: "enable"
restart_time: "0"
retain_stale_time: "0"
route_map_in: "<your_own_value> (source router.route-map.name)"
route_map_in_evpn: "<your_own_value> (source router.route-map.name)"
route_map_in_vpnv4: "<your_own_value> (source router.route-map.name)"
route_map_in6: "<your_own_value> (source router.route-map.name)"
route_map_out: "<your_own_value> (source router.route-map.name)"
route_map_out_evpn: "<your_own_value> (source router.route-map.name)"
route_map_out_preferable: "<your_own_value> (source router.route-map.name)"
route_map_out_vpnv4: "<your_own_value> (source router.route-map.name)"
route_map_out_vpnv4_preferable: "<your_own_value> (source router.route-map.name)"
route_map_out6: "<your_own_value> (source router.route-map.name)"
route_map_out6_preferable: "<your_own_value> (source router.route-map.name)"
route_reflector_client: "enable"
route_reflector_client_evpn: "enable"
route_reflector_client_vpnv4: "enable"
route_reflector_client6: "enable"
route_server_client: "enable"
route_server_client_evpn: "enable"
route_server_client_vpnv4: "enable"
route_server_client6: "enable"
send_community: "standard"
send_community_evpn: "standard"
send_community_vpnv4: "standard"
send_community6: "standard"
shutdown: "enable"
soft_reconfiguration: "enable"
soft_reconfiguration_evpn: "enable"
soft_reconfiguration_vpnv4: "enable"
soft_reconfiguration6: "enable"
stale_route: "enable"
strict_capability_match: "enable"
unsuppress_map: "<your_own_value> (source router.route-map.name)"
unsuppress_map6: "<your_own_value> (source router.route-map.name)"
update_source: "<your_own_value> (source system.interface.name)"
weight: "4294967295"
neighbor_range:
-
id: "334"
max_neighbor_num: "0"
neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
prefix: "<your_own_value>"
neighbor_range6:
-
id: "339"
max_neighbor_num: "0"
neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
prefix6: "<your_own_value>"
network:
-
backdoor: "enable"
id: "345"
network_import_check: "global"
prefix: "<your_own_value>"
route_map: "<your_own_value> (source router.route-map.name)"
network_import_check: "enable"
network6:
-
backdoor: "enable"
id: "352"
network_import_check: "global"
prefix6: "<your_own_value>"
route_map: "<your_own_value> (source router.route-map.name)"
recursive_inherit_priority: "enable"
recursive_next_hop: "enable"
redistribute:
-
name: "default_name_359"
route_map: "<your_own_value> (source router.route-map.name)"
status: "enable"
redistribute6:
-
name: "default_name_363"
route_map: "<your_own_value> (source router.route-map.name)"
status: "enable"
router_id: "<your_own_value>"
scan_time: "60"
synchronization: "enable"
tag_resolve_mode: "disable"
vrf:
-
export_rt:
-
route_target: "<your_own_value>"
import_route_map: "<your_own_value> (source router.route-map.name)"
import_rt:
-
route_target: "<your_own_value>"
leak_target:
-
interface: "<your_own_value> (source system.interface.name)"
route_map: "<your_own_value> (source router.route-map.name)"
vrf: "<your_own_value>"
rd: "<your_own_value>"
role: "standalone"
vrf: "<your_own_value>"
vrf_leak:
-
target:
-
interface: "<your_own_value> (source system.interface.name)"
route_map: "<your_own_value> (source router.route-map.name)"
vrf: "<your_own_value>"
vrf: "<your_own_value>"
vrf_leak6:
-
target:
-
interface: "<your_own_value> (source system.interface.name)"
route_map: "<your_own_value> (source router.route-map.name)"
vrf: "<your_own_value>"
vrf: "<your_own_value>"
vrf6:
-
leak_target:
-
interface: "<your_own_value> (source system.interface.name)"
route_map: "<your_own_value> (source router.route-map.name)"
vrf: "<your_own_value>"
vrf: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: |
|
Last method used to provision the content into FortiGate Returned: always Sample: |
|
Last result given by FortiGate on last operation applied Returned: always Sample: |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: |
|
Name of the table used to fulfill the request Returned: always Sample: |
|
Path of the table used to fulfill the request Returned: always Sample: |
|
Internal revision number Returned: always Sample: |
|
Serial number of the unit Returned: always Sample: |
|
Indication of the operation’s result Returned: always Sample: |
|
Virtual domain used Returned: always Sample: |
|
Version of the FortiGate Returned: always Sample: |