fortios_router_ospf – Configure OSPF in Fortinet’s FortiOS and FortiGate

New in version 2.8.

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments
host
string
FortiOS or FortiGate IP address.
https
boolean
    Choices:
  • no
  • yes ←
Indicates if the requests towards FortiGate must use HTTPS protocol.
password
string
Default:
""
FortiOS or FortiGate password.
router_ospf
dictionary
Default:
null
Configure OSPF.
abr_type
string
    Choices:
  • cisco
  • ibm
  • shortcut
  • standard
Area border router type.
area
list
OSPF area configuration.
authentication
string
    Choices:
  • none
  • text
  • md5
Authentication type.
default_cost
integer
Summary default cost of stub or NSSA area.
filter_list
list
OSPF area filter-list configuration.
direction
string
    Choices:
  • in
  • out
Direction.
id
integer / required
Filter list entry ID.
list
string
Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name.
id
string / required
Area entry IP address.
nssa_default_information_originate
string
    Choices:
  • enable
  • always
  • disable
Redistribute, advertise, or do not originate Type-7 default route into NSSA area.
nssa_default_information_originate_metric
integer
OSPF default metric.
nssa_default_information_originate_metric_type
string
    Choices:
  • 1
  • 2
OSPF metric type for default routes.
nssa_redistribution
string
    Choices:
  • enable
  • disable
Enable/disable redistribute into NSSA area.
nssa_translator_role
string
    Choices:
  • candidate
  • never
  • always
NSSA translator role type.
range
list
OSPF area range configuration.
advertise
string
    Choices:
  • disable
  • enable
Enable/disable advertise status.
id
integer / required
Range entry ID.
prefix
string
Prefix.
substitute
string
Substitute prefix.
substitute_status
string
    Choices:
  • enable
  • disable
Enable/disable substitute status.
shortcut
string
    Choices:
  • disable
  • enable
  • default
Enable/disable shortcut option.
stub_type
string
    Choices:
  • no-summary
  • summary
Stub summary setting.
type
string
    Choices:
  • regular
  • nssa
  • stub
Area type setting.
virtual_link
list
OSPF virtual link configuration.
authentication
string
    Choices:
  • none
  • text
  • md5
Authentication type.
authentication_key
string
Authentication key.
dead_interval
integer
Dead interval.
hello_interval
integer
Hello interval.
md5_key
string
MD5 key.
name
string / required
Virtual link entry name.
peer
string
Peer IP.
retransmit_interval
integer
Retransmit interval.
transmit_delay
integer
Transmit delay.
auto_cost_ref_bandwidth
integer
Reference bandwidth in terms of megabits per second.
bfd
string
    Choices:
  • enable
  • disable
Bidirectional Forwarding Detection (BFD).
database_overflow
string
    Choices:
  • enable
  • disable
Enable/disable database overflow.
database_overflow_max_lsas
integer
Database overflow maximum LSAs.
database_overflow_time_to_recover
integer
Database overflow time to recover (sec).
default_information_metric
integer
Default information metric.
default_information_metric_type
string
    Choices:
  • 1
  • 2
Default information metric type.
default_information_originate
string
    Choices:
  • enable
  • always
  • disable
Enable/disable generation of default route.
default_information_route_map
string
Default information route map. Source router.route-map.name.
default_metric
integer
Default metric of redistribute routes.
distance
integer
Distance of the route.
distance_external
integer
Administrative external distance.
distance_inter_area
integer
Administrative inter-area distance.
distance_intra_area
integer
Administrative intra-area distance.
distribute_list
list
Distribute list configuration.
access_list
string
Access list name. Source router.access-list.name.
id
integer / required
Distribute list entry ID.
protocol
string
    Choices:
  • connected
  • static
  • rip
Protocol type.
distribute_list_in
string
Filter incoming routes. Source router.access-list.name router.prefix-list.name.
distribute_route_map_in
string
Filter incoming external routes by route-map. Source router.route-map.name.
log_neighbour_changes
string
    Choices:
  • enable
  • disable
Enable logging of OSPF neighbour's changes
neighbor
list
OSPF neighbor configuration are used when OSPF runs on non-broadcast media
cost
integer
Cost of the interface, value range from 0 to 65535, 0 means auto-cost.
id
integer / required
Neighbor entry ID.
ip
string
Interface IP address of the neighbor.
poll_interval
integer
Poll interval time in seconds.
priority
integer
Priority.
network
list
OSPF network configuration.
area
string
Attach the network to area.
id
integer / required
Network entry ID.
prefix
string
Prefix.
ospf_interface
list
OSPF interface configuration.
authentication
string
    Choices:
  • none
  • text
  • md5
Authentication type.
authentication_key
string
Authentication key.
bfd
string
    Choices:
  • global
  • enable
  • disable
Bidirectional Forwarding Detection (BFD).
cost
integer
Cost of the interface, value range from 0 to 65535, 0 means auto-cost.
database_filter_out
string
    Choices:
  • enable
  • disable
Enable/disable control of flooding out LSAs.
dead_interval
integer
Dead interval.
hello_interval
integer
Hello interval.
hello_multiplier
integer
Number of hello packets within dead interval.
interface
string
Configuration interface name. Source system.interface.name.
ip
string
IP address.
md5_key
string
MD5 key.
mtu
integer
MTU for database description packets.
mtu_ignore
string
    Choices:
  • enable
  • disable
Enable/disable ignore MTU.
name
string / required
Interface entry name.
network_type
string
    Choices:
  • broadcast
  • non-broadcast
  • point-to-point
  • point-to-multipoint
  • point-to-multipoint-non-broadcast
Network type.
prefix_length
integer
Prefix length.
priority
integer
Priority.
resync_timeout
integer
Graceful restart neighbor resynchronization timeout.
retransmit_interval
integer
Retransmit interval.
status
string
    Choices:
  • disable
  • enable
Enable/disable status.
transmit_delay
integer
Transmit delay.
passive_interface
list
Passive interface configuration.
name
string / required
Passive interface name. Source system.interface.name.
redistribute
list
Redistribute configuration.
metric
integer
Redistribute metric setting.
metric_type
string
    Choices:
  • 1
  • 2
Metric type.
name
string / required
Redistribute name.
routemap
string
Route map name. Source router.route-map.name.
status
string
    Choices:
  • enable
  • disable
status
tag
integer
Tag value.
restart_mode
string
    Choices:
  • none
  • lls
  • graceful-restart
OSPF restart mode (graceful or LLS).
restart_period
integer
Graceful restart period.
rfc1583_compatible
string
    Choices:
  • enable
  • disable
Enable/disable RFC1583 compatibility.
router_id
string
Router ID.
spf_timers
string
SPF calculation frequency.
summary_address
list
IP address summary configuration.
advertise
string
    Choices:
  • disable
  • enable
Enable/disable advertise status.
id
integer / required
Summary address entry ID.
prefix
string
Prefix.
tag
integer
Tag value.
ssl_verify
boolean
added in 2.9
    Choices:
  • no
  • yes ←
Ensures FortiGate certificate must be verified by a proper CA.
username
string
FortiOS or FortiGate username.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
   ssl_verify: "False"
  tasks:
  - name: Configure OSPF.
    fortios_router_ospf:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      router_ospf:
        abr_type: "cisco"
        area:
         -
            authentication: "none"
            default_cost: "6"
            filter_list:
             -
                direction: "in"
                id:  "9"
                list: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
            id:  "11"
            nssa_default_information_originate: "enable"
            nssa_default_information_originate_metric: "13"
            nssa_default_information_originate_metric_type: "1"
            nssa_redistribution: "enable"
            nssa_translator_role: "candidate"
            range:
             -
                advertise: "disable"
                id:  "19"
                prefix: "<your_own_value>"
                substitute: "<your_own_value>"
                substitute_status: "enable"
            shortcut: "disable"
            stub_type: "no-summary"
            type: "regular"
            virtual_link:
             -
                authentication: "none"
                authentication_key: "<your_own_value>"
                dead_interval: "29"
                hello_interval: "30"
                md5_key: "<your_own_value>"
                name: "default_name_32"
                peer: "<your_own_value>"
                retransmit_interval: "34"
                transmit_delay: "35"
        auto_cost_ref_bandwidth: "36"
        bfd: "enable"
        database_overflow: "enable"
        database_overflow_max_lsas: "39"
        database_overflow_time_to_recover: "40"
        default_information_metric: "41"
        default_information_metric_type: "1"
        default_information_originate: "enable"
        default_information_route_map: "<your_own_value> (source router.route-map.name)"
        default_metric: "45"
        distance: "46"
        distance_external: "47"
        distance_inter_area: "48"
        distance_intra_area: "49"
        distribute_list:
         -
            access_list: "<your_own_value> (source router.access-list.name)"
            id:  "52"
            protocol: "connected"
        distribute_list_in: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
        distribute_route_map_in: "<your_own_value> (source router.route-map.name)"
        log_neighbour_changes: "enable"
        neighbor:
         -
            cost: "58"
            id:  "59"
            ip: "<your_own_value>"
            poll_interval: "61"
            priority: "62"
        network:
         -
            area: "<your_own_value>"
            id:  "65"
            prefix: "<your_own_value>"
        ospf_interface:
         -
            authentication: "none"
            authentication_key: "<your_own_value>"
            bfd: "global"
            cost: "71"
            database_filter_out: "enable"
            dead_interval: "73"
            hello_interval: "74"
            hello_multiplier: "75"
            interface: "<your_own_value> (source system.interface.name)"
            ip: "<your_own_value>"
            md5_key: "<your_own_value>"
            mtu: "79"
            mtu_ignore: "enable"
            name: "default_name_81"
            network_type: "broadcast"
            prefix_length: "83"
            priority: "84"
            resync_timeout: "85"
            retransmit_interval: "86"
            status: "disable"
            transmit_delay: "88"
        passive_interface:
         -
            name: "default_name_90 (source system.interface.name)"
        redistribute:
         -
            metric: "92"
            metric_type: "1"
            name: "default_name_94"
            routemap: "<your_own_value> (source router.route-map.name)"
            status: "enable"
            tag: "97"
        restart_mode: "none"
        restart_period: "99"
        rfc1583_compatible: "enable"
        router_id: "<your_own_value>"
        spf_timers: "<your_own_value>"
        summary_address:
         -
            advertise: "disable"
            id:  "105"
            prefix: "<your_own_value>"
            tag: "107"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.