Last updated on: 2024-04-01 03:24:20.
bigip_sslo_service_layer2 – Manage an SSL Orchestrator Layer 2 security device¶
New in version 1.6.0.
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments | |
|---|---|---|---|---|
|
devices
list
/ elements=dictionary
|
Specifies the set of network settings for traffic going to the service from the BIG-IP.
Multiple devices are defined as separate list items.
|
|||
|
interface_in
string
|
Defines the interface on the to-service side.
The
vlan_in and interface_in and tag_in options are mutually exclusive. |
|||
|
interface_out
string
|
Defines the interface on the from-service side.
The
vlan_out and interface_out and tag_out options are mutually exclusive. |
|||
|
name
string
/ required
|
Defines the name of this specific device.
|
|||
|
ratio
integer
/ required
|
Defines a load balancing ratio setting for this device.
|
|||
|
tag_in
integer
|
Defines the VLAN tag on the to-service side.
|
|||
|
tag_out
integer
|
Defines the VLAN tag on the from-service side (as required).
|
|||
|
vlan_in
string
|
Defines an existing VLAN to attach on the to-service side.
The
vlan_in and interface_in and tag_in options are mutually exclusive. |
|||
|
vlan_out
string
|
Defines an existing VLAN to attach on the from-service side.
The
vlan_out and interface_out and tag_out options are mutually exclusive. |
|||
|
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true, does not make any changes on the device and always returns changed=False.The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service no JSON output is generated. |
||
|
ip_offset
integer
|
Defines an IP offset integer to be used in the internal IP addressing.
This parameter is required when creating a new L2 service.
Accepted values are in the range of
0 to 30.This is typically used in a tiered architecture, where a Layer 2 service is shared between multiple standalone SSL Orchestrator instances.
|
|||
|
monitor
string
|
Specifies the monitor attached to the L2 security device pool.
The monitor must already exist on the BIG-IP.
When creating a L2 service, if the parameter is not provided a default of
/Common/gateway_icmp is assumed. |
|||
|
name
string
/ required
|
Specifies the name of the Layer 2 security service.
The configuration auto-prepends "ssloS_" to the service.
The service name should be less than 14 characters and not contain dashes "-".
|
|||
|
port_remap
integer
|
Defines the port to remap decrypted traffic to.
|
|||
|
rules
list
/ elements=string
|
Defines a list of iRules to attach to the service.
|
|||
|
service_down_action
string
|
|
Specifies the action to take on monitor failure.
Setting to
ignore bypasses the security device in the service chain.Setting to
reset or drop resets or drops the connection, respectively if the service monitor fails.When creating an ICAP service, if the parameter is not provided a default value of
ignore is assumed. |
||
|
state
string
|
|
When
state is present, ensures the object is created or modified.When
state is absent, ensures the service is removed. |
||
|
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE or MODIFY task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
|
vendor_info
string
added in 3.3.0 |
Specifies the vendor-specific L2 service used. The default is
Generic Inline Layer 2. |
|||
Examples¶
- name: Create SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
devices:
- name: "FEYE1"
ratio: 1
interface_in: "1.1"
tag_in: 100
interface_out: "1.1"
tag_out: 101
ip_offset: 1
port_remap: 8283
- name: Modify SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
devices:
- name: "FEYE1"
ratio: 1
vlan_in: "/Common/L2service_vlan_in"
interface_out: "1.1"
tag_out: 101
- name: Delete SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
state: "absent"
Return Values¶
The following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
devices_ips
list
|
changed |
The list of IP addresses created for each specified device.
Sample:
['hash/dictionary of values']
|
|
interfaces
list
|
changed |
The list of interfaces created for each specified device.
Sample:
['hash/dictionary of values']
|
|
monitor
string
|
changed |
The monitor attached to the L2 security device pool.
Sample:
/Common/gateway_icmp
|
|
networks
list
|
changed |
The list of networks created for each specified device.
Sample:
['hash/dictionary of values']
|
|
port_remap
integer
|
changed |
Port remap settings.
Sample:
8080
|
|
rules
list
|
changed |
List of iRules attached to the service.
Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
|
|
service_down_action
string
|
changed |
The action to take on monitor failure.
Sample:
ignore
|
|
service_subnet
dictionary
|
changed |
The service subnet created for L2 inline service
Sample:
['hash/dictionary of values']
|