Documentation

aci_bd - Manage Bridge Domains (BD) objects (fv:BD)

New in version 2.4.

Synopsis

  • Manages Bridge Domains (BD) on Cisco ACI fabrics.

Parameters

Parameter
Choices/Defaults
Comments
arp_flooding
    Choices:
  • no ←
  • yes
Determines if the Bridge Domain should flood ARP traffic.
The APIC defaults new Bridge Domains to no.
bd
The name of the Bridge Domain.

aliases: bd_name, name
bd_type
    Choices:
  • ethernet ←
  • fc
The type of traffic on the Bridge Domain.
The APIC defaults new Bridge Domains to ethernet.
certificate_name
The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.
It defaults to the private_key basename, without extension.

aliases: cert_name
description
Description for the Bridge Domain.
enable_multicast
    Choices:
  • no ←
  • yes
Determines if PIM is enabled
The APIC defaults new Bridge Domains to no.
enable_routing
    Choices:
  • no
  • yes ←
Determines if IP forwarding should be allowed.
The APIC defaults new Bridge Domains to yes.
endpoint_clear
    Choices:
  • no ←
  • yes
Clears all End Points in all Leaves when yes.
The APIC defaults new Bridge Domains to no.
The value is not reset to disabled once End Points have been cleared; that requires a second task.
endpoint_move_detect
    Choices:
  • default
  • garp ←
Determines if GARP should be enabled to detect when End Points move.
The APIC defaults new Bridge Domains to garp.
endpoint_retention_action
    Choices:
  • inherit
  • resolve ←
Determines if the Bridge Domain should inherit or resolve the End Point Retention Policy.
The APIC defaults new Bridge Domain to End Point Retention Policies to resolve.
endpoint_retention_policy
The name of the End Point Retention Policy the Bridge Domain should use when overriding the default End Point Retention Policy.
host
required
IP Address or hostname of APIC resolvable by Ansible control host.

aliases: hostname
igmp_snoop_policy
The name of the IGMP Snooping Policy the Bridge Domain should use when overriding the default IGMP Snooping Policy.
ip_learning
    Choices:
  • no
  • yes
Determines if the Bridge Domain should learn End Point IPs.
The APIC defaults new Bridge Domains to yes.
ipv6_nd_policy
The name of the IPv6 Neighbor Discovery Policy the Bridge Domain should use when overridding the default IPV6 ND Policy.
l2_unknown_unicast
    Choices:
  • proxy ←
  • flood
Determines what forwarding method to use for unknown l2 destinations.
The APIC defaults new Bridge domains to proxy.
l3_unknown_multicast
    Choices:
  • flood ←
  • opt-flood
Determines the forwarding method to use for unknown multicast destinations.
The APCI defaults new Bridge Domains to flood.
limit_ip_learn
    Choices:
  • no
  • yes ←
Determines if the BD should limit IP learning to only subnets owned by the Bridge Domain.
The APIC defaults new Bridge Domains to yes.
mac_address
(added in 2.5)
Default:
00:22:BD:F8:19:FF
The MAC Address to assign to the bd instead of using the default.

aliases: mac
multi_dest
    Choices:
  • bd-flood ←
  • drop
  • encap-flood
Determines the forwarding method for L2 multicast, broadcast, and link layer traffic.
The APIC defaults new Bridge Domains to bd-flood.
output_level
    Choices:
  • debug
  • info
  • normal ←
Influence the output of this ACI module.
normal means the standard output, incl. current dict
info adds informational output, incl. previous, proposed and sent dicts
debug adds debugging output, incl. filter_string, method, response, status and url information
password
required
The password to use for authentication.
This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.
port
Default:
443 (https), 80 (http)
Port number to be used for REST connection.
The default value depends on parameter `use_ssl`.
private_key
required
PEM formatted file that contains your private key to be used for signature-based authentication.
The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.
This option is mutual exclusive with password. If password is provided too, it will be ignored.

aliases: cert_key
state
    Choices:
  • absent
  • present ←
  • query
Use present or absent for adding or removing.
Use query for listing an object or multiple objects.
tenant
The name of the Tenant.

aliases: tenant_name
timeout
Default:
30
The socket level timeout in seconds.
use_proxy
    Choices:
  • no
  • yes ←
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl
    Choices:
  • no
  • yes ←
If no, an HTTP connection will be used instead of the default HTTPS connection.
username
Default:
admin
The username to use for authentication.

aliases: user
validate_certs
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated.
This should only set to no when used on personally controlled sites using self-signed certificates.
vrf
The name of the VRF.

aliases: vrf_name

Notes

Note

Examples

- name: Add Bridge Domain
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: no
    state: present
    tenant: prod
    bd: web_servers
    mac_address: 00:22:BD:F8:19:FE
    vrf: prod_vrf

- name: Add an FC Bridge Domain
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: no
    state: present
    tenant: prod
    bd: storage
    bd_type: fc
    vrf: fc_vrf
    enable_routing: no

- name: Modify a Bridge Domain
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: yes
    state: present
    tenant: prod
    bd: web_servers
    arp_flooding: yes
    l2_unknown_unicast: flood

- name: Query All Bridge Domains
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: yes
    state: query

- name: Query a Bridge Domain
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: yes
    state: query
    tenant: prod
    bd: web_servers

- name: Delete a Bridge Domain
  aci_bd:
    host: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    validate_certs: yes
    state: absent
    tenant: prod
    bd: web_servers

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key
Returned
Description
current
list
success
The existing configuration from the APIC after the module has finished

Sample:
[{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}]
error
dict
failure
The error information as returned from the APIC

Sample:
{'text': 'unknown managed object class foo', 'code': '122'}
filter_string
string
failure or debug
The filter string used for the request

Sample:
?rsp-prop-include=config-only
method
string
failure or debug
The HTTP method used for the request to the APIC

Sample:
POST
previous
list
info
The original configuration from the APIC before the module has started

Sample:
[{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}]
proposed
dict
info
The assembled configuration from the user-provided parameters

Sample:
{'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}}
raw
string
parse error
The raw output returned by the APIC REST API (xml or json)

Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response
string
failure or debug
The HTTP response from the APIC

Sample:
OK (30 bytes)
sent
list
info
The actual/minimal configuration pushed to the APIC

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status
int
failure or debug
The HTTP status from the APIC

Sample:
200
url
string
failure or debug
The HTTP url used for the request to the APIC

Sample:
https://10.11.12.13/api/mo/uni/tn-production.json


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Jacob McGill (@jmcgill298)

Hint

If you notice any issues in this documentation you can edit this document to improve it.