Skip to content

feat(specs): Add spec, tests and examples for panos_bfd_network_profile #724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kklimonda-cl wants to merge 1 commit into
base: main
Choose a base branch
from
+1,089 −3
Open

feat(specs): Add spec, tests and examples for panos_bfd_network_profile #724

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions assets/terraform/examples/resources/panos_bfd_network_profile/import.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/bash
# Import a BFD Network Profile from a Panorama template.
# The location must be base64-encoded JSON before passing to terraform import.

location='{"template":{"name":"bfd-network-template","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}}'
encoded_location=$(echo -n "$location" | base64)
terraform import "panos_bfd_network_profile.active" "$encoded_location:bfd-active-fast"
59 changes: 59 additions & 0 deletions assets/terraform/examples/resources/panos_bfd_network_profile/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
resource "panos_template" "example" {
location = { panorama = {} }
name = "bfd-network-template"
}

# BFD Network Profile with active mode and custom timing parameters.
# Suitable for single-hop BFD sessions where fast failure detection is needed.
resource "panos_bfd_network_profile" "active" {
depends_on = [panos_template.example]
location = {
template = {
name = panos_template.example.name
}
}

name = "bfd-active-fast"

# Use active mode so this device initiates BFD control packets
mode = "active"

# Increase the detection multiplier to allow 5 missed packets before
# declaring the session down (default is 3)
detection_multiplier = 5

# Require BFD control packets every 300 ms (default is 1000 ms)
min_rx_interval = 300
min_tx_interval = 300

# Hold BFD sessions for 500 ms after a link event before re-negotiating
hold_time = 500
}

# BFD Network Profile configured for multihop sessions in passive mode.
# Multihop BFD traverses multiple IP hops (e.g., across a routed WAN) so
# a minimum accepted TTL guards against spoofed packets from closer peers.
resource "panos_bfd_network_profile" "multihop_passive" {
depends_on = [panos_template.example]
location = {
template = {
name = panos_template.example.name
}
}

name = "bfd-multihop-passive"

# Passive mode: wait for the remote peer to initiate BFD control packets
mode = "passive"

detection_multiplier = 3
min_rx_interval = 500
min_tx_interval = 500

# Enable multihop and set the minimum TTL accepted on incoming BFD packets.
# A value of 200 rejects packets that have traversed more than 55 hops,
# limiting the reach of potential spoofed BFD packets.
multihop = {
min_received_ttl = 200
}
}
Loading
Loading