f5xc_bgp_routing_policy Resource - terraform-provider-f5xc

f5xc_bgp_routing_policy (Resource)

Manages a BGP Routing Policy resource in F5 Distributed Cloud for bgp routing policy is a list of rules containing match criteria and action to be applied. these rules help contol routes which are imported or exported to bgp peers. configuration.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# BGP Routing Policy Resource Example
# Manages a BGP Routing Policy resource in F5 Distributed Cloud for bgp routing policy is a list of rules containing match criteria and action to be applied. these rules help contol routes which are imported or exported to bgp peers. configuration.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic BGP Routing Policy configuration
resource "f5xc_bgp_routing_policy" "example" {
  name      = "example-bgp-routing-policy"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # BGP Routing policy is composed of one or more rules. Note...
  rules {
    # Configure rules settings
  }
  # Action to be enforced if the BGP route matches the rule.
  action {
    # Configure action settings
  }
  # Enable this option
  aggregate {
    # Configure aggregate settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the BGP Routing Policy. Must be unique within the namespace

• namespace - Required String
Namespace where the BGP Routing Policy will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• rules - Optional Block
BGP Routing policy is composed of one or more rules. Note that the order of rules is critical as rules are applied top to bottom
See Rules below for details.

• timeouts - Optional Block
See Timeouts below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

Rules

A rules block supports the following:

• action - Optional Block
Action to be enforced if the BGP route matches the rule
See Action below.

• match - Optional Block
Predicates which have to match information in route for action to be applied
See Match below.

Rules Action

An action block (within rules) supports the following:

• aggregate - Optional Block
Enable this option

• allow - Optional Block
Enable this option

• as_path - Optional String
AS-Path Prepending is generally used to influence incoming traffic

• community - Optional Block
BGP Community list. List of BGP communities
See Community below.

• deny - Optional Block
Enable this option

• local_preference - Optional Number
BGP Local Preference is generally used to influence outgoing traffic

• metric - Optional Number
The Multi-Exit Discriminator metric to indicate the preferred path to AS

Rules Action Community

A community block (within rules.action) supports the following:

• community - Optional List
Unordered set of RFC 1997 defined 4-byte community, first 16 bits being ASN and lower 16 bits being value

Rules Match

A match block (within rules) supports the following:

• as_path - Optional String
AS path can also be a regex, which will be matched against route information

• community - Optional Block
BGP Community list. List of BGP communities
See Community below.

• ip_prefixes - Optional Block
List of IP prefix and prefix length range match condition
See IP Prefixes below.

Rules Match Community

A community block (within rules.match) supports the following:

• community - Optional List
Unordered set of RFC 1997 defined 4-byte community, first 16 bits being ASN and lower 16 bits being value

Rules Match IP Prefixes

An ip_prefixes block (within rules.match) supports the following:

• prefixes - Optional Block
Prefix list. List of IP prefix
See Prefixes below.

Rules Match IP Prefixes Prefixes

A prefixes block (within rules.match.ip_prefixes) supports the following:

• equal_or_longer_than - Optional Block
Configuration parameter for equal or longer than

• exact_match - Optional Block
Configuration parameter for exact match

• ip_prefixes - Optional String
IP Prefix. IP prefix to match on BGP route

• longer_than - Optional Block
Configuration parameter for longer than

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
`name`	String	Name of the referenced object
`namespace`	String	Namespace containing the referenced object
`tenant`	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
`LOWER_CASE`	Convert to lowercase
`UPPER_CASE`	Convert to uppercase
`BASE64_DECODE`	Decodebase64 content
`NORMALIZE_PATH`	Normalize URL path
`REMOVE_WHITESPACE`	Remove whitespace characters
`URL_DECODE`	Decode URL-encoded characters
`TRIM_LEFT`	Trim leading whitespace
`TRIM_RIGHT`	Trim trailing whitespace
`TRIM`	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
`ANY`	Match any HTTP method
`GET`	HTTP GET request
`HEAD`	HTTP HEAD request
`POST`	HTTP POST request
`PUT`	HTTP PUT request
`DELETE`	HTTP DELETE request
`CONNECT`	HTTP CONNECT request
`OPTIONS`	HTTP OPTIONS request
`TRACE`	HTTP TRACE request
`PATCH`	HTTP PATCH request
`COPY`	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
`TLS_FINGERPRINT_NONE`	No fingerprint matching
`ANY_MALICIOUS_FINGERPRINT`	Match any known malicious fingerprint
`ADWARE`	Adware-associated fingerprints
`DRIDEX`	Dridex malware fingerprints
`GOOTKIT`	Gootkit malware fingerprints
`RANSOMWARE`	Ransomware-associated fingerprints
`TRICKBOT`	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
`SPAM_SOURCES`	Known spam sources
`WINDOWS_EXPLOITS`	Windows exploit sources
`WEB_ATTACKS`	Web attack sources
`BOTNETS`	Known botnet IPs
`SCANNERS`	Network scanner IPs
`REPUTATION`	Poor reputation IPs
`PHISHING`	Phishing-related IPs
`PROXY`	Anonymous proxy IPs
`MOBILE_THREATS`	Mobile threat sources
`TOR_PROXY`	Tor exit nodes
`DENIAL_OF_SERVICE`	DoS attack sources
`NETWORK`	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_bgp_routing_policy.example system/example