Describe the bug
When using the advanced routing engine, the panos_l3_subinterface still configures a virtual router because of the "vr_name" argument. This causes issues when one wants to remove layer 3 subinterfaces as the interfaces will be defined for a virtual router and have to be manually removed on the CLI. This is only an issue of the ansible module. Manually adding interfaces through the web interface does not add any interface to a virtual router. This is related to #654 , but actually causes issues in production besides just having to define another task to add the layer 3 subinterfaces to the logical routers.
Expected behavior
When using advanced routing, no virtual router should be configured by the ansible modules.
Current behavior
If the vr_name option is not set, the default "default" is used, which results in the interfaces being added to the virtual router on the CLI:
admin@PA-3430-Node1(active)# show network virtual-router
set network virtual-router default protocol bgp enable no
set network virtual-router default protocol bgp dampening-profile default cutoff 1.25
set network virtual-router default protocol bgp dampening-profile default reuse 0.5
set network virtual-router default protocol bgp dampening-profile default max-hold-time 900
set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300
set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900
set network virtual-router default protocol bgp dampening-profile default enable yes
set network virtual-router default interface [ ae2.101 ae2.100 ae2.102 ae2.103 ]
When one now wants to remove those interfaces, either by hand in the web interface or automatically through ansible, the following error shows up:
1- Failed to delete Ethernet Interface - . ae2.103 cannot be deleted because of references from:, network -> virtual-router -> default -> interface
Even though we don't have any virtual routers anymore, since we are using the advanced routing engine. The only way to fix this is by going to the CLI and deleting the interface definition for this virtual router.
Setting vr_name to an empty string causes the last interface added by ansible to be set as an interface for the "default" virtual router:
admin@PA-3430-Node1(active)# show network virtual-router
set network virtual-router default protocol bgp enable no
set network virtual-router default protocol bgp dampening-profile default cutoff 1.25
set network virtual-router default protocol bgp dampening-profile default reuse 0.5
set network virtual-router default protocol bgp dampening-profile default max-hold-time 900
set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300
set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900
set network virtual-router default protocol bgp dampening-profile default enable yes
set network virtual-router default interface ae2.100
Steps to reproduce
The following example tasks cause this behavior.
Not setting the vr_name option:
- name: "Create layer 3 subinterface"
paloaltonetworks.panos.panos_l3_subinterface:
name: "ae2.100"
tag: "100"
enable_dhcp: false
ip:
- "192.168.10.1/24"
ipv6_enabled: true
zone_name: "vlan100"
provider: "{{ dict_panos_provider }}"
Setting an empty vr_name string:
- name: "Create layer 3 subinterface"
paloaltonetworks.panos.panos_l3_subinterface:
name: "ae2.100"
tag: "100"
enable_dhcp: false
ip:
- "192.168.10.1/24"
ipv6_enabled: true
zone_name: "vlan100"
vr_name: ""
provider: "{{ dict_panos_provider }}"
Your Environment
- Collection: paloaltonetworks.panos 3.3.0
- Python: 3.11.2
- Ansible: 2.17.14
- pan-os-python: 1.12.4
- pan-python: 0.17.0
- panos-upgrade-assurance: 2.0.1
- PA-3430 Version 11.1.13
Describe the bug
When using the advanced routing engine, the panos_l3_subinterface still configures a virtual router because of the "vr_name" argument. This causes issues when one wants to remove layer 3 subinterfaces as the interfaces will be defined for a virtual router and have to be manually removed on the CLI. This is only an issue of the ansible module. Manually adding interfaces through the web interface does not add any interface to a virtual router. This is related to #654 , but actually causes issues in production besides just having to define another task to add the layer 3 subinterfaces to the logical routers.
Expected behavior
When using advanced routing, no virtual router should be configured by the ansible modules.
Current behavior
If the vr_name option is not set, the default "default" is used, which results in the interfaces being added to the virtual router on the CLI:
When one now wants to remove those interfaces, either by hand in the web interface or automatically through ansible, the following error shows up:
1- Failed to delete Ethernet Interface - . ae2.103 cannot be deleted because of references from:, network -> virtual-router -> default -> interfaceEven though we don't have any virtual routers anymore, since we are using the advanced routing engine. The only way to fix this is by going to the CLI and deleting the interface definition for this virtual router.
Setting vr_name to an empty string causes the last interface added by ansible to be set as an interface for the "default" virtual router:
Steps to reproduce
The following example tasks cause this behavior.
Not setting the vr_name option:
Setting an empty vr_name string:
Your Environment