BGP Address Family Profile Models

Overview

The BGP Address Family Profile models provide a structured way to represent and validate BGP address family profile configuration data for Palo Alto Networks' Strata Cloud Manager. These models control per-neighbor address family settings including add-path, allowas-in, maximum prefix limits, next-hop behavior, private AS removal, community handling, and ORF configuration.

Models

The module provides the following Pydantic models:

BgpAddressFamilyProfileBaseModel: Base model with fields common to all BGP address family profile operations
BgpAddressFamilyProfileCreateModel: Model for creating new BGP address family profiles
BgpAddressFamilyProfileUpdateModel: Model for updating existing BGP address family profiles
BgpAddressFamilyProfileResponseModel: Response model for BGP address family profile operations
BgpAddressFamilyProfileIpv4UnicastMulticast: IPv4 container with unicast and multicast address families
BgpAddressFamily: Core address family configuration (reused for unicast and multicast)
BgpAddressFamilyAddPath: Add-path configuration
BgpAddressFamilyAllowasIn: Allowas-in configuration (oneOf: origin or occurrence)
BgpAddressFamilyMaximumPrefix: Maximum prefix configuration
BgpAddressFamilyMaximumPrefixAction: Maximum prefix action (oneOf: warning_only or restart)
BgpAddressFamilyMaximumPrefixRestart: Maximum prefix restart interval configuration
BgpAddressFamilyNextHop: Next-hop configuration (oneOf: self or self_force)
BgpAddressFamilyRemovePrivateAS: Remove private AS configuration (oneOf: all or replace_AS)
BgpAddressFamilySendCommunity: Send community configuration (oneOf: all, both, extended, large, or standard)
BgpAddressFamilyOrf: ORF (Outbound Route Filtering) configuration

The BgpAddressFamilyProfileBaseModel and BgpAddressFamilyProfileCreateModel / BgpAddressFamilyProfileUpdateModel use extra="forbid" configuration, which rejects any fields not explicitly defined in the model. The BgpAddressFamilyProfileResponseModel uses extra="ignore" to provide resilience against unexpected fields returned by the API.

Model Attributes

BgpAddressFamilyProfileBaseModel

This is the base model containing fields common to all BGP address family profile operations.

Attribute	Type	Required	Default	Description
`name`	`str`	Yes	None	Profile name.
`ipv4`	`BgpAddressFamilyProfileIpv4UnicastMulticast`	No	None	IPv4 address family configuration.
`folder`	`str`	No**	None	Folder location. Pattern: `^[a-zA-Z\d\-_. ]+$`. Max 64 chars.
`snippet`	`str`	No**	None	Snippet location. Pattern: `^[a-zA-Z\d\-_. ]+$`. Max 64 chars.
`device`	`str`	No**	None	Device location. Pattern: `^[a-zA-Z\d\-_. ]+$`. Max 64 chars.

** Exactly one container (folder/snippet/device) must be provided for create operations

BgpAddressFamilyProfileCreateModel

Inherits all fields from BgpAddressFamilyProfileBaseModel and enforces that exactly one of folder, snippet, or device is provided during creation.

BgpAddressFamilyProfileUpdateModel

Extends BgpAddressFamilyProfileBaseModel by adding:

Attribute	Type	Required	Default	Description
`id`	`UUID`	Yes	None	The unique identifier of the BGP address family profile

BgpAddressFamilyProfileResponseModel

Extends BgpAddressFamilyProfileBaseModel by adding:

Attribute	Type	Required	Default	Description
`id`	`UUID`	Yes	None	The unique identifier of the BGP address family profile

note

The BgpAddressFamilyProfileResponseModel uses extra="ignore" instead of extra="forbid". This means it will silently ignore any extra fields returned by the API that are not defined in the model, providing resilience against API changes.

Supporting Models

BgpAddressFamilyProfileIpv4UnicastMulticast

IPv4 container wrapping unicast and multicast address families.

Attribute	Type	Required	Default	Description
`unicast`	`BgpAddressFamily`	No	None	Unicast address family.
`multicast`	`BgpAddressFamily`	No	None	Multicast address family.

BgpAddressFamily

Core address family configuration, reused for both unicast and multicast.

Attribute	Type	Required	Default	Description
`enable`	`bool`	No	None	Enable address family.
`soft_reconfig_with_stored_info`	`bool`	No	None	Soft reconfiguration with stored routes.
`add_path`	`BgpAddressFamilyAddPath`	No	None	Add-path configuration.
`as_override`	`bool`	No	None	Override ASNs in outbound updates if AS-Path equals Remote-AS.
`route_reflector_client`	`bool`	No	None	Route reflector client.
`default_originate`	`bool`	No	None	Originate default route.
`default_originate_map`	`str`	No	None	Default originate route map.
`allowas_in`	`BgpAddressFamilyAllowasIn`	No	None	Allow-AS-in configuration.
`maximum_prefix`	`BgpAddressFamilyMaximumPrefix`	No	None	Maximum prefix configuration.
`next_hop`	`BgpAddressFamilyNextHop`	No	None	Next-hop configuration.
`remove_private_AS`	`BgpAddressFamilyRemovePrivateAS`	No	None	Remove private AS configuration.
`send_community`	`BgpAddressFamilySendCommunity`	No	None	Send community configuration.
`orf`	`BgpAddressFamilyOrf`	No	None	ORF configuration.

BgpAddressFamilyAddPath

Add-path configuration for advertising multiple paths.

Attribute	Type	Required	Default	Description
`tx_all_paths`	`bool`	No	None	Advertise all paths to peer.
`tx_bestpath_per_AS`	`bool`	No	None	Advertise bestpath per neighboring AS.

BgpAddressFamilyAllowasIn

Allow-AS-in configuration. Uses oneOf semantics: origin and occurrence are mutually exclusive.

Attribute	Type	Required	Default	Description
`origin`	`Dict[str,Any]`	No*	None	Allow origin AS in path.
`occurrence`	`int`	No*	None	Number of times own AS can appear in AS_PATH (1-10).

* origin and occurrence are mutually exclusive.

BgpAddressFamilyMaximumPrefix

Maximum prefix configuration for limiting the number of prefixes accepted from a peer.

Attribute	Type	Required	Default	Description
`num_prefixes`	`int`	No	None	Maximum number of prefixes (1-4294967295).
`threshold`	`int`	No	None	Threshold percentage (1-100).
`action`	`BgpAddressFamilyMaximumPrefixAction`	No	None	Action on limit.

BgpAddressFamilyMaximumPrefixAction

Maximum prefix action. Uses oneOf semantics: warning_only and restart are mutually exclusive.

Attribute	Type	Required	Default	Description
`warning_only`	`Dict[str,Any]`	No*	None	Warning only action.
`restart`	`BgpAddressFamilyMaximumPrefixRestart`	No*	None	Restart action.

* warning_only and restart are mutually exclusive.

BgpAddressFamilyMaximumPrefixRestart

Restart configuration for maximum prefix action.

Attribute	Type	Required	Default	Description
`interval`	`int`	No	None	Restart interval (1-65535).

BgpAddressFamilyNextHop

Next-hop configuration. Uses oneOf semantics: self and self_force are mutually exclusive.

Attribute	Type	Required	Default	Description
`self\_`	`Dict[str,Any]`	No*	None	Set next-hop to self. (alias: `self`)
`self_force`	`Dict[str,Any]`	No*	None	Force next-hop to self.

* self and self_force are mutually exclusive. Note: the Python attribute is self_ with an underscore to avoid conflict with the Python keyword, but the serialized alias is self.

BgpAddressFamilyRemovePrivateAS

Remove private AS configuration. Uses oneOf semantics: all and replace_AS are mutually exclusive.

Attribute	Type	Required	Default	Description
`all`	`Dict[str,Any]`	No*	None	Remove all private AS numbers.
`replace_AS`	`Dict[str,Any]`	No*	None	Replace private AS numbers.

* all and replace_AS are mutually exclusive.

BgpAddressFamilySendCommunity

Send community configuration. Uses oneOf semantics: at most one type can be set.

Attribute	Type	Required	Default	Description
`all`	`Dict[str,Any]`	No*	None	Send all communities.
`both`	`Dict[str,Any]`	No*	None	Send both standard and extended.
`extended`	`Dict[str,Any]`	No*	None	Send extended communities.
`large`	`Dict[str,Any]`	No*	None	Send large communities.
`standard`	`Dict[str,Any]`	No*	None	Send standard communities.

* At most one of all, both, extended, large, or standard may be set.

BgpAddressFamilyOrf

Outbound Route Filtering configuration.

Attribute	Type	Required	Default	Description
`orf_prefix_list`	`str`	No	None	ORF prefix list mode. Pattern: `^(none\|both\|receive\|send)$`

Exceptions

The models perform strict validation and will raise ValueError in scenarios such as:

When creating a profile (BgpAddressFamilyProfileCreateModel), if not exactly one container (folder, snippet, or device) is provided.
When both origin and occurrence are set in BgpAddressFamilyAllowasIn (mutually exclusive).
When both warning_only and restart are set in BgpAddressFamilyMaximumPrefixAction (mutually exclusive).
When both self and self_force are set in BgpAddressFamilyNextHop (mutually exclusive).
When both all and replace_AS are set in BgpAddressFamilyRemovePrivateAS (mutually exclusive).
When more than one community type is set in BgpAddressFamilySendCommunity (at most one allowed).

Model Validators

OneOf Validators

validate_allowas_in_type (in BgpAddressFamilyAllowasIn): Ensures that origin and occurrence are mutually exclusive. If both are set, it raises a ValueError.
validate_action_type (in BgpAddressFamilyMaximumPrefixAction): Ensures that warning_only and restart are mutually exclusive. If both are set, it raises a ValueError.
validate_next_hop_type (in BgpAddressFamilyNextHop): Ensures that self and self_force are mutually exclusive. If both are set, it raises a ValueError.
validate_remove_type (in BgpAddressFamilyRemovePrivateAS): Ensures that all and replace_AS are mutually exclusive. If both are set, it raises a ValueError.
validate_send_community_type (in BgpAddressFamilySendCommunity): Ensures that at most one send community type is set. If more than one of all, both, extended, large, or standard is configured, it raises a ValueError.

Container Validation in `BgpAddressFamilyProfileCreateModel`

validate_container_type: After model initialization, this validator checks that exactly one of the container fields (folder, snippet, or device) is provided. If not, it raises a ValueError.

Usage Examples

Creating a BGP Address Family Profile

Using a Dictionary

from scm.models.network import BgpAddressFamilyProfileCreateModel

profile_data = {
    "name": "af-profile-1",
    "ipv4": {
        "unicast": {
            "enable": True,
            "soft_reconfig_with_stored_info": True,
            "add_path": {
                "tx_all_paths": True,
            },
            "allowas_in": {
                "occurrence": 3,
            },
            "maximum_prefix": {
                "num_prefixes": 10000,
                "threshold": 80,
                "action": {
                    "warning_only": {},
                },
            },
            "next_hop": {
                "self": {},
            },
            "send_community": {
                "all": {},
            },
        },
        "multicast": {
            "enable": True,
        },
    },
    "folder": "Routing",
}

# Validate and create model instance
profile = BgpAddressFamilyProfileCreateModel(**profile_data)
payload = profile.model_dump(exclude_unset=True, by_alias=True)
print(payload)

Using the Model Directly

from scm.models.network import (
    BgpAddressFamilyProfileCreateModel,
    BgpAddressFamilyProfileIpv4UnicastMulticast,
    BgpAddressFamily,
    BgpAddressFamilyAddPath,
    BgpAddressFamilyAllowasIn,
    BgpAddressFamilyMaximumPrefix,
    BgpAddressFamilyMaximumPrefixAction,
    BgpAddressFamilyNextHop,
    BgpAddressFamilySendCommunity,
)

# Build address family configuration
unicast = BgpAddressFamily(
    enable=True,
    add_path=BgpAddressFamilyAddPath(tx_all_paths=True),
    allowas_in=BgpAddressFamilyAllowasIn(occurrence=3),
    maximum_prefix=BgpAddressFamilyMaximumPrefix(
        num_prefixes=10000,
        threshold=80,
        action=BgpAddressFamilyMaximumPrefixAction(warning_only={}),
    ),
    next_hop=BgpAddressFamilyNextHop(self_={}),
    send_community=BgpAddressFamilySendCommunity(all={}),
)

# Create the profile
profile = BgpAddressFamilyProfileCreateModel(
    name="af-profile-2",
    ipv4=BgpAddressFamilyProfileIpv4UnicastMulticast(
        unicast=unicast,
        multicast=BgpAddressFamily(enable=True),
    ),
    folder="Routing",
)
payload = profile.model_dump(exclude_unset=True, by_alias=True)
print(payload)

Updating a BGP Address Family Profile

from scm.client import Scm

# Initialize client
client = Scm(
    client_id="your_client_id",
    client_secret="your_client_secret",
    tsg_id="your_tsg_id",
)

# Fetch existing profile
existing = client.bgp_address_family_profile.fetch(name="af-profile-1", folder="Routing")

# Modify attributes
existing.ipv4.unicast.maximum_prefix.num_prefixes = 20000
existing.ipv4.unicast.maximum_prefix.threshold = 90

# Pass modified object to update()
updated = client.bgp_address_family_profile.update(existing)
print(f"Updated profile: {updated.name}")

Creating a Profile with Remove Private AS

from scm.models.network import (
    BgpAddressFamilyProfileCreateModel,
    BgpAddressFamilyProfileIpv4UnicastMulticast,
    BgpAddressFamily,
    BgpAddressFamilyRemovePrivateAS,
)

profile = BgpAddressFamilyProfileCreateModel(
    name="af-profile-remove-private-as",
    ipv4=BgpAddressFamilyProfileIpv4UnicastMulticast(
        unicast=BgpAddressFamily(
            enable=True,
            remove_private_AS=BgpAddressFamilyRemovePrivateAS(all={}),
        ),
    ),
    folder="Routing",
)
payload = profile.model_dump(exclude_unset=True, by_alias=True)
print(payload)

Overview​

Models​

Model Attributes​

BgpAddressFamilyProfileBaseModel​

BgpAddressFamilyProfileCreateModel​

BgpAddressFamilyProfileUpdateModel​

BgpAddressFamilyProfileResponseModel​

Supporting Models​

BgpAddressFamilyProfileIpv4UnicastMulticast​

BgpAddressFamily​

BgpAddressFamilyAddPath​

BgpAddressFamilyAllowasIn​

BgpAddressFamilyMaximumPrefix​

BgpAddressFamilyMaximumPrefixAction​

BgpAddressFamilyMaximumPrefixRestart​

BgpAddressFamilyNextHop​

BgpAddressFamilyRemovePrivateAS​

BgpAddressFamilySendCommunity​

BgpAddressFamilyOrf​

Exceptions​

Model Validators​

OneOf Validators​

Container Validation in BgpAddressFamilyProfileCreateModel​

Usage Examples​

Creating a BGP Address Family Profile​

Using a Dictionary​

Using the Model Directly​

Updating a BGP Address Family Profile​

Creating a Profile with Remove Private AS​