| Parameter | Choices/Defaults | Comments | 
                
                                                            | auto_last_hop 
                    string
                                                                 | Choices:
                                                                                                                                                            defaultenableddisabled | Allows you to configure auto last hop on a per-tunnel basis. When creating a new tunnel, if this parameter is supported by the tunnel profile but not specified, the default is default. When default, means that the system uses the global auto-lasthop setting to send back the request. When enabled, allows the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface. As a result, the system can send return traffic to clients even when there is no matching route. | 
                            
                                                            | description 
                    string
                                                                 |  | Description of the tunnel. | 
                            
                                                            | key 
                    integer
                                                                 |  | When applied to a GRE tunnel, this value specifies an optional field in the GRE header, used to authenticate the source of the packet. When applied to a VXLAN or Geneve tunnel, this value specifies the Virtual Network Identifier (VNI). When applied to an NVGRE tunnel, this value specifies the Virtual Subnet Identifier (VSID). When creating a new tunnel, if this parameter is supported by the tunnel profile but not specified, the default value is 0. | 
                            
                                                            | local_address 
                    string
                                                                 |  | Specifies the IP address of the local endpoint of the tunnel. | 
                            
                                                            | mode 
                    string
                                                                 | Choices:
                                                                                                                                                            bidirectionalinboundoutbound | Specifies how the tunnel carries traffic. When creating a new tunnel, if this parameter is supported by the tunnel profile but not specified, the default is bidirectional. When bidirectional, specifies that the tunnel carries both inbound and outbound traffic. When inbound, specifies that the tunnel carries only incoming traffic. When outbound, specifies that the tunnel carries only outgoing traffic. | 
                            
                                                            | mtu 
                    integer
                                                                 |  | Specifies the maximum transmission unit (MTU) of the tunnel. When creating a new tunnel, if this parameter is supported by the tunnel profile but not specified, the default value is 0. The valid range is from 0to65515. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Specifies the name of the tunnel. | 
                            
                                                            | partition 
                    string
                                                                 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | profile 
                    string
                                                                 |  | Specifies the profile to associate with the tunnel for handling traffic. Depending on your selection, other settings become available or disappear. This parameter may not be changed after it is set. | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | remote_address 
                    string
                                                                 |  | Specifies the IP address of the remote endpoint of the tunnel. For dslite,fec(when configuring the FEC tunnel for receiving traffic only),v6rd(configured as a border relay), ormap, the tunnel must have an unspecified remote address (any). | 
                            
                                                            | secondary_address 
                    string
                                                                 |  | Specifies a non-floating IP address for the tunnel, to be used with host-initiated traffic. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When present, ensures that the tunnel exists. When absent, ensures the tunnel is removed. | 
                            
                                                            | tos 
                    string
                                                                 |  | Specifies the Type of Service (TOS) value to insert in the encapsulating header of transmitted packets. When creating a new tunnel, if this parameter is supported by the tunnel profile but not specified, the default value is preserve. When preserve, the system copies the TOS value from the inner header to the outer header. You may also specify a numeric value. The possible values are from 0to255. | 
                            
                                                            | traffic_group 
                    string
                                                                 |  | Specifies the traffic group to associate with the tunnel. This value cannot be changed after it is set. This is a limitation of BIG-IP. | 
                            
                                                            | transparent 
                    boolean
                                                                 |  | Specifies that the tunnel operates in transparent mode. When yes, you can inspect and manipulate the encapsulated traffic flowing through the BIG-IP system. A transparent tunnel terminates a tunnel while presenting the illusion that the tunnel transits the device unmodified (that is, the BIG-IP system appears as if it were an intermediate router that simply routes IP traffic through the device). | 
                            
                                                            | use_pmtu 
                    boolean
                                                                 |  | Enables or disables the tunnel to use the PMTU (Path MTU) information provided by ICMP NeedFrag error messages. If yesand the tunnelmtuis set to0, the tunnel will use the PMTU information. If yesand the tunnelmtuis fixed to a non-zero value, the tunnel will use the minimum of PMTU and MTU. If no, the tunnel will use fixed MTU or calculate its MTU using tunnel encapsulation configurations. |