diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst index f614176..caff00c 100755 --- a/debian/wit-network-config.postinst +++ b/debian/wit-network-config.postinst @@ -23,7 +23,7 @@ case "$1" in IFCONFIG="/etc/network/interfaces" UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules" - FRRCONFIG="/etc/frr/frr.conf.wit" + FRRCONFIG="/etc/frr/frr.conf.wit" HOSTNAME=edge2.usw2.admin.wit.com @@ -61,7 +61,7 @@ case "$1" in # wiping existing config in prep for de-deploying it - mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true + mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true @@ -69,7 +69,7 @@ case "$1" in # write loopback config - cat <<-EOF >>$IFCONFIG + cat <<-EOF >>$IFCONFIG auto lo iface lo inet loopback @@ -85,30 +85,30 @@ case "$1" in # gathering defined interfaces - FRR_IFS="!" + FRR_IFS="!" for if in mgmt feth up ibgp gre; do - for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt) + for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt) ifname=${if}${i} ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true ## still thinking how to do this cleaner if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then - ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME}) - local=$(dig_txt local.${ifname}.${HOSTNAME}) - remote=$(dig_txt remote.${ifname}.${HOSTNAME}) + ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME}) + local=$(dig_txt local.${ifname}.${HOSTNAME}) + remote=$(dig_txt remote.${ifname}.${HOSTNAME}) - ## build FRR interface config to enable ND adv for ipv6 unmanaged - FRR_IFS="$FRR_IFS\ninterface $ifname" - FRR_IFS="$FRR_IFS\n description $ifalias" - FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10" - FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!" + ## build FRR interface config to enable ND adv for ipv6 unmanaged + FRR_IFS="$FRR_IFS\ninterface $ifname" + FRR_IFS="$FRR_IFS\n description $ifalias" + FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10" + FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!" - ## build FRR neightbor interfaces - FRR_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_NEIGH" + ## build FRR neightbor interfaces + FRR_EDGE_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_EDGE_NEIGH" - ## build regular linux network interface config - cat <<-EOF >>$IFCONFIG + ## build regular linux network interface config + cat <<-EOF >>$IFCONFIG auto $ifname iface $ifname inet manual ## $ifalias @@ -126,26 +126,24 @@ case "$1" in ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces - echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG + echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'${ifmac}'", ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG if [[ $ifname = up? ]]; then - ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME}) - ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME}) - peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available - peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available + ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME}) + ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME}) + peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available + peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available - ## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box + [ -z $peerv4 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_EDGE_NEIGH" + [ -z $peerv6 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_EDGE_NEIGH" + # we have a edge box, uncomment all edge special frr configs + SEDEXTRA='-e s/!!!\s\s//' - - [ -z $peerv4 ] || FRR_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH" - [ -z $peerv6 ] || FRR_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH" - - - cat <<-EOF >>$IFCONFIG + cat <<-EOF >>$IFCONFIG auto $ifname iface $ifname inet static address $ipv4 @@ -208,9 +206,9 @@ case "$1" in i=1 while true; do TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break - TEMPAGGS="\n !!! aggregate-address ${TEMP}" + TEMPAGGS=" !!! aggregate-address ${TEMP}\n" FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" - TEMPSUM="\n!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}" + TEMPSUM="!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n" FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}" let i+=1 done @@ -218,13 +216,45 @@ case "$1" in i=1 while true; do TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break - TEMPAGGS="\n !!! aggregate-address ${TEMP}" + TEMPAGGS=" !!! aggregate-address ${TEMP}\n" FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" - TEMPSUM="\n!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}" + TEMPSUM="!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n" FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}" let i+=1 done + i=1 + while true; do + TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break + TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n" + FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}" + let i+=1 + done + + i=1 + while true; do + TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break + TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n" + FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}" + let i+=1 + done + + + i=1 + while true; do + TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break + TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n" + FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}" + let i+=1 + done + + i=1 + while true; do + TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break + TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n" + FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}" + let i+=1 + done ## STOP compiling frr config @@ -233,17 +263,21 @@ case "$1" in # set frr config - sed -i \ - -e "s/^!!! FRR_IFS/$FRR_IFS/" \ - -e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \ - -e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \ - -e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \ - -e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \ - -e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \ - -e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \ - -e "s/FRRROUTERID/${LOOPBACKv4}/" \ - -e "s/NODEASN/${NODEASN}/" \ - $FRRCONFIG + sed -i \ + -e "s/^!!! FRR_IFS/$FRR_IFS/" \ + -e "s/^ !!! FRR_EDGE_NEIGH/$FRR_EDGE_NEIGH/" \ + -e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \ + -e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \ + -e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \ + -e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \ + -e "s/^!!! FRR_IPV4_CUSTOMERS_PFLIST/$FRR_IPV4_CUSTOMERS_PFLIST/" \ + -e "s/^!!! FRR_IPV6_CUSTOMERS_PFLIST/$FRR_IPV6_CUSTOMERS_PFLIST/" \ + -e "s/^!!! FRR_IPV4_LOOPBACK_PFLIST/$FRR_IPV4_LOOPBACK_PFLIST/" \ + -e "s/^!!! FRR_IPV6_LOOPBACK_PFLIST/$FRR_IPV6_LOOPBACK_PFLIST/" \ + -e "s/FRRROUTERID/${LOOPBACKv4}/" \ + -e "s/NODEASN/${NODEASN}/" \ + $SEDEXTRA \ + $FRRCONFIG exit 2 chown frr.frr $FRRCONFIG /etc/frr/daemons.wit @@ -257,7 +291,7 @@ exit 2 # wite grub rules for serial terminal sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub - cat <<-EOF >>/etc/default/grub + cat <<-EOF >>/etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8" GRUB_TERMINAL=serial diff --git a/files/frr.conf.wit b/files/frr.conf.wit index 530ad0b..6764007 100644 --- a/files/frr.conf.wit +++ b/files/frr.conf.wit @@ -94,70 +94,45 @@ router bgp NODEASN exit-address-family ! -ip prefix-list LOOPBACKv4 seq 5 permit 10.1.0.0/16 ge 32 - -ip prefix-list WITv4-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25 -ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25 - +!!! FRR_IPV4_LOOPBACK_PFLIST !!! FRR_IPV4_EDGE_SUMMARIES_PFLIST -!!! ip prefix-list WITv4-SUMMARIES seq 15 permit 170.199.211.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 20 permit 170.199.212.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 25 permit 170.199.213.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 30 permit 170.199.214.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 35 permit 170.199.215.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 40 permit 170.199.216.0/24 -!!! ip prefix-list WITv4-SUMMARIES seq 45 permit 170.199.217.0/24 +!!! FRR_IPV4_CUSTOMERS_PFLIST -!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 -!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32 -!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32 -!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32 -!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32 -!!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32 -!!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32 -!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32 -!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32 -!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32 -! +!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 +!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32 +!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32 +!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32 +!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32 +!!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32 +!!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32 +!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32 +!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32 +!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32 -ipv6 prefix-list LOOPBACKv6 seq 5 permit 2604:bbc0:0:100::/56 ge 128 +!!! FRR_IPV6_LOOPBACK_PFLIST !!! FRR_IPV6_EDGE_SUMMARIES_PFLIST -!!! ipv6 prefix-list WITv6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44 -!!! ipv6 prefix-list WITv6-INTERNAL seq 10 permit 2604:bbc0::/48 ge 48 +!!! FRR_IPV6_CUSTOMERS_PFLIST - -ipv6 prefix-list WITv6-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64 -ipv6 prefix-list WITv6-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64 -ipv6 prefix-list WITv6-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64 - - -!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0 -!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48 -!!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128 +!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0 +!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48 +!!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128 @@ -178,80 +153,76 @@ route-map LOCALNETSv6 permit 5 ! -!!! route-map eBGPv4-IN deny 5 -!!! description "deny any incoming private IP blocks" -!!! match ip address prefix-list rfc1918 -!!! ! -!!! route-map eBGPv4-IN permit 10 -!!! description "Accept all routes advertised to us" -!!! match ip address prefix-list ALL -!!! ! +!!! route-map eBGPv4-IN deny 5 +!!! description "deny any incoming private IP blocks" +!!! match ip address prefix-list rfc1918 +!!! ! +!!! route-map eBGPv4-IN permit 10 +!!! description "Accept all routes advertised to us" +!!! match ip address prefix-list ALL +!!! ! -!!! route-map eBGPv4-OUT permit 5 -!!! description "match IP block owned by WIT" -!!! match ip address prefix-list WITv4-SUMMARIES -!!! ! +!!! route-map eBGPv4-OUT permit 5 +!!! description "match IP block owned by WIT" +!!! match ip address prefix-list WITv4-SUMMARIES +!!! ! -!!! route-map eBGPv6-IN permit 5 -!!! description "Accept all routes advertised to us" -!!! match ipv6 address prefix-list eBGPv6-RELAXED -!!! ! +!!! route-map eBGPv6-IN permit 5 +!!! description "Accept all routes advertised to us" +!!! match ipv6 address prefix-list eBGPv6-RELAXED +!!! ! -!!! route-map eBGPv6-OUT permit 5 -!!! description "match IP block owned by WIT" -!!! match ipv6 address prefix-list WITv6-SUMMARIES -!!! ! +!!! route-map eBGPv6-OUT permit 5 +!!! description "match IP block owned by WIT" +!!! match ipv6 address prefix-list WITv6-SUMMARIES +!!! ! -!!! route-map FABRICv4-OUT permit 5 -!!! description "allow default route" -!!! match ip address prefix-list DEFAULT -!!! ! -!!! route-map FABRICv4-OUT permit 10 -!!! description "allow loopback IPs" -!!! match ip address prefix-list LOOPBACKv4 -!!! ! -!!! route-map FABRICv4-OUT permit 15 -!!! description "allow WIT public IPs" -!!! match ip address prefix-list WITV4 -!!! ! +!!! route-map FABRICv4-OUT permit 5 +!!! description "allow default route" +!!! match ip address prefix-list DEFAULT +!!! ! +!!! route-map FABRICv4-OUT permit 10 +!!! description "allow loopback IPs" +!!! match ip address prefix-list LOOPBACKv4 +!!! ! +!!! route-map FABRICv4-OUT permit 15 +!!! description "allow WIT public IPs" +!!! match ip address prefix-list WITV4 +!!! ! -!!! route-map FABRICv6-OUT permit 5 -!!! description "allow default route" -!!! match ipv6 address prefix-list DEFAULT -!!! ! -!!! route-map FABRICv6-OUT permit 10 -!!! description "allow WIT internal IPs" -!!! match ipv6 address prefix-list WITv6-INTERNAL -!!! ! -!!! route-map FABRICv6-OUT permit 15 -!!! description "allow WIT customer IPs" -!!! match ipv6 address prefix-list WITv6-CUSTOMERS -!!! ! +!!! route-map FABRICv6-OUT permit 5 +!!! description "allow default route" +!!! match ipv6 address prefix-list DEFAULT +!!! ! +!!! route-map FABRICv6-OUT permit 10 +!!! description "allow WIT customer IPs" +!!! match ipv6 address prefix-list WITv6-CUSTOMERS +!!! ! -!!! route-map GREv4-IN deny 5 -!!! description "deny default route in" -!!! match ip address prefix-list DEFAULT -!!! ! -!!! route-map GREv4-IN permit 10 -!!! description "accept all the rest" -!!! match ip address prefix-list ALL -!!! ! +!!! route-map GREv4-IN deny 5 +!!! description "deny default route in" +!!! match ip address prefix-list DEFAULT +!!! ! +!!! route-map GREv4-IN permit 10 +!!! description "accept all the rest" +!!! match ip address prefix-list ALL +!!! ! -!!! route-map GREv6-IN deny 5 -!!! description "deny default route in" -!!! match ipv6 address prefix-list DEFAULT -!!! ! -!!! route-map GREv6-IN permit 10 -!!! description "accept all the rest" -!!! match ipv6 address prefix-list ALL -!!! ! +!!! route-map GREv6-IN deny 5 +!!! description "deny default route in" +!!! match ipv6 address prefix-list DEFAULT +!!! ! +!!! route-map GREv6-IN permit 10 +!!! description "accept all the rest" +!!! match ipv6 address prefix-list ALL +!!! ! ! line vty !