jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup...

This commit is contained in:
toby 2018-10-19 16:56:11 +02:00
parent cfdc1cd3a9
commit 7e1d7993fe
2 changed files with 162 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
debian/wit-network-config.postinst vendored
View File

@ -23,7 +23,7 @@ case "$1" in
IFCONFIG="/etc/network/interfaces" IFCONFIG="/etc/network/interfaces"
UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules" UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
FRRCONFIG="/etc/frr/frr.conf.wit" FRRCONFIG="/etc/frr/frr.conf.wit"
HOSTNAME=edge2.usw2.admin.wit.com HOSTNAME=edge2.usw2.admin.wit.com
@ -61,7 +61,7 @@ case "$1" in
# wiping existing config in prep for de-deploying it # wiping existing config in prep for de-deploying it
mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true
mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true
@ -69,7 +69,7 @@ case "$1" in
# write loopback config # write loopback config
cat <<-EOF >>$IFCONFIG cat <<-EOF >>$IFCONFIG
auto lo auto lo
iface lo inet loopback iface lo inet loopback
@ -85,30 +85,30 @@ case "$1" in
# gathering defined interfaces # gathering defined interfaces
FRR_IFS="!" FRR_IFS="!"
for if in mgmt feth up ibgp gre; do for if in mgmt feth up ibgp gre; do
for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt) for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
ifname=${if}${i} ifname=${if}${i}
ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true ## still thinking how to do this cleaner ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true ## still thinking how to do this cleaner
if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME}) ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME})
local=$(dig_txt local.${ifname}.${HOSTNAME}) local=$(dig_txt local.${ifname}.${HOSTNAME})
remote=$(dig_txt remote.${ifname}.${HOSTNAME}) remote=$(dig_txt remote.${ifname}.${HOSTNAME})
## build FRR interface config to enable ND adv for ipv6 unmanaged ## build FRR interface config to enable ND adv for ipv6 unmanaged
FRR_IFS="$FRR_IFS\ninterface $ifname" FRR_IFS="$FRR_IFS\ninterface $ifname"
FRR_IFS="$FRR_IFS\n description $ifalias" FRR_IFS="$FRR_IFS\n description $ifalias"
FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10" FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10"
FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!" FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!"
## build FRR neightbor interfaces ## build FRR neightbor interfaces
FRR_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_NEIGH" FRR_EDGE_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_EDGE_NEIGH"
## build regular linux network interface config ## build regular linux network interface config
cat <<-EOF >>$IFCONFIG cat <<-EOF >>$IFCONFIG
auto $ifname auto $ifname
iface $ifname inet manual iface $ifname inet manual
## $ifalias ## $ifalias
@ -126,26 +126,24 @@ case "$1" in
ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'${ifmac}'", ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
if [[ $ifname = up? ]]; then if [[ $ifname = up? ]]; then
ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME}) ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME})
ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME}) ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME})
peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box [ -z $peerv4 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_EDGE_NEIGH"
[ -z $peerv6 ] || FRR_EDGE_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_EDGE_NEIGH"
# we have a edge box, uncomment all edge special frr configs
SEDEXTRA='-e s/!!!\s\s//'
cat <<-EOF >>$IFCONFIG
[ -z $peerv4 ] || FRR_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH"
[ -z $peerv6 ] || FRR_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH"
cat <<-EOF >>$IFCONFIG
auto $ifname auto $ifname
iface $ifname inet static iface $ifname inet static
address $ipv4 address $ipv4
@ -208,9 +206,9 @@ case "$1" in
i=1 i=1
while true; do while true; do
TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}" TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}" TEMPSUM="!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}" FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1 let i+=1
done done
@ -218,13 +216,45 @@ case "$1" in
i=1 i=1
while true; do while true; do
TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}" TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}" TEMPSUM="!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}" FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1 let i+=1
done done
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n"
FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n"
FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n"
FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n"
FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}"
let i+=1
done
## STOP compiling frr config ## STOP compiling frr config
@ -233,17 +263,21 @@ case "$1" in
# set frr config # set frr config
sed -i \ sed -i \
-e "s/^!!! FRR_IFS/$FRR_IFS/" \ -e "s/^!!! FRR_IFS/$FRR_IFS/" \
-e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \ -e "s/^ !!! FRR_EDGE_NEIGH/$FRR_EDGE_NEIGH/" \
-e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \ -e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \ -e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \ -e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \ -e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \ -e "s/^!!! FRR_IPV4_CUSTOMERS_PFLIST/$FRR_IPV4_CUSTOMERS_PFLIST/" \
-e "s/FRRROUTERID/${LOOPBACKv4}/" \ -e "s/^!!! FRR_IPV6_CUSTOMERS_PFLIST/$FRR_IPV6_CUSTOMERS_PFLIST/" \
-e "s/NODEASN/${NODEASN}/" \ -e "s/^!!! FRR_IPV4_LOOPBACK_PFLIST/$FRR_IPV4_LOOPBACK_PFLIST/" \
$FRRCONFIG -e "s/^!!! FRR_IPV6_LOOPBACK_PFLIST/$FRR_IPV6_LOOPBACK_PFLIST/" \
-e "s/FRRROUTERID/${LOOPBACKv4}/" \
-e "s/NODEASN/${NODEASN}/" \
$SEDEXTRA \
$FRRCONFIG
exit 2 exit 2
chown frr.frr $FRRCONFIG /etc/frr/daemons.wit chown frr.frr $FRRCONFIG /etc/frr/daemons.wit
@ -257,7 +291,7 @@ exit 2
# wite grub rules for serial terminal # wite grub rules for serial terminal
sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub
cat <<-EOF >>/etc/default/grub cat <<-EOF >>/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8" GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8"
GRUB_TERMINAL=serial GRUB_TERMINAL=serial

195
files/frr.conf.wit
View File

@ -94,70 +94,45 @@ router bgp NODEASN
exit-address-family exit-address-family
! !
ip prefix-list LOOPBACKv4 seq 5 permit 10.1.0.0/16 ge 32 !!! FRR_IPV4_LOOPBACK_PFLIST
ip prefix-list WITv4-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST !!! FRR_IPV4_EDGE_SUMMARIES_PFLIST
!!! ip prefix-list WITv4-SUMMARIES seq 15 permit 170.199.211.0/24 !!! FRR_IPV4_CUSTOMERS_PFLIST
!!! ip prefix-list WITv4-SUMMARIES seq 20 permit 170.199.212.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 25 permit 170.199.213.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 30 permit 170.199.214.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 35 permit 170.199.215.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 40 permit 170.199.216.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 45 permit 170.199.217.0/24
!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 !!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32 !!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
!!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32 !!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32
!!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32 !!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32
!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32 !!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32 !!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32 !!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
!
ipv6 prefix-list LOOPBACKv6 seq 5 permit 2604:bbc0:0:100::/56 ge 128 !!! FRR_IPV6_LOOPBACK_PFLIST
!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST !!! FRR_IPV6_EDGE_SUMMARIES_PFLIST
!!! ipv6 prefix-list WITv6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
!!! ipv6 prefix-list WITv6-INTERNAL seq 10 permit 2604:bbc0::/48 ge 48 !!! FRR_IPV6_CUSTOMERS_PFLIST
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
ipv6 prefix-list WITv6-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64 !!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
ipv6 prefix-list WITv6-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64 !!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128
ipv6 prefix-list WITv6-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64 !!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32
!!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0 !!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16
!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32 !!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48
!!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16 !!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128
!!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48
!!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128
@ -178,80 +153,76 @@ route-map LOCALNETSv6 permit 5
! !
!!! route-map eBGPv4-IN deny 5 !!! route-map eBGPv4-IN deny 5
!!! description "deny any incoming private IP blocks" !!! description "deny any incoming private IP blocks"
!!! match ip address prefix-list rfc1918 !!! match ip address prefix-list rfc1918
!!! ! !!! !
!!! route-map eBGPv4-IN permit 10 !!! route-map eBGPv4-IN permit 10
!!! description "Accept all routes advertised to us" !!! description "Accept all routes advertised to us"
!!! match ip address prefix-list ALL !!! match ip address prefix-list ALL
!!! ! !!! !
!!! route-map eBGPv4-OUT permit 5 !!! route-map eBGPv4-OUT permit 5
!!! description "match IP block owned by WIT" !!! description "match IP block owned by WIT"
!!! match ip address prefix-list WITv4-SUMMARIES !!! match ip address prefix-list WITv4-SUMMARIES
!!! ! !!! !
!!! route-map eBGPv6-IN permit 5 !!! route-map eBGPv6-IN permit 5
!!! description "Accept all routes advertised to us" !!! description "Accept all routes advertised to us"
!!! match ipv6 address prefix-list eBGPv6-RELAXED !!! match ipv6 address prefix-list eBGPv6-RELAXED
!!! ! !!! !
!!! route-map eBGPv6-OUT permit 5 !!! route-map eBGPv6-OUT permit 5
!!! description "match IP block owned by WIT" !!! description "match IP block owned by WIT"
!!! match ipv6 address prefix-list WITv6-SUMMARIES !!! match ipv6 address prefix-list WITv6-SUMMARIES
!!! ! !!! !
!!! route-map FABRICv4-OUT permit 5 !!! route-map FABRICv4-OUT permit 5
!!! description "allow default route" !!! description "allow default route"
!!! match ip address prefix-list DEFAULT !!! match ip address prefix-list DEFAULT
!!! ! !!! !
!!! route-map FABRICv4-OUT permit 10 !!! route-map FABRICv4-OUT permit 10
!!! description "allow loopback IPs" !!! description "allow loopback IPs"
!!! match ip address prefix-list LOOPBACKv4 !!! match ip address prefix-list LOOPBACKv4
!!! ! !!! !
!!! route-map FABRICv4-OUT permit 15 !!! route-map FABRICv4-OUT permit 15
!!! description "allow WIT public IPs" !!! description "allow WIT public IPs"
!!! match ip address prefix-list WITV4 !!! match ip address prefix-list WITV4
!!! ! !!! !
!!! route-map FABRICv6-OUT permit 5 !!! route-map FABRICv6-OUT permit 5
!!! description "allow default route" !!! description "allow default route"
!!! match ipv6 address prefix-list DEFAULT !!! match ipv6 address prefix-list DEFAULT
!!! ! !!! !
!!! route-map FABRICv6-OUT permit 10 !!! route-map FABRICv6-OUT permit 10
!!! description "allow WIT internal IPs" !!! description "allow WIT customer IPs"
!!! match ipv6 address prefix-list WITv6-INTERNAL !!! match ipv6 address prefix-list WITv6-CUSTOMERS
!!! ! !!! !
!!! route-map FABRICv6-OUT permit 15
!!! description "allow WIT customer IPs"
!!! match ipv6 address prefix-list WITv6-CUSTOMERS
!!! !
!!! route-map GREv4-IN deny 5 !!! route-map GREv4-IN deny 5
!!! description "deny default route in" !!! description "deny default route in"
!!! match ip address prefix-list DEFAULT !!! match ip address prefix-list DEFAULT
!!! ! !!! !
!!! route-map GREv4-IN permit 10 !!! route-map GREv4-IN permit 10
!!! description "accept all the rest" !!! description "accept all the rest"
!!! match ip address prefix-list ALL !!! match ip address prefix-list ALL
!!! ! !!! !
!!! route-map GREv6-IN deny 5 !!! route-map GREv6-IN deny 5
!!! description "deny default route in" !!! description "deny default route in"
!!! match ipv6 address prefix-list DEFAULT !!! match ipv6 address prefix-list DEFAULT
!!! ! !!! !
!!! route-map GREv6-IN permit 10 !!! route-map GREv6-IN permit 10
!!! description "accept all the rest" !!! description "accept all the rest"
!!! match ipv6 address prefix-list ALL !!! match ipv6 address prefix-list ALL
!!! ! !!! !
! !
line vty line vty
! !