jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more work ... .still ways to go,... just taking a backup...

This commit is contained in:
toby 2018-10-18 22:12:43 +02:00
parent 0e9142c15e
commit cfdc1cd3a9
2 changed files with 169 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
debian/wit-network-config.postinst vendored
View File

@ -17,8 +17,6 @@ set -xe
# for details, see https://www.debian.org/doc/debian-policy/ or # for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package # the debian-policy package
HOSTNAME=edge2.usw2.admin.wit.com
case "$1" in case "$1" in
configure) configure)
@ -27,6 +25,8 @@ case "$1" in
UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules" UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
FRRCONFIG="/etc/frr/frr.conf.wit" FRRCONFIG="/etc/frr/frr.conf.wit"
HOSTNAME=edge2.usw2.admin.wit.com
IFCONFIG="/tmp/interfaces" IFCONFIG="/tmp/interfaces"
UDEVCONFIG="/tmp/70-persistent-net.rules" UDEVCONFIG="/tmp/70-persistent-net.rules"
FRRCONFIG="/tmp/frr.conf.wit" FRRCONFIG="/tmp/frr.conf.wit"
@ -36,15 +36,17 @@ case "$1" in
## START gather all the info from the box and generate the variabels ## START gather all the info from the box and generate the variabels
dig_txt() { dig_txt() {
TMPDIG=$(dig txt +short $1.${HOSTNAME}) TMPDIG=$(dig txt +short $1)
[ -z $TMPDIG ] && exit 2 [ -z $TMPDIG ] && exit 2
echo ${TMPDIG//\"/} TMPDIG=${TMPDIG//\//\\\/}
TMPDIG=${TMPDIG//\"/} #" fix the god damn syntax highlighter
echo ${TMPDIG}
} }
LOOPBACKv4=$(dig a +short ${HOSTNAME}) LOOPBACKv4=$(dig a +short ${HOSTNAME})
LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
NODEASN=$(dig_txt asn) NODEASN=$(dig_txt asn.${HOSTNAME})
if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN" echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
@ -84,16 +86,15 @@ case "$1" in
# gathering defined interfaces # gathering defined interfaces
FRR_IFS="!" FRR_IFS="!"
FRR_NEIGH="!"
for if in mgmt feth up ibgp gre; do for if in mgmt feth up ibgp gre; do
for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt) for i in {1..2}; do #### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
ifname=${if}${i} ifname=${if}${i}
ifalias=$(dig_txt name.${ifname}) || true ## still thinking how to do this cleaner ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true ## still thinking how to do this cleaner
if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
ifmtu=$(dig_txt mtu.${ifname}) ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME})
local=$(dig_txt local.${ifname}) local=$(dig_txt local.${ifname}.${HOSTNAME})
remote=$(dig_txt remote.${ifname}) remote=$(dig_txt remote.${ifname}.${HOSTNAME})
## build FRR interface config to enable ND adv for ipv6 unmanaged ## build FRR interface config to enable ND adv for ipv6 unmanaged
FRR_IFS="$FRR_IFS\ninterface $ifname" FRR_IFS="$FRR_IFS\ninterface $ifname"
@ -103,7 +104,7 @@ case "$1" in
## build FRR neightbor interfaces ## build FRR neightbor interfaces
FRR_NEIGH="$FRR_NEIGH\n neighbor $ifname interface peer-group GRE" FRR_NEIGH=" !!! neighbor $ifname interface peer-group GRE\n$FRR_NEIGH"
## build regular linux network interface config ## build regular linux network interface config
@ -122,7 +123,7 @@ case "$1" in
## physical interfaces ## physical interfaces
ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}) || continue ## skip undefined interfaces ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue ## skip undefined interfaces
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
@ -130,33 +131,18 @@ case "$1" in
if [[ $ifname = up? ]]; then if [[ $ifname = up? ]]; then
ipv4=$(dig_txt ipv4.$ifname) ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME})
ipv6=$(dig_txt ipv6.$ifname) ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME})
peerv4=$(dig_txt peerv4.$ifname) || true ## we don't know if we will always have both available peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
peerv6=$(dig_txt peerv6.$ifname) || true ## we don't know if we will always have both available peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true ## we dont know if we will always have both available
## if this code gets executed even once we have a upX interface, meaning we're dealing with an edge box
FRR_IPV4_EDGE_EXTRA=" neighbor fabric default-originate" ## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n neighbor fabric route-map FABRICv4-OUT out"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 168.245.146.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.210.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.211.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.212.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.213.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.214.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.215.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.216.0/24"
FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n aggregate-address 170.199.217.0/24"
FRR_IPV6_EDGE_EXTRA=" neighbor fabric default-originate" [ -z $peerv4 ] || FRR_NEIGH=" !!! neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH"
FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n neighbor fabric route-map FABRICv6-OUT out" [ -z $peerv6 ] || FRR_NEIGH=" !!! neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH"
FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n aggregate-address 2604:bbc0::/32"
[ -z $peerv4 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv4 peer-group eBGPv4"
[ -z $peerv6 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv6 peer-group eBGPv6"
cat <<-EOF >>$IFCONFIG cat <<-EOF >>$IFCONFIG
@ -217,6 +203,30 @@ case "$1" in
## STOP nic config compile ## STOP nic config compile
## START compiling frr config
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}"
FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1
done
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
TEMPAGGS="\n !!! aggregate-address ${TEMP}"
FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="\n!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}"
FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
let i+=1
done
## STOP compiling frr config
## START writing config files ## START writing config files
@ -226,7 +236,10 @@ case "$1" in
sed -i \ sed -i \
-e "s/^!!! FRR_IFS/$FRR_IFS/" \ -e "s/^!!! FRR_IFS/$FRR_IFS/" \
-e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \ -e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/" \
-e "s/^!!! FRR_IPV4_EDGE_EXTRA/$FRR_IPV4_EDGE_EXTRA/" \ -e "s/^ !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^ !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/" \
-e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/" \
-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \ -e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/" \
-e "s/FRRROUTERID/${LOOPBACKv4}/" \ -e "s/FRRROUTERID/${LOOPBACKv4}/" \
-e "s/NODEASN/${NODEASN}/" \ -e "s/NODEASN/${NODEASN}/" \

141
files/frr.conf.wit
View File

@ -43,18 +43,8 @@ router bgp NODEASN
redistribute connected route-map LOCALNETSv4 redistribute connected route-map LOCALNETSv4
neighbor fabric activate neighbor fabric activate
neighbor fabric soft-reconfiguration inbound neighbor fabric soft-reconfiguration inbound
!!! FRR_IPV4_EDGE_EXTRA
!!! neighbor fabric default-originate !!! neighbor fabric default-originate
!!! neighbor fabric route-map FABRICv4-OUT out !!! neighbor fabric route-map FABRICv6-OUT out
!!! aggregate-address 168.245.146.0/24
!!! aggregate-address 170.199.210.0/24
!!! aggregate-address 170.199.211.0/24
!!! aggregate-address 170.199.212.0/24
!!! aggregate-address 170.199.213.0/24
!!! aggregate-address 170.199.214.0/24
!!! aggregate-address 170.199.215.0/24
!!! aggregate-address 170.199.216.0/24
!!! aggregate-address 170.199.217.0/24
!!! neighbor GRE activate !!! neighbor GRE activate
!!! neighbor GRE default-originate !!! neighbor GRE default-originate
!!! neighbor GRE soft-reconfiguration inbound !!! neighbor GRE soft-reconfiguration inbound
@ -70,6 +60,7 @@ router bgp NODEASN
!!! neighbor iBGP activate !!! neighbor iBGP activate
!!! neighbor iBGP next-hop-self !!! neighbor iBGP next-hop-self
!!! neighbor iBGP soft-reconfiguration inbound !!! neighbor iBGP soft-reconfiguration inbound
!!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS
exit-address-family exit-address-family
! !
address-family ipv6 unicast address-family ipv6 unicast
@ -77,10 +68,8 @@ router bgp NODEASN
redistribute connected route-map LOCALNETSv6 redistribute connected route-map LOCALNETSv6
neighbor fabric activate neighbor fabric activate
neighbor fabric soft-reconfiguration inbound neighbor fabric soft-reconfiguration inbound
!!! FRR_IPV6_EDGE_EXTRA
!!! neighbor fabric default-originate !!! neighbor fabric default-originate
!!! neighbor fabric route-map FABRICv6-OUT out !!! neighbor fabric route-map FABRICv6-OUT out
!!! aggregate-address 2604:bbc0::/32
!!! neighbor GRE activate !!! neighbor GRE activate
!!! neighbor GRE default-originate !!! neighbor GRE default-originate
!!! neighbor GRE soft-reconfiguration inbound !!! neighbor GRE soft-reconfiguration inbound
@ -94,6 +83,7 @@ router bgp NODEASN
!!! neighbor iBGP activate !!! neighbor iBGP activate
!!! neighbor iBGP next-hop-self !!! neighbor iBGP next-hop-self
!!! neighbor iBGP soft-reconfiguration inbound !!! neighbor iBGP soft-reconfiguration inbound
!!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS
exit-address-family exit-address-family
! !
address-family l2vpn evpn address-family l2vpn evpn
@ -103,25 +93,33 @@ router bgp NODEASN
advertise-all-vni advertise-all-vni
exit-address-family exit-address-family
! !
ip prefix-list LOOPBACK seq 5 permit 10.1.0.0/16 ge 32
ip prefix-list WIT-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25 ip prefix-list LOOPBACKv4 seq 5 permit 10.1.0.0/16 ge 32
ip prefix-list WIT-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25 ip prefix-list WITv4-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32 ip prefix-list WITv4-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST
!!! ip prefix-list WITv4-SUMMARIES seq 15 permit 170.199.211.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 20 permit 170.199.212.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 25 permit 170.199.213.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 30 permit 170.199.214.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 35 permit 170.199.215.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 40 permit 170.199.216.0/24
!!! ip prefix-list WITv4-SUMMARIES seq 45 permit 170.199.217.0/24
!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 !!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!!! ip prefix-list WITV4-EXACT seq 15 permit 170.199.211.0/24 !!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
!!! ip prefix-list WITV4-EXACT seq 20 permit 170.199.212.0/24
!!! ip prefix-list WITV4-EXACT seq 25 permit 170.199.213.0/24
!!! ip prefix-list WITV4-EXACT seq 30 permit 170.199.214.0/24
!!! ip prefix-list WITV4-EXACT seq 35 permit 170.199.215.0/24
!!! ip prefix-list WITV4-EXACT seq 40 permit 170.199.216.0/24
!!! ip prefix-list WITV4-EXACT seq 45 permit 170.199.217.0/24
!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32 !!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
@ -131,39 +129,52 @@ ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32 !!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32 !!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
! !
ipv6 prefix-list LOOPBACK seq 5 permit 2604:bbc0:0:100::/56 ge 128
ipv6 prefix-list WIT-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
ipv6 prefix-list WIT-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
ipv6 prefix-list WIT-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64 ipv6 prefix-list LOOPBACKv6 seq 5 permit 2604:bbc0:0:100::/56 ge 128
!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST
!!! ipv6 prefix-list WITv6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
!!! ipv6 prefix-list WITv6-INTERNAL seq 10 permit 2604:bbc0::/48 ge 48
ipv6 prefix-list WITv6-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
ipv6 prefix-list WITv6-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
ipv6 prefix-list WITv6-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0 !!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 5 deny 3ffe::/16 le 128 !!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 10 deny 2001:db8::/32 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 15 permit 2001::/32 !!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 20 deny 2001::/32 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 25 permit 2002::/16 !!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 30 deny 2002::/16 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 35 deny ::/8 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 40 deny fe00::/9 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 45 deny ff00::/8 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 50 permit 2000::/3 le 48 !!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128
!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 55 deny ::/0 le 128 !!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48
!!! ipv6 prefix-list WITV6 seq 10 permit 2604:bbc0::/32 ge 48 !!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128
!!! ipv6 prefix-list WITV6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
!
route-map EIPv4 permit 5 route-map EIPv4 permit 5
match ip address prefix-list WIT-CUSTOMERS match ip address prefix-list WITv4-CUSTOMERS
! !
route-map EIPv6 permit 5 route-map EIPv6 permit 5
match ipv6 address prefix-list WIT-CUSTOMERS match ipv6 address prefix-list WITv6-CUSTOMERS
! !
route-map LOCALNETSv4 permit 5 route-map LOCALNETSv4 permit 5
description "permit loopback ips" description "permit loopback ips"
match ip address prefix-list LOOPBACK match ip address prefix-list LOOPBACKv4
! !
route-map LOCALNETSv6 permit 5 route-map LOCALNETSv6 permit 5
description "permit ipv6 loopback ips" description "permit ipv6 loopback ips"
match ipv6 address prefix-list LOOPBACK match ipv6 address prefix-list LOOPBACKv6
! !
@ -177,25 +188,21 @@ route-map LOCALNETSv6 permit 5
!!! ! !!! !
!!! route-map eBGPv4-OUT deny 5 !!! route-map eBGPv4-OUT permit 5
!!! description "deny advertising private IP space"
!!! match ip address prefix-list rfc1918
!!! !
!!! route-map eBGPv4-OUT permit 10
!!! description "match IP block owned by WIT" !!! description "match IP block owned by WIT"
!!! match ip address prefix-list WITV4-EXACT !!! match ip address prefix-list WITv4-SUMMARIES
!!! ! !!! !
!!! route-map eBGPv6-IN permit 5 !!! route-map eBGPv6-IN permit 5
!!! description "Accept all routes advertised to us" !!! description "Accept all routes advertised to us"
!!! match ipv6 address prefix-list IPV6-EBGP-RELAXED !!! match ipv6 address prefix-list eBGPv6-RELAXED
!!! ! !!! !
!!! route-map eBGPv6-OUT permit 5 !!! route-map eBGPv6-OUT permit 5
!!! description "match IP block owned by WIT" !!! description "match IP block owned by WIT"
!!! match ipv6 address prefix-list WITV6-SUMMARIES !!! match ipv6 address prefix-list WITv6-SUMMARIES
!!! ! !!! !
@ -205,7 +212,7 @@ route-map LOCALNETSv6 permit 5
!!! ! !!! !
!!! route-map FABRICv4-OUT permit 10 !!! route-map FABRICv4-OUT permit 10
!!! description "allow loopback IPs" !!! description "allow loopback IPs"
!!! match ip address prefix-list LOOPBACK !!! match ip address prefix-list LOOPBACKv4
!!! ! !!! !
!!! route-map FABRICv4-OUT permit 15 !!! route-map FABRICv4-OUT permit 15
!!! description "allow WIT public IPs" !!! description "allow WIT public IPs"
@ -218,12 +225,12 @@ route-map LOCALNETSv6 permit 5
!!! match ipv6 address prefix-list DEFAULT !!! match ipv6 address prefix-list DEFAULT
!!! ! !!! !
!!! route-map FABRICv6-OUT permit 10 !!! route-map FABRICv6-OUT permit 10
!!! description "allow loopback IPs" !!! description "allow WIT internal IPs"
!!! match ipv6 address prefix-list LOOPBACK !!! match ipv6 address prefix-list WITv6-INTERNAL
!!! ! !!! !
!!! route-map FABRICv6-OUT permit 15 !!! route-map FABRICv6-OUT permit 15
!!! description "allow WIT public IPs" !!! description "allow WIT customer IPs"
!!! match ipv6 address prefix-list WITV6 !!! match ipv6 address prefix-list WITv6-CUSTOMERS
!!! ! !!! !