more work ... .still ways to go,... just taking a backup...

2018-10-18 22:12:43 +02:00 · 2018-10-18 22:12:43 +02:00 · cfdc1cd3a9
parent 0e9142c15e
commit cfdc1cd3a9
2 changed files with 169 additions and 149 deletions
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@ -17,8 +17,6 @@ set -xe
 # for details, see https://www.debian.org/doc/debian-policy/ or
 # the debian-policy package

-HOSTNAME=edge2.usw2.admin.wit.com
-
 case "$1" in
    configure)

@ -27,6 +25,8 @@ case "$1" in
        UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
 	FRRCONFIG="/etc/frr/frr.conf.wit"

+
+        HOSTNAME=edge2.usw2.admin.wit.com
        IFCONFIG="/tmp/interfaces"
        UDEVCONFIG="/tmp/70-persistent-net.rules"
        FRRCONFIG="/tmp/frr.conf.wit"
@ -36,15 +36,17 @@ case "$1" in
     ## START gather all the info from the box and generate the variabels

        dig_txt() {
-            TMPDIG=$(dig txt +short $1.${HOSTNAME})
+            TMPDIG=$(dig txt +short $1)
            [ -z $TMPDIG ] && exit 2
-            echo ${TMPDIG//\"/}
+            TMPDIG=${TMPDIG//\//\\\/}
+            TMPDIG=${TMPDIG//\"/}   #" fix the god damn syntax highlighter
+            echo ${TMPDIG}
        }


        LOOPBACKv4=$(dig a +short ${HOSTNAME})
        LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
-        NODEASN=$(dig_txt asn)
+        NODEASN=$(dig_txt asn.${HOSTNAME})

        if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
            echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
@ -84,16 +86,15 @@ case "$1" in

      # gathering defined interfaces
 	FRR_IFS="!"
-	FRR_NEIGH="!"
        for if in mgmt feth up ibgp gre;   do
          for i in {1..2};    do		#### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
            ifname=${if}${i}
-            ifalias=$(dig_txt name.${ifname}) || true  ## still thinking how to do this cleaner
+            ifalias=$(dig_txt name.${ifname}.${HOSTNAME}) || true  ## still thinking how to do this cleaner

            if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
-		ifmtu=$(dig_txt mtu.${ifname})
-		local=$(dig_txt local.${ifname})
-		remote=$(dig_txt remote.${ifname})
+		ifmtu=$(dig_txt mtu.${ifname}.${HOSTNAME})
+		local=$(dig_txt local.${ifname}.${HOSTNAME})
+		remote=$(dig_txt remote.${ifname}.${HOSTNAME})

 		## build FRR interface config to enable ND adv for ipv6 unmanaged
 		FRR_IFS="$FRR_IFS\ninterface $ifname"
@ -103,7 +104,7 @@ case "$1" in


 		## build FRR neightbor interfaces
-		FRR_NEIGH="$FRR_NEIGH\n neighbor $ifname interface peer-group GRE"
+		FRR_NEIGH=" !!!  neighbor $ifname interface peer-group GRE\n$FRR_NEIGH"


 		## build regular linux network interface config
@ -122,7 +123,7 @@ case "$1" in


            ## physical interfaces
-            ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}) || continue      ## skip undefined interfaces
+            ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}.${HOSTNAME}) || continue      ## skip undefined interfaces


            echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG
@ -130,33 +131,18 @@ case "$1" in

            if [[ $ifname = up? ]]; then

-		ipv4=$(dig_txt ipv4.$ifname)
-		ipv6=$(dig_txt ipv6.$ifname)
-		peerv4=$(dig_txt peerv4.$ifname) || true  ## we don't know if we will always have both available
-		peerv6=$(dig_txt peerv6.$ifname) || true  ## we don't know if we will always have both available
+		ipv4=$(dig_txt ipv4.$ifname.${HOSTNAME})
+		ipv6=$(dig_txt ipv6.$ifname.${HOSTNAME})
+		peerv4=$(dig_txt peerv4.$ifname.${HOSTNAME}) || true  ## we dont know if we will always have both available
+		peerv6=$(dig_txt peerv6.$ifname.${HOSTNAME}) || true  ## we dont know if we will always have both available

-		## if this code gets executed even once we have a upX interface, meaning we're dealing with an edge box
-		FRR_IPV4_EDGE_EXTRA="  neighbor fabric default-originate"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  neighbor fabric route-map FABRICv4-OUT out"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 168.245.146.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.210.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.211.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.212.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.213.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.214.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.215.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.216.0/24"
-		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.217.0/24"
+
+		## if this code gets executed even once we have a upX interface, meaning were dealing with an edge box



-		FRR_IPV6_EDGE_EXTRA="  neighbor fabric default-originate"
-		FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n  neighbor fabric route-map FABRICv6-OUT out"
-		FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n  aggregate-address 2604:bbc0::/32"
-
-
-		[ -z $peerv4 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv4 peer-group eBGPv4"
-		[ -z $peerv6 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv6 peer-group eBGPv6"
+		[ -z $peerv4 ] || FRR_NEIGH=" !!!  neighbor $peerv4 peer-group eBGPv4\n$FRR_NEIGH"
+		[ -z $peerv6 ] || FRR_NEIGH=" !!!  neighbor $peerv6 peer-group eBGPv6\n$FRR_NEIGH"


 		cat <<-EOF >>$IFCONFIG
@ -217,6 +203,30 @@ case "$1" in
     ## STOP nic config compile


+     ## START compiling frr config
+
+            i=1
+            while true; do 
+                TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
+		TEMPAGGS="\n  !!!  aggregate-address ${TEMP}"
+                FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
+		TEMPSUM="\n!!!  ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}" 
+                FRR_IPV4_EDGE_SUMMARIES_PFLIST="${FRR_IPV4_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
+                let i+=1
+            done
+
+            i=1
+            while true; do 
+                TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
+		TEMPAGGS="\n  !!!  aggregate-address ${TEMP}"
+                FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
+		TEMPSUM="\n!!!  ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}" 
+                FRR_IPV6_EDGE_SUMMARIES_PFLIST="${FRR_IPV6_EDGE_SUMMARIES_PFLIST}${TEMPSUM}"
+                let i+=1
+            done
+
+
+     ## STOP compiling frr config


     ## START writing config files
@ -225,8 +235,11 @@ case "$1" in
      # set frr config
 	sed -i \
 		-e "s/^!!! FRR_IFS/$FRR_IFS/" \
-		-e "s/^!!! FRR_NEIGH/$FRR_NEIGH/"  \
-		-e "s/^!!! FRR_IPV4_EDGE_EXTRA/$FRR_IPV4_EDGE_EXTRA/"  \
+		-e "s/^ !!! FRR_NEIGH/$FRR_NEIGH/"  \
+		-e "s/^  !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/"  \
+		-e "s/^  !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV6_EDGE_SUMMARIES_AGGREGATS/"  \
+		-e "s/^!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST/$FRR_IPV4_EDGE_SUMMARIES_PFLIST/"  \
+		-e "s/^!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST/$FRR_IPV6_EDGE_SUMMARIES_PFLIST/"  \
 		-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/"  \
 		-e "s/FRRROUTERID/${LOOPBACKv4}/" \
 		-e "s/NODEASN/${NODEASN}/"  \
--- a/files/frr.conf.wit
+++ b/files/frr.conf.wit
@ -25,51 +25,42 @@ router bgp NODEASN
 neighbor fabric remote-as external
 neighbor feth1 interface peer-group fabric
 neighbor feth2 interface peer-group fabric
-!!!  neighbor GRE peer-group
-!!!  neighbor GRE remote-as external
-!!!  neighbor GRE local-as NODEDEFAULTASN
-!!!  neighbor GRE password wIt2Go
-!!!  neighbor GRE ebgp-multihop 255
-!!!  neighbor eBGPv4 peer-group
-!!!  neighbor eBGPv4 remote-as external
-!!!  neighbor eBGPv6 peer-group
-!!!  neighbor eBGPv6 remote-as external
-!!!  neighbor iBGP peer-group
-!!!  neighbor iBGP remote-as internal
-!!! FRR_NEIGH
+ !!!  neighbor GRE peer-group
+ !!!  neighbor GRE remote-as external
+ !!!  neighbor GRE local-as NODEDEFAULTASN
+ !!!  neighbor GRE password wIt2Go
+ !!!  neighbor GRE ebgp-multihop 255
+ !!!  neighbor eBGPv4 peer-group
+ !!!  neighbor eBGPv4 remote-as external
+ !!!  neighbor eBGPv6 peer-group
+ !!!  neighbor eBGPv6 remote-as external
+ !!!  neighbor iBGP peer-group
+ !!!  neighbor iBGP remote-as internal
+ !!! FRR_NEIGH
 !
 address-family ipv4 unicast
  redistribute kernel route-map EIPv4
  redistribute connected route-map LOCALNETSv4
  neighbor fabric activate
  neighbor fabric soft-reconfiguration inbound
-!!! FRR_IPV4_EDGE_EXTRA
-!!!   neighbor fabric default-originate
-!!!   neighbor fabric route-map FABRICv4-OUT out
-!!!   aggregate-address 168.245.146.0/24
-!!!   aggregate-address 170.199.210.0/24
-!!!   aggregate-address 170.199.211.0/24
-!!!   aggregate-address 170.199.212.0/24
-!!!   aggregate-address 170.199.213.0/24
-!!!   aggregate-address 170.199.214.0/24
-!!!   aggregate-address 170.199.215.0/24
-!!!   aggregate-address 170.199.216.0/24
-!!!   aggregate-address 170.199.217.0/24
-!!!   neighbor GRE activate
-!!!   neighbor GRE default-originate
-!!!   neighbor GRE soft-reconfiguration inbound
-!!!   neighbor GRE allowas-in 1
-!!!   neighbor GRE route-map GREv4-IN in
-!!!   neighbor GRE route-map FABRICv4-OUT out
-!!!   neighbor eBGPv4 activate
-!!!   neighbor eBGPv4 next-hop-self
-!!!   neighbor eBGPv4 remove-private-AS
-!!!   neighbor eBGPv4 soft-reconfiguration inbound
-!!!   neighbor eBGPv4 route-map eBGPv4-IN in
-!!!   neighbor eBGPv4 route-map eBGPv4-OUT out
-!!!   neighbor iBGP activate
-!!!   neighbor iBGP next-hop-self
-!!!   neighbor iBGP soft-reconfiguration inbound
+  !!!  neighbor fabric default-originate
+  !!!  neighbor fabric route-map FABRICv6-OUT out
+  !!!  neighbor GRE activate
+  !!!  neighbor GRE default-originate
+  !!!  neighbor GRE soft-reconfiguration inbound
+  !!!  neighbor GRE allowas-in 1
+  !!!  neighbor GRE route-map GREv4-IN in
+  !!!  neighbor GRE route-map FABRICv4-OUT out
+  !!!  neighbor eBGPv4 activate
+  !!!  neighbor eBGPv4 next-hop-self
+  !!!  neighbor eBGPv4 remove-private-AS
+  !!!  neighbor eBGPv4 soft-reconfiguration inbound
+  !!!  neighbor eBGPv4 route-map eBGPv4-IN in
+  !!!  neighbor eBGPv4 route-map eBGPv4-OUT out
+  !!!  neighbor iBGP activate
+  !!!  neighbor iBGP next-hop-self
+  !!!  neighbor iBGP soft-reconfiguration inbound
+  !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS
 exit-address-family
 !
 address-family ipv6 unicast
@ -77,51 +68,58 @@ router bgp NODEASN
  redistribute connected route-map LOCALNETSv6
  neighbor fabric activate
  neighbor fabric soft-reconfiguration inbound
-!!! FRR_IPV6_EDGE_EXTRA
-!!!   neighbor fabric default-originate
-!!!   neighbor fabric route-map FABRICv6-OUT out
-!!!   aggregate-address 2604:bbc0::/32
-!!!   neighbor GRE activate
-!!!   neighbor GRE default-originate
-!!!   neighbor GRE soft-reconfiguration inbound
-!!!   neighbor GRE allowas-in 1
-!!!   neighbor GRE route-map GREv6-IN in
-!!!   neighbor GRE route-map FABRICv6-OUT out
-!!!   neighbor eBGPv6 activate
-!!!   neighbor eBGPv6 soft-reconfiguration inbound
-!!!   neighbor eBGPv6 route-map eBGPv6-IN in
-!!!   neighbor eBGPv6 route-map eBGPv6-OUT out
-!!!   neighbor iBGP activate
-!!!   neighbor iBGP next-hop-self
-!!!   neighbor iBGP soft-reconfiguration inbound
+  !!!  neighbor fabric default-originate
+  !!!  neighbor fabric route-map FABRICv6-OUT out
+  !!!  neighbor GRE activate
+  !!!  neighbor GRE default-originate
+  !!!  neighbor GRE soft-reconfiguration inbound
+  !!!  neighbor GRE allowas-in 1
+  !!!  neighbor GRE route-map GREv6-IN in
+  !!!  neighbor GRE route-map FABRICv6-OUT out
+  !!!  neighbor eBGPv6 activate
+  !!!  neighbor eBGPv6 soft-reconfiguration inbound
+  !!!  neighbor eBGPv6 route-map eBGPv6-IN in
+  !!!  neighbor eBGPv6 route-map eBGPv6-OUT out
+  !!!  neighbor iBGP activate
+  !!!  neighbor iBGP next-hop-self
+  !!!  neighbor iBGP soft-reconfiguration inbound
+  !!! FRR_IPV6_EDGE_SUMMARIES_AGGREGATS
 exit-address-family
 !
 address-family l2vpn evpn
-!!!   neighbor GRE activate
-!!!   neighbor GRE allowas-in 1
+  !!!  neighbor GRE activate
+  !!!  neighbor GRE allowas-in 1
  neighbor fabric activate
  advertise-all-vni
 exit-address-family
 !
-ip prefix-list LOOPBACK seq 5 permit 10.1.0.0/16 ge 32
-ip prefix-list WIT-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
-ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
-!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
+
+ip prefix-list LOOPBACKv4 seq 5 permit 10.1.0.0/16 ge 32
+
+ip prefix-list WITv4-CUSTOMERS seq 5 permit 168.245.146.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 10 permit 170.199.210.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 15 permit 170.199.211.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 20 permit 170.199.212.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 25 permit 170.199.213.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 30 permit 170.199.214.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 35 permit 170.199.215.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 40 permit 170.199.216.0/24 ge 25
+ip prefix-list WITv4-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
+
+
+!!! FRR_IPV4_EDGE_SUMMARIES_PFLIST
+
+!!! ip prefix-list WITv4-SUMMARIES seq 15 permit 170.199.211.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 20 permit 170.199.212.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 25 permit 170.199.213.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 30 permit 170.199.214.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 35 permit 170.199.215.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 40 permit 170.199.216.0/24
+!!! ip prefix-list WITv4-SUMMARIES seq 45 permit 170.199.217.0/24
+
+
 !!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
-!!! ip prefix-list WITV4-EXACT seq 15 permit 170.199.211.0/24
-!!! ip prefix-list WITV4-EXACT seq 20 permit 170.199.212.0/24
-!!! ip prefix-list WITV4-EXACT seq 25 permit 170.199.213.0/24
-!!! ip prefix-list WITV4-EXACT seq 30 permit 170.199.214.0/24
-!!! ip prefix-list WITV4-EXACT seq 35 permit 170.199.215.0/24
-!!! ip prefix-list WITV4-EXACT seq 40 permit 170.199.216.0/24
-!!! ip prefix-list WITV4-EXACT seq 45 permit 170.199.217.0/24
+!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
 !!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
 !!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
 !!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
@ -131,39 +129,52 @@ ip prefix-list WIT-CUSTOMERS seq 45 permit 170.199.217.0/24 ge 25
 !!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
 !!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
 !
-ipv6 prefix-list LOOPBACK seq 5 permit 2604:bbc0:0:100::/56 ge 128
-ipv6 prefix-list WIT-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
-ipv6 prefix-list WIT-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
-ipv6 prefix-list WIT-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64
-!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
+
+
+
+ipv6 prefix-list LOOPBACKv6 seq 5 permit 2604:bbc0:0:100::/56 ge 128
+
+!!! FRR_IPV6_EDGE_SUMMARIES_PFLIST
+!!! ipv6 prefix-list WITv6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
+
+!!! ipv6 prefix-list WITv6-INTERNAL seq 10 permit 2604:bbc0::/48 ge 48
+
+
+ipv6 prefix-list WITv6-CUSTOMERS seq 10 permit 2604:bbc0:1::/48 ge 64
+ipv6 prefix-list WITv6-CUSTOMERS seq 20 permit 2604:bbc0:2::/48 ge 64
+ipv6 prefix-list WITv6-CUSTOMERS seq 30 permit 2604:bbc0:3::/48 ge 64
+
+
 !!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 5 deny 3ffe::/16 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 10 deny 2001:db8::/32 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 15 permit 2001::/32
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 20 deny 2001::/32 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 25 permit 2002::/16
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 30 deny 2002::/16 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 35 deny ::/8 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 40 deny fe00::/9 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 45 deny ff00::/8 le 128
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 50 permit 2000::/3 le 48
-!!! ipv6 prefix-list IPV6-EBGP-RELAXED seq 55 deny ::/0 le 128
-!!! ipv6 prefix-list WITV6 seq 10 permit 2604:bbc0::/32 ge 48
-!!! ipv6 prefix-list WITV6-SUMMARIES seq 10 permit 2604:bbc0::/32 le 44
-!
+!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 20 deny 2001::/32 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 25 permit 2002::/16
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 30 deny 2002::/16 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 35 deny ::/8 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 40 deny fe00::/9 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 45 deny ff00::/8 le 128
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 50 permit 2000::/3 le 48
+!!! ipv6 prefix-list eBGPv6-RELAXED seq 55 deny ::/0 le 128
+
+
+
 route-map EIPv4 permit 5
- match ip address prefix-list WIT-CUSTOMERS
+ match ip address prefix-list WITv4-CUSTOMERS
 !
 route-map EIPv6 permit 5
- match ipv6 address prefix-list WIT-CUSTOMERS
+ match ipv6 address prefix-list WITv6-CUSTOMERS
 !
+
 route-map LOCALNETSv4 permit 5
 description "permit loopback ips"
- match ip address prefix-list LOOPBACK
+ match ip address prefix-list LOOPBACKv4
 !
 route-map LOCALNETSv6 permit 5
 description "permit ipv6 loopback ips"
- match ipv6 address prefix-list LOOPBACK
+ match ipv6 address prefix-list LOOPBACKv6
 !


@ -177,25 +188,21 @@ route-map LOCALNETSv6 permit 5
 !!! !


-!!! route-map eBGPv4-OUT deny 5
-!!!  description "deny advertising private IP space"
-!!!  match ip address prefix-list rfc1918
-!!! !
-!!! route-map eBGPv4-OUT permit 10
+!!! route-map eBGPv4-OUT permit 5
 !!!  description "match IP block owned by WIT"
-!!!  match ip address prefix-list WITV4-EXACT
+!!!  match ip address prefix-list WITv4-SUMMARIES
 !!! !


 !!! route-map eBGPv6-IN permit 5
 !!!  description "Accept all routes advertised to us"
-!!!  match ipv6 address prefix-list IPV6-EBGP-RELAXED
+!!!  match ipv6 address prefix-list eBGPv6-RELAXED
 !!! !


 !!! route-map eBGPv6-OUT permit 5
 !!!  description "match IP block owned by WIT"
-!!!  match ipv6 address prefix-list WITV6-SUMMARIES
+!!!  match ipv6 address prefix-list WITv6-SUMMARIES
 !!! !


@ -205,7 +212,7 @@ route-map LOCALNETSv6 permit 5
 !!! !
 !!! route-map FABRICv4-OUT permit 10
 !!!  description "allow loopback IPs"
-!!!  match ip address prefix-list LOOPBACK
+!!!  match ip address prefix-list LOOPBACKv4
 !!! !
 !!! route-map FABRICv4-OUT permit 15
 !!!  description "allow WIT public IPs"
@ -218,12 +225,12 @@ route-map LOCALNETSv6 permit 5
 !!!  match ipv6 address prefix-list DEFAULT
 !!! !
 !!! route-map FABRICv6-OUT permit 10
-!!!  description "allow loopback IPs"
-!!!  match ipv6 address prefix-list LOOPBACK
+!!!  description "allow WIT internal IPs"
+!!!  match ipv6 address prefix-list WITv6-INTERNAL
 !!! !
 !!! route-map FABRICv6-OUT permit 15
-!!!  description "allow WIT public IPs"
-!!!  match ipv6 address prefix-list WITV6
+!!!  description "allow WIT customer IPs"
+!!!  match ipv6 address prefix-list WITv6-CUSTOMERS
 !!! !