From 0ceccb4746aabd4173599ebe2d76c44765fd62c1 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 01:29:38 +0100
Subject: [PATCH 01/11] split ospf/ into quagga/{zebra,ospfd}/

---
 salt-pillar/{ospf => quagga/ospfd}/gw.sls   |  0
 salt-pillar/{ospf => quagga/ospfd}/init.sls |  0
 salt-pillar/top.sls                         | 10 +++----
 salt/ospf/init.sls                          | 31 ---------------------
 salt/quagga/ospfd/init.sls                  | 28 +++++++++++++++++++
 salt/{ospf => quagga/ospfd}/ospfd.conf      |  0
 salt/{ospf => quagga/ospfd}/ospfd.service   |  0
 salt/{ospf => quagga/zebra}/zebra.conf      |  0
 salt/{ospf => quagga/zebra}/zebra.service   |  0
 salt/top.sls                                | 15 ++++++----
 10 files changed, 43 insertions(+), 41 deletions(-)
 rename salt-pillar/{ospf => quagga/ospfd}/gw.sls (100%)
 rename salt-pillar/{ospf => quagga/ospfd}/init.sls (100%)
 delete mode 100644 salt/ospf/init.sls
 create mode 100644 salt/quagga/ospfd/init.sls
 rename salt/{ospf => quagga/ospfd}/ospfd.conf (100%)
 rename salt/{ospf => quagga/ospfd}/ospfd.service (100%)
 rename salt/{ospf => quagga/zebra}/zebra.conf (100%)
 rename salt/{ospf => quagga/zebra}/zebra.service (100%)

diff --git a/salt-pillar/ospf/gw.sls b/salt-pillar/quagga/ospfd/gw.sls
similarity index 100%
rename from salt-pillar/ospf/gw.sls
rename to salt-pillar/quagga/ospfd/gw.sls
diff --git a/salt-pillar/ospf/init.sls b/salt-pillar/quagga/ospfd/init.sls
similarity index 100%
rename from salt-pillar/ospf/init.sls
rename to salt-pillar/quagga/ospfd/init.sls
diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls
index 32b9d5c..5cfc5f0 100644
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@@ -3,18 +3,18 @@ base:
     - hosts
     - subnets
     - vlans
-    - ospf
+    - quagga.ospfd
   'priv*-gw':
     - dhcp
-    - ospf.gw
+    - quagga.ospfd.gw
   'pub-gw':
     - dhcp
-    - ospf.gw
+    - quagga.ospfd.gw
   'serv-gw':
     - dhcp
-    - ospf.gw
+    - quagga.ospfd.gw
   'c3d2-gw or c3d2-anon':
-    - ospf.gw
+    - quagga.ospfd.gw
   'anon1':
     - vpn.anon1
     - upstream.anon1
diff --git a/salt/ospf/init.sls b/salt/ospf/init.sls
deleted file mode 100644
index f98235e..000000000
--- a/salt/ospf/init.sls
+++ /dev/null
@@ -1,31 +0,0 @@
-quagga:
-  pkg.installed: []
-
-{%- for daemon in ['zebra', 'ospfd'] %}
-/etc/systemd/system/{{ daemon }}.service:
-  file.managed:
-    - source: salt://ospf/{{ daemon }}.service
-
-/etc/quagga/{{ daemon }}.conf:
-  file.managed:
-    - source: salt://ospf/{{ daemon }}.conf
-    - template: 'jinja'
-    - require:
-      - pkg: quagga
-
-autostart-{{ daemon }}:
-  service.enabled:
-    - name: {{ daemon }}
-      require:
-        - file: /etc/systemd/system/{{ daemon }}.service
-        - file: /etc/quagga/{{ daemon }}.conf
-
-start-{{ daemon }}:
-  service.running:
-    - name: {{ daemon }}
-      require:
-        - service: autostart-{{ daemon }}
-      watch:
-        - file: /etc/quagga/{{ daemon }}.conf
-
-{%- endfor %}
diff --git a/salt/quagga/ospfd/init.sls b/salt/quagga/ospfd/init.sls
new file mode 100644
index 000000000..960a327
--- /dev/null
+++ b/salt/quagga/ospfd/init.sls
@@ -0,0 +1,28 @@
+quagga:
+  pkg.installed: []
+
+/etc/systemd/system/ospfd.service:
+  file.managed:
+    - source: salt://quagga/ospfd/ospfd.service
+
+/etc/quagga/ospfd.conf:
+  file.managed:
+    - source: salt://quagga/ospfd/ospfd.conf
+    - template: 'jinja'
+    - require:
+      - pkg: quagga
+
+autostart-ospfd:
+  service.enabled:
+    - name: ospfd
+      require:
+        - file: /etc/systemd/system/ospfd.service
+        - file: /etc/quagga/ospfd.conf
+
+start-ospfd:
+  service.running:
+    - name: ospfd
+      require:
+        - service: autostart-ospfd
+      watch:
+        - file: /etc/quagga/ospfd.conf
diff --git a/salt/ospf/ospfd.conf b/salt/quagga/ospfd/ospfd.conf
similarity index 100%
rename from salt/ospf/ospfd.conf
rename to salt/quagga/ospfd/ospfd.conf
diff --git a/salt/ospf/ospfd.service b/salt/quagga/ospfd/ospfd.service
similarity index 100%
rename from salt/ospf/ospfd.service
rename to salt/quagga/ospfd/ospfd.service
diff --git a/salt/ospf/zebra.conf b/salt/quagga/zebra/zebra.conf
similarity index 100%
rename from salt/ospf/zebra.conf
rename to salt/quagga/zebra/zebra.conf
diff --git a/salt/ospf/zebra.service b/salt/quagga/zebra/zebra.service
similarity index 100%
rename from salt/ospf/zebra.service
rename to salt/quagga/zebra/zebra.service
diff --git a/salt/top.sls b/salt/top.sls
index 9e9805a..91b00a6 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -3,22 +3,26 @@ base:
     - salt-master
     - server1-network
     - lxc-containers
-    - ospf
+    - quagga.zebra
+    - quagga.ospfd
     - switches
     - cpe
   'priv*-gw':
     - no-ssh
     - forwarding
-    - ospf
+    - quagga.zebra
+    - quagga.ospfd
     - dhcp
   'c3d2-gw or c3d2-anon':
     - no-ssh
     - forwarding
-    - ospf
+    - quagga.zebra
+    - quagga.ospfd
   'upstream*':
     - no-ssh
     - forwarding
-    - ospf
+    - quagga.zebra
+    - quagga.ospfd
     - unbound
     - upstream.dhcp
     - upstream.shaping
@@ -32,7 +36,8 @@ base:
   'anon*':
     - no-ssh
     - forwarding
-    - ospf
+    - quagga.zebra
+    - quagga.ospfd
     - vpn.openvpn
     - upstream.masquerade
     - upstream.shaping

From 6d8306bc7ac3215937870f14c8c355a17c861403 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 03:06:29 +0100
Subject: [PATCH 02/11] ospfd: rm obsolete TODO note

---
 salt/quagga/ospfd/ospfd.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/salt/quagga/ospfd/ospfd.conf b/salt/quagga/ospfd/ospfd.conf
index dd5cae3..9cbd2cb 100644
--- a/salt/quagga/ospfd/ospfd.conf
+++ b/salt/quagga/ospfd/ospfd.conf
@@ -7,7 +7,6 @@ log file /var/log/quagga/ospfd.log
 interface {{ iface }}
     ip ospf network broadcast
     ip ospf authentication message-digest
-    ! TODO:
     ip ospf message-digest-key 1 md5 {{ pillar['ospf']['ospf_secret'] }}
 
 {%- endfor %}

From 1fb5f051607e151448440f5458117d57e2597f5c Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 03:08:18 +0100
Subject: [PATCH 03/11] internal ipv6 routing

---
 salt-pillar/hosts/init.sls             | 73 ++++++++++++++++++++++++++
 salt-pillar/lxc-containers/server1.sls | 10 ++++
 salt-pillar/subnets/init.sls           | 22 ++++++++
 salt/lxc-containers/config             | 23 +++++---
 salt/quagga/ospf6d/init.sls            | 28 ++++++++++
 salt/quagga/ospf6d/ospf6d.conf         | 25 +++++++++
 salt/quagga/ospf6d/ospf6d.service      | 11 ++++
 salt/quagga/zebra/init.sls             | 28 ++++++++++
 salt/top.sls                           | 12 +++++
 9 files changed, 226 insertions(+), 6 deletions(-)
 create mode 100644 salt/quagga/ospf6d/init.sls
 create mode 100644 salt/quagga/ospf6d/ospf6d.conf
 create mode 100644 salt/quagga/ospf6d/ospf6d.service
 create mode 100644 salt/quagga/zebra/init.sls

diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls
index fe36b9a..b900995 100644
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@@ -106,3 +106,76 @@ hosts-inet:
   c3d2:
     c3d2-anon: 172.22.99.1
     c3d2-gw: 172.22.99.4
+
+hosts-inet6:
+  core:
+    server1: fd23:42:c3d2:581::1
+
+    anon1: fd23:42:c3d2:581::9:1
+    serv-gw: fd23:42:c3d2:581::8:1
+    pub-gw: fd23:42:c3d2:581::8:2
+    c3d2-gw: fd23:42:c3d2:581::c3d2:1
+    c3d2-anon: fd23:42:c3d2:581::c3d2:a
+
+    upstream1: fd23:42:c3d2:581::b:0
+    upstream2: fd23:42:c3d2:581::b:1
+    upstream3: fd23:42:c3d2:581::b:2
+    upstream4: fd23:42:c3d2:581::b:3
+
+    priv1-gw: fd23:42:c3d2:581::c:0
+    priv2-gw: fd23:42:c3d2:581::c:1
+    priv3-gw: fd23:42:c3d2:581::c:2
+    priv4-gw: fd23:42:c3d2:581::c:3
+    priv5-gw: fd23:42:c3d2:581::c:4
+    priv6-gw: fd23:42:c3d2:581::c:5
+    priv7-gw: fd23:42:c3d2:581::c:6
+    priv8-gw: fd23:42:c3d2:581::c:7
+    priv9-gw: fd23:42:c3d2:581::c:8
+    priv10-gw: fd23:42:c3d2:581::c:9
+    priv11-gw: fd23:42:c3d2:581::c:a
+    priv12-gw: fd23:42:c3d2:581::c:b
+    priv13-gw: fd23:42:c3d2:581::c:c
+    priv14-gw: fd23:42:c3d2:581::c:d
+    priv15-gw: fd23:42:c3d2:581::c:e
+    priv16-gw: fd23:42:c3d2:581::c:d
+
+  serv:
+    serv-gw: fd23:42:c3d2:582::1
+  pub:
+    pub-gw: fd23:42:c3d2:583::1
+  priv1:
+    priv1-gw: fd23:42:c3d2:5c0::1
+  priv2:
+    priv2-gw: fd23:42:c3d2:5c1::1
+  priv3:
+    priv3-gw: fd23:42:c3d2:5c2::1
+  priv4:
+    priv4-gw: fd23:42:c3d2:5c3::1
+  priv5:
+    priv5-gw: fd23:42:c3d2:5c4::1
+  priv6:
+    priv6-gw: fd23:42:c3d2:5c5::1
+  priv7:
+    priv7-gw: fd23:42:c3d2:5c6::1
+  priv8:
+    priv8-gw: fd23:42:c3d2:5c7::1
+  priv9:
+    priv9-gw: fd23:42:c3d2:5c8::1
+  priv10:
+    priv10-gw: fd23:42:c3d2:5c9::1
+  priv11:
+    priv11-gw: fd23:42:c3d2:5ca::1
+  priv12:
+    priv12-gw: fd23:42:c3d2:5cb::1
+  priv13:
+    priv13-gw: fd23:42:c3d2:5cc::1
+  priv14:
+    priv14-gw: fd23:42:c3d2:5cd::1
+  priv15:
+    priv15-gw: fd23:42:c3d2:5ce::1
+  priv16:
+    priv16-gw: fd23:42:c3d2:5cf::1
+
+  c3d2:
+    c3d2-anon: fd23:42:c3d2:523::c3d2:1
+    c3d2-gw: fd23:42:c3d2:523::c3d2:4
diff --git a/salt-pillar/lxc-containers/server1.sls b/salt-pillar/lxc-containers/server1.sls
index 3953d7f..daf9be3 100644
--- a/salt-pillar/lxc-containers/server1.sls
+++ b/salt-pillar/lxc-containers/server1.sls
@@ -4,6 +4,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       pub:
         type: veth
 
@@ -20,6 +21,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv1:
         type: phys
 
@@ -28,6 +30,7 @@ containers:
       core:
         type: veth
         gw: upstream2
+        gw6: upstream2
       priv2:
         type: phys
 
@@ -36,6 +39,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv3:
         type: phys
 
@@ -44,6 +48,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv4:
         type: phys
 
@@ -52,6 +57,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv5:
         type: phys
 
@@ -60,6 +66,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv6:
         type: phys
 
@@ -68,6 +75,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv7:
         type: phys
 
@@ -76,6 +84,7 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       priv8:
         type: phys
 
@@ -114,5 +123,6 @@ containers:
       core:
         type: veth
         gw: anon1
+        gw6: anon1
       c3d2:
         type: veth
diff --git a/salt-pillar/subnets/init.sls b/salt-pillar/subnets/init.sls
index 0eb407b..a9981d3 100644
--- a/salt-pillar/subnets/init.sls
+++ b/salt-pillar/subnets/init.sls
@@ -20,3 +20,25 @@ subnets-inet:
   priv16: 172.20.75.224/28
   c3d2: 172.22.99.0/24
   mgmt: 10.0.0.0/24
+
+subnets-inet6:
+  core: fd23:42:c3d2:581::/64
+  serv: fd23:42:c3d2:582::/64
+  pub: fd23:42:c3d2:583::/64
+  priv1: fd23:42:c3d2:5c0::/64
+  priv2: fd23:42:c3d2:5c1::/64
+  priv3: fd23:42:c3d2:5c2::/64
+  priv4: fd23:42:c3d2:5c3::/64
+  priv5: fd23:42:c3d2:5c4::/64
+  priv6: fd23:42:c3d2:5c5::/64
+  priv7: fd23:42:c3d2:5c6::/64
+  priv8: fd23:42:c3d2:5c7::/64
+  priv9: fd23:42:c3d2:5c8::/64
+  priv10: fd23:42:c3d2:5c9::/64
+  priv11: fd23:42:c3d2:5ca::/64
+  priv12: fd23:42:c3d2:5cb::/64
+  priv13: fd23:42:c3d2:5cc::/64
+  priv14: fd23:42:c3d2:5cd::/64
+  priv15: fd23:42:c3d2:5ce::/64
+  priv16: fd23:42:c3d2:5cf::/64
+  c3d2: fd23:42:c3d2:523::/64
diff --git a/salt/lxc-containers/config b/salt/lxc-containers/config
index 36e1a49..4309f90 100644
--- a/salt/lxc-containers/config
+++ b/salt/lxc-containers/config
@@ -22,24 +22,35 @@ lxc.network.hwaddr={{ hwaddr_prefix }}:{{ n.__str__().rjust(2, '0') }}
 {%- if conf['type'] == 'veth' %}
 lxc.network.veth.pair={{ id }}-{{ net }}
 {%- endif %}
+
 {%- set hosts = pillar['hosts-inet'].get(net) %}
 {%- set inet_addr = hosts and hosts.get(id) %}
 {%- if inet_addr %}
 {%- set prefix_len = pillar['subnets-inet'][net].split('/')[1] %}
 lxc.network.ipv4={{ inet_addr }}/{{ prefix_len }}
 {%- endif %}
+{%- set gw = conf.get('gw') %}
+{%- if gw %}
+lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
+{%- endif %}
+
+{%- set hosts6 = pillar['hosts-inet6'].get(net) %}
+{%- set inet6_addr = hosts6 and hosts6.get(id) %}
+{%- if inet6_addr %}
+{%- set prefix6_len = pillar['subnets-inet6'][net].split('/')[1] %}
+lxc.network.ipv6={{ inet6_addr }}/{{ prefix6_len }}
+{%- endif %}
+{%- set gw6 = conf.get('gw6') %}
+{%- if gw6 %}
+lxc.network.ipv6.gateway={{ pillar['hosts-inet6'][net][gw] }}
+{%- endif %}
+
 {%- if conf['type'] == 'veth' %}
 lxc.network.link=br-{{ net }}
 {%- elif conf['type'] == 'phys' %}
 lxc.network.link=bond0.{{ pillar['vlans'].get(net) }}
 {%- endif %}
 lxc.network.name={{ net }}
-{%- set gw = conf.get('gw') %}
-{%- if gw %}
-lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
-{%- endif %}
-#lxc.network.ipv6=
-#lxc.network.ipv6.gateway=fe80::1
 
 {%- set n = n + 1 %}
 {%- endfor %}
diff --git a/salt/quagga/ospf6d/init.sls b/salt/quagga/ospf6d/init.sls
new file mode 100644
index 000000000..abd9010
--- /dev/null
+++ b/salt/quagga/ospf6d/init.sls
@@ -0,0 +1,28 @@
+quagga:
+  pkg.installed: []
+
+/etc/systemd/system/ospf6d.service:
+  file.managed:
+    - source: salt://quagga/ospf6d/ospf6d.service
+
+/etc/quagga/ospf6d.conf:
+  file.managed:
+    - source: salt://quagga/ospf6d/ospf6d.conf
+    - template: 'jinja'
+    - require:
+      - pkg: quagga
+
+autostart-ospf6d:
+  service.enabled:
+    - name: ospf6d
+      require:
+        - file: /etc/systemd/system/ospf6d.service
+        - file: /etc/quagga/ospf6d.conf
+
+start-ospf6d:
+  service.running:
+    - name: ospf6d
+      require:
+        - service: autostart-ospf6d
+      watch:
+        - file: /etc/quagga/ospf6d.conf
diff --git a/salt/quagga/ospf6d/ospf6d.conf b/salt/quagga/ospf6d/ospf6d.conf
new file mode 100644
index 000000000..1ba6106
--- /dev/null
+++ b/salt/quagga/ospf6d/ospf6d.conf
@@ -0,0 +1,25 @@
+log file /var/log/quagga/ospfd.log
+
+{%- set id = salt['grains.get']('id') %}
+{%- set core_ifaces = ['br-core', 'core'] %}
+
+{%- for iface in core_ifaces %}
+interface {{ iface }}
+    ipv6 ospf6 network broadcast
+
+{%- endfor %}
+
+router ospf6
+    router-id {{ pillar['hosts-inet']['core'][id] }}
+    
+{%- for iface in core_ifaces %}
+    interface {{ iface }} area 0.0.0.0
+{%- endfor %}
+    area 0.0.0.0 range {{ pillar['subnets-inet6']['core'] }}
+
+{%- set redistribute = pillar['ospf'].get('redistribute') %}
+{%- if redistribute %}
+{%-   for kind in redistribute %}
+    redistribute {{ kind }}
+{%-   endfor %}
+{%- endif %}
diff --git a/salt/quagga/ospf6d/ospf6d.service b/salt/quagga/ospf6d/ospf6d.service
new file mode 100644
index 000000000..6304684
--- /dev/null
+++ b/salt/quagga/ospf6d/ospf6d.service
@@ -0,0 +1,11 @@
+[Unit]
+Requires = zebra.service
+After = network.target
+
+[Service]
+ExecStartPre = /bin/mkdir -p /var/run/quagga
+ExecStartPre = /bin/chown -R quagga:quagga /var/run/quagga/
+ExecStart = /usr/lib/quagga/ospf6d
+
+[Install]
+WantedBy = default.target
diff --git a/salt/quagga/zebra/init.sls b/salt/quagga/zebra/init.sls
new file mode 100644
index 000000000..8d2c908
--- /dev/null
+++ b/salt/quagga/zebra/init.sls
@@ -0,0 +1,28 @@
+quagga:
+  pkg.installed: []
+
+/etc/systemd/system/zebra.service:
+  file.managed:
+    - source: salt://quagga/zebra/zebra.service
+
+/etc/quagga/zebra.conf:
+  file.managed:
+    - source: salt://quagga/zebra/zebra.conf
+    - template: 'jinja'
+    - require:
+      - pkg: quagga
+
+autostart-zebra:
+  service.enabled:
+    - name: zebra
+      require:
+        - file: /etc/systemd/system/zebra.service
+        - file: /etc/quagga/zebra.conf
+
+start-zebra:
+  service.running:
+    - name: zebra
+      require:
+        - service: autostart-zebra
+      watch:
+        - file: /etc/quagga/zebra.conf
diff --git a/salt/top.sls b/salt/top.sls
index 91b00a6..d7bd930 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -5,6 +5,7 @@ base:
     - lxc-containers
     - quagga.zebra
     - quagga.ospfd
+    - quagga.ospf6d
     - switches
     - cpe
   'priv*-gw':
@@ -12,17 +13,27 @@ base:
     - forwarding
     - quagga.zebra
     - quagga.ospfd
+    - quagga.ospf6d
+    - dhcp
+  'pub-gw or serv-gw':
+    - no-ssh
+    - forwarding
+    - quagga.zebra
+    - quagga.ospfd
+    - quagga.ospf6d
     - dhcp
   'c3d2-gw or c3d2-anon':
     - no-ssh
     - forwarding
     - quagga.zebra
     - quagga.ospfd
+    - quagga.ospf6d
   'upstream*':
     - no-ssh
     - forwarding
     - quagga.zebra
     - quagga.ospfd
+    - quagga.ospf6d
     - unbound
     - upstream.dhcp
     - upstream.shaping
@@ -38,6 +49,7 @@ base:
     - forwarding
     - quagga.zebra
     - quagga.ospfd
+    - quagga.ospf6d
     - vpn.openvpn
     - upstream.masquerade
     - upstream.shaping

From 8d51221952ac20efec4630a7fa255d50de904f2c Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 03:53:05 +0100
Subject: [PATCH 04/11] quagga.zebra: enable ipv6 nd

---
 salt/quagga/zebra/zebra.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/salt/quagga/zebra/zebra.conf b/salt/quagga/zebra/zebra.conf
index 95d8a69..8f359c5 100644
--- a/salt/quagga/zebra/zebra.conf
+++ b/salt/quagga/zebra/zebra.conf
@@ -1,2 +1,16 @@
 hostname {{ salt['grains.get']('id') }}
 log file /var/log/quagga/zebra.log
+
+{%- for iface, ips in salt['grains.get']('ip_interfaces').items() %}
+{%-   if iface not in ['br-core', 'core', 'lo', 'c3d2'] and pillar['subnets-inet6'].get(iface) %}
+{%-     set subnet6 = pillar['subnets-inet6'][iface] %}
+{%-     set prefix6_len = subnet6.split('/')[1] %}
+interface {{ iface }}
+    ipv6 address {{ pillar['hosts-inet6'][iface][salt['grains.get']('id')] }}/{{ prefix6_len }}
+    ipv6 nd prefix {{ subnet6 }}
+    ipv6 nd ra-interval 10
+    ipv6 nd ra-lifetime 60
+    ipv6 nd reachable-time 180
+    no ipv6 nd suppress-ra
+{%-   endif %}
+{%- endfor  %}

From 9e719980b97e93a80fe2d1232d496ec84b216483 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 22:07:35 +0100
Subject: [PATCH 05/11] quagga: rm dup SLS ID 'quagga'

---
 salt/quagga/ospf6d/init.sls | 3 ---
 salt/quagga/ospfd/init.sls  | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/salt/quagga/ospf6d/init.sls b/salt/quagga/ospf6d/init.sls
index abd9010..73dbe8c 100644
--- a/salt/quagga/ospf6d/init.sls
+++ b/salt/quagga/ospf6d/init.sls
@@ -1,6 +1,3 @@
-quagga:
-  pkg.installed: []
-
 /etc/systemd/system/ospf6d.service:
   file.managed:
     - source: salt://quagga/ospf6d/ospf6d.service
diff --git a/salt/quagga/ospfd/init.sls b/salt/quagga/ospfd/init.sls
index 960a327..aa4e6cd 100644
--- a/salt/quagga/ospfd/init.sls
+++ b/salt/quagga/ospfd/init.sls
@@ -1,6 +1,3 @@
-quagga:
-  pkg.installed: []
-
 /etc/systemd/system/ospfd.service:
   file.managed:
     - source: salt://quagga/ospfd/ospfd.service

From ef1bdb8c3c520b7619e6cea8d124919448436d17 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 22:07:53 +0100
Subject: [PATCH 06/11] quagga.zebra: enable forwarding

---
 salt/quagga/zebra/zebra.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/quagga/zebra/zebra.conf b/salt/quagga/zebra/zebra.conf
index 8f359c5..734bc50 100644
--- a/salt/quagga/zebra/zebra.conf
+++ b/salt/quagga/zebra/zebra.conf
@@ -14,3 +14,6 @@ interface {{ iface }}
     no ipv6 nd suppress-ra
 {%-   endif %}
 {%- endfor  %}
+
+ip forwarding
+ipv6 forwarding

From 2a072ef2bd10f949caedb8660c79ce5b7c73c6ed Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Dec 2016 23:33:19 +0100
Subject: [PATCH 07/11] doc/hello: link openwrt/lede hw lists

---
 doc/hello.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/doc/hello.md b/doc/hello.md
index 791cd09..9ceb03d 100644
--- a/doc/hello.md
+++ b/doc/hello.md
@@ -57,10 +57,11 @@ Selbstverständlich wollen wir nichts brauchbares wegwerfen. Zuerst
 würden wir uns das Gerät anschauen und uns für einen der folgenden
 Wege entscheiden:
 
-1. Entweder das Gerät wird von [OpenWRT](https://openwrt.org/)
-   oder [LEDE](https://lede-project.org/) unterstützt, dann können wir
-   das Gerät analog zu den obigen Modellen mit privatem und Gäste-WLAN
-   einrichten.
+1. Entweder das Gerät wird
+   von [OpenWRT](https://wiki.openwrt.org/toh/start)
+   oder [LEDE](https://lede-project.org/toh/views/toh_available_864)
+   unterstützt, dann können wir das Gerät analog zu den obigen
+   Modellen mit privatem und Gäste-WLAN einrichten.
    
 2. Alternativ versuchen wir einfach Kabelanschlüsse und WLAN direkt zu
    verbinden. Damit könnten wir entweder Gästenetz oder dein privates

From d0a60665483cc47e71c2e71c5baef9c5e1cbcdb4 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 20 Dec 2016 15:12:23 +0100
Subject: [PATCH 08/11] doc/hello, doc/flyer

---
 doc/flyer.svg | 318 ++++++++++++++++++++++++++++++++++++++++++++++++++
 doc/hello.md  |  38 ++++++
 2 files changed, 356 insertions(+)
 create mode 100644 doc/flyer.svg

diff --git a/doc/flyer.svg b/doc/flyer.svg
new file mode 100644
index 000000000..4c69773
--- /dev/null
+++ b/doc/flyer.svg
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="297mm"
+   height="210mm"
+   viewBox="0 0 1052.3622 744.09448"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="flyer.svg">
+  <defs
+     id="defs4" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="617.56999"
+     inkscape:cy="381.77274"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="mm"
+     inkscape:window-width="1916"
+     inkscape:window-height="1058"
+     inkscape:window-x="0"
+     inkscape:window-y="18"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-308.26772)">
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:72px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;fill:#666666;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
+       x="62.705948"
+       y="395.21933"
+       id="text4136"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4138"
+         x="62.705948"
+         y="395.21933"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:60px;font-family:Ubuntu;-inkscape-font-specification:'Ubuntu Medium';fill:#666666;">Datenvernetzung im Zentralwerk</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:72px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="1031.665"
+       y="951.81219"
+       id="text4140"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4142"
+         x="1031.665"
+         y="951.81219"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'">https://lists.c3d2.de/</tspan><tspan
+         sodipodi:role="line"
+         x="1031.665"
+         y="989.31219"
+         id="tspan4144"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'">cgi-bin/mailman/</tspan><tspan
+         sodipodi:role="line"
+         x="1031.665"
+         y="1026.8123"
+         id="tspan4146"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'">listinfo/zw</tspan></text>
+    <image
+       y="518.31494"
+       x="-15.999974"
+       id="image4250"
+       xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAOf0lEQVR4Xu2c0XbbOAxEk///6F03
+p2nlVjavOBBE17evAglgMAOQUuPP/27/PvwnAiKwi8CnApEZIvAYAQUiO0TgCQIKRHqIgAKRAyIw
+h4ATZA43V70JAgrkTQptmnMIKJA53Fz1JggokDcptGnOIaBA5nBz1ZsgoEDepNCmOYeAApnDzVVv
+goACeZNCm+YcAgpkDjdXvQkCCuRNCm2acwgokDncXPUmCCiQNym0ac4hUCKQz8/POe8nrEr+/msv
+j739aL40FrofhYvGnNjtxVKdB813z45iP/KhQDYIKZCPD4qBAhlJa0CsA8tLTZPOQclBOyWNhe5H
+gUomA8VAgdBq3OyqC3zA9V+mlJS0wJRsyZivxo/GnNhR/JJaJmsTHmz9esTyiHXHQyfIvSxPE0iV
+gp91EVrMarvq7lndyZP4krpRnJPJQHNL8miZIFUBKpDfCCSY0mNctY9kPyqkM4XpBJk4YtEuRgvs
+BKFI7dspkAf4UWCq7RRIP1ErThIzMnSCOEHueJMciWgjmiHqWwiEnoPpK9PVC1KdL51c9MhGiUpF
+Q+tRjQv1S/O97JL+SsBUdKzqfBXIxwcVPxX1SDStR6xqwpzZORTI8bdntB6vxAMFMmohO8+vIoIT
+xAnykK7do9UJ4gT5gcBbTJCOkU5fLNCBRacU3S+ZPtQHjbmjHt5Bfqh75+9Q6KShRU/2S4pEc6N5
+KJA5pJwgA9wUCCcWFbUT5IZpQix6XFmpIDRmSjeaG93PCTKHlBPECXKHQMex0Amy2ARZqXvSWOb6
+3TmrqGjo1FMgCuSLqQmxzqH63K5JHisdtWeyf4sjFu3alAjV+yUddaboR9dQXJwgD5B9RWBozJRM
+yX4KhKLMX/5QUY88O0E2CCWgKpC1vksltdyKplUgI7UefU5JSTt09XmZ5lNVzG9/FBcaH92P2lG/
+1O5MvwpkMEGouGgx9+wUSIIen1wzXhSIAhnyhnZoajd0eNDgTL8KRIEM6UgJSO2GDg8anOlXgSiQ
+IR0pAand0OFBgzP9niaQgzmWmdOLtnb87E4J2HFfo0SputcpkA3iCREU3L/zG80tr3mp0qvtJGrP
+ZKA4V9eX7ucEeYAULZx2PUKihK62UyAK5AuB1YVeTXy631ICoUGvZJdcKBPwqV/qg+63hz31sVLd
+umMpuaR3B13h7ypiUb+UvHQ/BTLHGgUygRsl797WlNDUB91PgUwU+rZEgUzgRsmrQCbAXWyJApko
+iAKZAO1Fl5QIJBnzFDf6tobuR48cycdD6oNOGooBFXB13ZL4EpxpvjPcUCAb1KoLrEB6vrUokAPv
++2e6xPcaBZKgt9Y3mSyT36udIE6QKi4t9dGyKikFokCquKRAypDcbEQvivScmeyXXBSvum/QmiT4
+daylLyqq8x3tVzJBRk6ePU8InYD6r9w3KPYdJKcNhsZMuZE0p1EsCmQwzaiQkiJRYnUQhsZCmxMV
+Jt1vROhnL1zo2q2dAlEgd7xRIPcyUiAKRIE8GS2nCaS6E9HxSI9EiR2NpfpIlGBKY662e3UMFMjE
+BKEkenVy0DwrXsLQO1x3k1AgCqRCBw/3ePUmoUAUiALxDvL5FwTeQU7Vxa/NnSAhztVnSlqQ6vfz
+VHAUrur4Er8U0+p7RDU3KAbLfwfpIEe1DwWyTz+KS2I3Q3y65rQ7CA7gkx1/kv1oZ0t80AJTH9UC
+Tvw6QSh6J9hVj1FazGoCKhAnyAny4H9xRp0rkOw3cjuETpsitaPcmLErOWLRRCh56ZGI7pcUPVlL
+C0J9JHY0lj27DpxpzZM8ZtYqkAFqlJQz4H+voT4SuyQ+BZKgd1vrBMkATIhPsU8iVCAJegokRK/n
+xw6SIBVIgp4CCdFTII8ATN40xkX5uUHJHSQJ5qojwgrgf+OWYJB0d3ohp1hVx0LjO/OCr0ASdRet
+VSAcyA4RbqNRILw2p1kqEA6tArlhRUc6hTUhIPWR2CXxVRNmpVg8Yh244F9FwMQvXbsSKVeK5e0E
+knS7jrWU0PRS2BFzMm2pGGge1fhRgSQYjGJuvYNQoOmHs2qijsB69vyqmBNyKJBxxRXIGCNkoUAQ
+TA+NqNCpqLNofq9WIEVIKpAMSAXy4EJefUxKiJqUOPFbvZbmQbsxPRpTv7Tm//Qd5CpQqd/VSUnJ
+thLJacyrTotdQd6C/Y8mdsSOEvXInn/aVpOcxpxARglNcaH70dyo38SO4kdzS2IZrT3tDtJREAXS
+86cGIxIdfa5ADtw3joK7tVcgCiThD1nrBNmgRKce7YAdl0x6DKG5EdKkNhQ/mlsaz7P1rQKhHT8B
+8Eywvvem8SWxdJAj8UHXUmFSTKnfBPvtWgUygSQt5sTWv5Z0ECHxQdcqkAcsSACkBKTgJ0TdW0vj
+S/xS/K7yQeOjNaKYUr8JLk6QED1azMRNBxESH3StAnGCJDp4uJYSMHGe+KBrFUhSodtaCjR1U10Q
++iYqOYolGFTnWx0LnbbUb3W+I16ddkkfOf5+ToFJ9kvIq0D4X3gmtaRrFciNkbTrdJC3wwclxyvG
+QmtJMVAgCuRLBwmxkolJiUrFmuRBv5sl+Y5OJh6xRgjtPK/uYtWkTAhTHYsCOXDRTohVvZYWjuqH
+xkf3S+KjJE/sqvNIYkmwGuVRMkGS5Gi3owSkY7kaVBrfqCDfz5P4knpQ/KrzqI6ZxjeyUyAjhOBz
+BbIPFBW6AnlwFHOCZMRKLssJKWHfiF420GlGRUhj3to5QWZQCy7u1F1S9IT4lJTVeVTHTOMb2ZUI
+ZOTk2fPkaEKLmZCNdmg6Cel+NLcE+wQXSugkvg4fo/gUyAihYFpQAlIiJM0kEXAi6gl4fy2huCQ+
+RmsVyAghBbKLUAd5O3yMyq9ARggpEAUywZGyJcmxgZ7T6VGHJkVjpn5pp6R+aR40Po9YFNEHdrTA
+1A3dj9pRv9SO+qV2CQE7fFBcqN0rxVxyxEoSvooctJhXxUcxpXZJHglW1X6TfGfyUCATqNEiUbuE
+RB0+JiB6uuSVYlYgE9WnBaZ2CiT77/3JXWpUfgUyQgi+xap+YUDFRe0SEU5A5ATZIkDfrpyp9Ioi
+JmSr8D/aI8GZ5kbtqgVH/SYYjPDdzelG2vjX3buDnkmUrKFFInudYZPgTHOjdgrkQIWTwh1wc7pp
+Qo7Tg7s5SHCmuVE7BXKg4knhDrg53TQhx+nBKZAviLu5dtolfY8wBae5U3moQLLfKUvwo2v/GYF0
+vNWhaqGx0P0S8XcUmPqgeST7JT5o3c5svKdNkOrkkiLRWBTI/veIBHsF8uBcSElJ1Z8UicaiQBTI
+nxxwgiSq2KytFjrdj75Nomle1UySO0iC1QgXBTJCCD6nRaKTkO6nQPh/U4GlvDNbUiC0m1ByULJV
+kzfJgxaT+qC5JXcGGnNiR2uZ+NiuVSAbNCiJaJEoeZNiUh80NwVyj4ACUSBDfXbcS4ZB/DSgzYnu
+N7JTIApkxJHdH39LJtLQ4RMDBXIDhx4bvINwrBJCO0ESSYeETkieFD1JOeliVPzVdhTnBJdkbQem
+M/G1HrFogAk5qI/ErqOYCQY0vqsaDH0RQGtEsaL7XfYWiwZIE76qwJSAtGvTI0xiR2OhNaq268B0
+JmYnyARqHcVMmgSN76oG4wS5IUCLRDsb7Z4TfD+85KrcKAY0PgUyLn3JBBm7udaCEqGDWKuTvDo+
+2gApQzriK7+D0OSuslMgHPkOAtJ60KMYPY5yFH5bOkE2qDlB+H93p1g5QWZk2byGdixadLpfRwdM
+YumIT4E0k33GHSWRAnGC/MmvkiMWJeAMuY+u6ThDV3fFozlu7TtEXT1pKF+uqmX5JZ0mnBCBrr0K
+1KswUCDZJ4URr5wgI4TgcwVS/x8nr2p2TpAbArTzQn3gHzSj+1E7mke1gBPy0lgSHxS/kZ0TZIQQ
+fE6LDrfDZgqkvtm1TBBaOMyEHcPkA1H1WnqRpRd82j2pX5ovFXpSX+oj4UYSnwK5IUAJQwlNiUr3
+UyCJPOqmymlHrCoFP4OpmuQ0ZtoBk/0UiALJEDhhCiSEdoLwctIGw3f825LWcuTDCbJBiIJKC5zs
+5wQZUff5c4r9yEurQCixaDemR6zV7ei9ZCVcRsQ6+pwSmnKI7jeKU4FsELpKSAqEX6oVyANJ0yPH
+K9opEAXyxQGq/pWOEh2CUyAKRIH8VAE9G9Nm0iFgGsvoPP/seQcuM/G97R2ETqkZUI+u6SDg0Zhm
+7KlYE+wpVlRwozwVyMRr3hGoR5/Toh/dt9tegTxAPHn7Q4tIwad2SRejMVM7BeIdZLk7iAKh8uV2
+Hc2JNhOPWA/einUUiVOGWdKis92us+rAnmKlQEKBJMVMpk9yHKVFT3xUyyuJOcG5Ko+3vaQrkOy7
+FCWgAgk7eQJ00ikViAIh3HOCbFCi59tk9FeLei+WxAchzREbJ4gT5IsvCRHoNOvwcYT8xDaJOWlE
+JDZi0zpBSEBHbJJOmRQuWUvz6/BRTUA6gWlDqI6PYr+1UyAD1KgI6VGHFkmB7CNFcaE4j+wUiAK5
+QyAhoBPkAZmSLjtS8LPn1C+1o1OAkogSJjlKJD4SvxQr6oPmQbFPeOUR64RLdUIYSqJqH4nfJBbv
+IFXyndinGvxk+lAS0ZgTOxoLhbwjlmofNLeWCTITTMUaCirtngqEX5YTrOhaalfBpR97nHZJrwrw
+6D4KJPsmQ/GmONM7AyU+taN5jOwUyAah6qLTY03iNyEMvRh3TFuaB7UbEZ8+VyAKhHLlzi4RdUfj
+mEpqZ1GJQKqCcR8RWA0BBbJaRYxnKQQUyFLlMJjVEFAgq1XEeJZCQIEsVQ6DWQ0BBbJaRYxnKQQU
+yFLlMJjVEFAgq1XEeJZCQIEsVQ6DWQ0BBbJaRYxnKQQUyFLlMJjVEFAgq1XEeJZCQIEsVQ6DWQ0B
+BbJaRYxnKQQUyFLlMJjVEFAgq1XEeJZCQIEsVQ6DWQ0BBbJaRYxnKQT+B1YOlcY4tCXCAAAAAElF
+TkSuQmCC
+"
+       style="image-rendering:optimizeSpeed"
+       preserveAspectRatio="none"
+       height="420"
+       width="420" />
+    <image
+       y="527.31494"
+       x="655.36218"
+       id="image4315"
+       xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAANZklEQVR4Xu2b0YLbyApE7/z/R+/O
+xHsnE0eWOKiwZPnkNTQNRRXQcvLxz+ef//lHBERgEYEPBSIzROAxAgpEdojACgIKRHqIgAKRAyLQ
+Q8AJ0sPNU2+CgAJ5k0KbZg8BBdLDzVNvgoACeZNCm2YPAQXSw81Tb4KAAnmTQptmDwEF0sPNU2+C
+gAJ5k0KbZg+BlkA+Pj56tz35FP13mI/yon4epZnyT/2k6vUIh5T/aXp06qhAflSFEo8WNOWf+kkR
+WIEUK54CvHhd24x2DEo8GljKP/WTqpcCKVY8BXjxuraZArlBl6qXAilSMQV48bq2mQJRID/JQ/nw
+q7l0/sOUAulplq5Gqcd+ql5OkGLdU4UuXrdpRuOhhHl1YjwCkOaVst8s6E4Dyoe166ITpDPCdmKx
+umPTgqaIlMjpGT4oPin76dwUyB3CFBAnyA3AFOEp/gpkGgEFEkFYgWzD6Iq1jRHutAWXpzBRINtl
+UCDbGCmQ/zBKCaoA+S6T5Mr3FIHQnT/1WKYfDabjpFVPFnrpbppvSiD03qP48HWvAvmB/nThFMgN
+gWmck41FgSiQsm6dIEWoqEJfpWNMx1mE99uM4pzyP73STOOcxM0J4gQp68oJUoSKKvRVOsZ0nEV4
+nSBFoFKCXbvuLScIFQItRLG+32bU/1H2j/K6asN8269YCmT9a1Lq8zgV8lGNxQlyh4ACUSBVMbpi
+FZB6lU6YWnWcIL9JoUAUyF8IKBAFUpDFbxMnyDpcqcmFivJpTOtChf+2j3RaiGkC0MK9WzzTP1z6
+SKeKKD7qaQejhT7qs+rZBEtxow1EgSgQhIACefM3CGLLpzHtSKnPyE6Q9UrRCU6F7xukqBQF4iO9
+SJWb2TRhjtw5l+6ezpd2tneL50g+POV3EKS+hnGKMNMjm65eDSgWjxwlQHpvKl/Kh8Mf6anEp3dy
+BZLdEBTIHWNfBRDaYag9FfJ0A6F1oflS++l8k/G4Yv2olhPECXIvXgWiQP5q6LQDU3snyDQCd/5p
+gabtXbFuCNDVLkUbWt+nPdJTCab8pFYmCrj2qQpm/XQEG12xsuns96ZAnvOmOOrzNWWIAil+VbPD
+r69AKXwogaftFYgCWeRYivB0Ik8TnvpXIApEgayoRoEoEAVyBoHQ0XZVe7q6TH/+7XTIpZhSeV2h
+7q2vWFdIPJFDikipr0AKJFHVP30okB2YKpAd4L3IUQWyo1AKZAd4L3JUgewolALZAd6LHFUgOwql
+QHaA9yJHWwJJPSopRmf7oYo+iiluKf/UD/3aRutylD3l25e9Aumg9t8ZSjwFcgNOgewg3dpRCuxQ
+GN9uFcixhE+tuGs8cYLsUJECUSCL9KGrwg4O/nHUCbKO5HRHpf7PZt/hoROkg5pvkF2Niza6lH2n
+1FGB0JUj9bWkk/jSmVfpeFed4GfkjwL5oRQFst5qaCenjUuBFBGjRC263TSj907b0wm7meBOAwVS
+BJASo+j222zaPyUeJUbKnsZJcab2NK+Uf+onyR9XLFesMv8USBGqpEITj+Vi2JtmNK9peyfIZskW
+DWhd1m5pTZBe2PVTNEFqT4lHH480HvpVajqes+FTZ07eUoHsWLFSRFIgNySp8PNy+NujAlEgZZ7R
+yZhqIOUABwwViAIp00qBlKGaNaSFoPbTnY3G44rlioUUlSIY3WnpvSmhKZCLCYQSaZoAlKhIrUHj
+lGAfhUT9U9ymfweheVEedkrZeoPQwBRIr0OeDTcFUpSYAikCdWdGO7wCWW8slIedqjlBOqg1zyiQ
+HnB0clGc16JSIL2atU7RwjlBnCCLRKNEoo/NFrsDh2heCuRFBUK5QnfFlD2Nc/oryjThj/KfWoGm
+4+/wobVi0YtShKeFoHEqkHXEzlZHOpE7fFAgBdSoMKk9FWZqpaQEUyAFsnRMzgYszYESntorkBsC
+rlh3TKBEovZUCJSoKeHTe50g64/3VN1/ifaTdP8kHS75ShFJgfTeCNMCpHWh9qn4OzyPCoSOSBpw
+SsspwdLC0XtTk4LifJT9UfVdy1eB/EBnurMpkHXpKZCdrekoAOlkpEKjedF4dsL+tOMUBzphO/6d
+IE6Qpwlg66IOgRNvXlesOwToqkM7thNkSwrLf69Aerh9nzoKQAWys3DF40fV9+UmCO3AR31NKta9
+bZYSZjuA4sFUnCk/xbBLZqd8gyiQW+3OSBiy86caF/VTYn7RSIEUHulFLONmCmQd0tRK5oq185Ee
+Z37RoQJRIIsIuGK5YlV6iBOk2Pnpjko/81aKNWHjBHGCRHj1jE5CHqc0nqOEQO+lxaKbQAo36ufl
+3iCpQlA/1D41iShRUwSg91J8FMjOFYgCTleplP9HfhRIbwWaxi3VQL6yO+VnXkrsJCDk7ulCTzcE
+J8h2tRXINkYPLRSIEwTRZ7ojTXdUlOzX+P34WDxCJxrFjfqnKyLFgdZlGrcUPvEVixYilUgKcEoM
+Smzqn+JDcaD2NH7qn+JJ8aHxK5AOYj/O0ILS6ygBUoSk96YaI8UzFedaXaJvkBRQlEiUGNQ/zSvl
+nxKA4kDtaV7UvwK5Q5gSgBI15Z/eS4lEd3gaz/TvEdPxpPDp1MUJ0kHtvzO049GrqMBTHZveq0Bo
+Ze/saeHoddP+KQFo/KkOSXGg9jQv6p82nJSQ42+QMyZCi7dkT/Oid6ZWnaOId1V8FEiRyVclAM2L
+CrkI76YZvTdlr0A2S3MzoEQquv02SxXUCXKDNIWnAikyWYH0iFeEd9MsRXjaQBTIZmmcID8hokQt
+wrtpRu9N2SuQzdIoEAWyTJLW7yB0hKXsizxv7/yP/Kc+Jx6FQyqv6fifMREohxRIATEFsj5hKbGp
+YKkwCyUtmyiQAlQKRIEUaPLbhCo6ZY+CbHwGpJ2NxnMUDqm8puOnkyjVuJ72SE8lmPrcSuNJEemR
+n2mCUcFSgk3HT+tF46f4fNm7YhVQSxVimmCFVP4woXlNx/+2AqEddbqTUyLRiZYiXgqHo+KnOKTq
+krz3KRNEgayX/igCTwswSdSlWOlEowJ82oqlQBRIh5xbZxTIHULTHekoITtBtqSw/PcKRIEsMoM2
+iqMESOOkMlEgCkSBrKjmMgJJdTDqh3Yk2vGm46GP6BRhXiWv6fo+7ZFOAaffwylQlHipt8l0nApk
+HWHaABXIzhWOCl+B9AicwlmB7GQgBTBVOBo2nbBXzSuF25qfp/xQSIlECUCBcsXK/i4zjT/lT6q+
+rliuWItcShGSCme6MdJJ2hYITfxs9tOPWVoIGs/ZCEzr+0rxt1YsCsjZ7Ckh6VcsBfJaK1z8DXI2
+wtN4FAhF7GZPhU8bSy+q+qlO/E6QH/hSAI8S2iutKEv0faX4FYgCKbdg2kCcIGVoz2V4VOenhJn+
+qkOrokCKiB01IovhfZtNE4z6p/bmu45ASrDxR7oCWX+00gmVwvNsAjwqHtpYFMgdAkcR8ijCvFu+
+CqSIwNkIebZ4ijC2V9aj8qV5OUGcIBHOUMJTexqkbxCK2J39UQXyDdJ7o9Fyv5xAnhEw+eEpFQ/d
+4a9673ReKf9UaE9bsY5KkHZsCqACWZ8IKTyP4o8CoRXc+WZJFfpswpzOK+V/Z7n/ON76pybTHZsm
+OB3P2Yj6CJ8UwY7CMxU/5Y8TZCdiCsQVC1FousOgYD6Np+NRIAoEcZISkhKMrhDT8dDRP53vI3wo
+DtQPIknDOPVZntbr8BVrmjCUGDQeCjj1TxsCJfZR8VONKBCK2J09BZDaTxOVpp8idsoPjZ/aH1Uv
+J8iTP9s6Qag01t84FE/aEBSIAkGMpYREzleMnSA7kaQAUntXrBsCCuQ3E57yQ2EKcEr4lH3qUUw/
+JtB7af+hq0gq/lRe0/X91Sw+L/mHAkuBUiDrnZmWYBpPSmAaP/VPJzvlp2+Q4huEFpoWgtqniEQJ
+Ru+luFH/NP4Uzk6QO+RpoWkhqH2KSJRg9F6KG/VP40/hrEAUCNquk8Rbupiujr5BigSmhaP2tONN
+F44SiXbgVL5IfV8P4o8PdGQaZydIsRx0hZgWYDHsb7NpIlFi0/ipPa2Xj/TiI/1snTZFPAVCJfbb
+3s+8BexoR3KCFEAdNKH1coI4QRY5cDYhpzSjQIqEp6uFK9YNAUqw1CqoQHYiQAlP7RWIArnnwFPe
+IDt1sXmcrgrTHS/VganAp+2nGwj1T+u+SaQFAwXSQW3jjAJZB4g2qJTwO6VWIB3UFMgfCKQaghNk
+gIxfLumopR2Mhp0iTKpzTuOTyleBUKYV7acJUAzj2yxFGAWy/tGA1p3W8Vfz/SzC+P8H6QRGzlCg
+nCA94tEO/8ie4p9qFIRT/7eNCqQTwOQZCuxkLB3ftHdR4p2N8FRQFJ9ODRRIB7UnnaEEUCD5wiiQ
+PKYxjwrkBiVdoWMFSL9BkoElfLli9VCcFmbKP/XTQcMJ0kHtSWcoAVyx8oVRIHlMYx4VyIuuWDEG
+6EgETo5Aa4KcPCfDE4EYAgokBqWOroiAArliVc0phoACiUGpoysioECuWFVziiGgQGJQ6uiKCCiQ
+K1bVnGIIKJAYlDq6IgIK5IpVNacYAgokBqWOroiAArliVc0phoACiUGpoysi8C9wEWC3752IQgAA
+AABJRU5ErkJggg==
+"
+       style="image-rendering:optimizeSpeed"
+       preserveAspectRatio="none"
+       height="397"
+       width="397" />
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="18.42"
+       y="497.36221"
+       id="text4318"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4320"
+         x="18.42"
+         y="497.36221">Informationen</tspan><tspan
+         sodipodi:role="line"
+         x="18.42"
+         y="534.86218"
+         id="tspan4361">zum Anschluß</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="1030.6841"
+       y="463.36221"
+       id="text4322"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4324"
+         x="1030.6841"
+         y="463.36221">E-Mail-Liste zur</tspan><tspan
+         sodipodi:role="line"
+         x="1030.6841"
+         y="500.86221"
+         id="tspan4326">nachbarschaftlichen</tspan><tspan
+         sodipodi:role="line"
+         x="1030.6841"
+         y="538.36218"
+         id="tspan4328">Koordination</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="18.92"
+       y="951.81219"
+       id="text4148"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4150"
+         x="18.92"
+         y="951.81219"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'">https://github.com/</tspan><tspan
+         sodipodi:role="line"
+         x="18.92"
+         y="989.31219"
+         id="tspan4154"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'">zentralwerk/</tspan><tspan
+         sodipodi:role="line"
+         x="18.92"
+         y="1026.8123"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:'Ubuntu Mono';-inkscape-font-specification:'Ubuntu Mono'"
+         id="tspan4332">network</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:30px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;fill:#808080;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="525.64789"
+       y="956.91223"
+       id="text4334"
+       sodipodi:linespacing="125%"><tspan
+         sodipodi:role="line"
+         id="tspan4336"
+         x="525.64789"
+         y="956.91223"
+         style="text-align:center;text-anchor:middle;fill:#808080">Sprechzeiten:</tspan><tspan
+         sodipodi:role="line"
+         x="525.64789"
+         y="994.41223"
+         id="tspan4338"
+         style="text-align:center;text-anchor:middle;fill:#808080">Di + Do 16:00-18:00</tspan><tspan
+         sodipodi:role="line"
+         x="525.64789"
+         y="1031.9122"
+         style="text-align:center;text-anchor:middle;fill:#808080"
+         id="tspan4340">Haus B Mitte Souterrain</tspan></text>
+  </g>
+</svg>
diff --git a/doc/hello.md b/doc/hello.md
index 9ceb03d..5f9e97e 100644
--- a/doc/hello.md
+++ b/doc/hello.md
@@ -50,6 +50,19 @@ bestellen und konfigurieren wir ihn.
 
 ![TL-WR841N](https://upload.wikimedia.org/wikipedia/commons/thumb/2/23/TP-Link_TL-WR841N-2920.jpg/240px-TP-Link_TL-WR841N-2920.jpg)
 
+### Netzverteilung
+
+Auch möglich sind diese Konfigurationen:
+
+* Ihr wohnt nebenan und möchtet euch einen WLAN-Router teilen? Dann
+  könnt ihr trotzdem individuell verschlüsselte private Subnetze
+  haben.
+  
+* Du hast mehrere Büros oder Büro und Wohnung im Haus? Auf diese
+  Datendosen und WLAN-Router können wir dein Subnetz legen, auch wenn
+  sie an verschiedenen Orten im Haus sind. In einem Subnetz sind
+  Geräte wie zum Beispiel Drucker direkt auffindbar.
+
 
 ### Alternative: Eigener alter WLAN-Router
 
@@ -88,6 +101,31 @@ Bei der Bestellung nehmt ihr das billigste Kabelmodem, nicht die
 Fritzbox. Um WLAN kümmern wir uns schließlich.
 
 
+### Warum Internetanschluß routen lassen…
+
+…statt direkt das Kabelmodem zu verwenden?
+
+* Wir optimieren die ausgehende Bandbreite um
+  das [Bufferbloat](https://en.wikipedia.org/wiki/Bufferbloat)-Problem
+  zu umgehen.
+* Du könntest deinen Internetanschluß mit Nachbarn teilen.
+* Wir ermöglichen Zugang zum internen Zentralwerk-Netz.
+
+
+### Kabeldose in der Wohnung?
+
+…und nicht im Keller? Wir können die oben genannten Ziele trotzdem
+erreichen wenn du einen der von uns konfigurierten Router nutzt.
+
+
+## Statische IPv6-Adressen
+
+Du willst weltweit erreichbar sein mit dem Internet-Protokoll der
+Zukunft? Kein Problem: wir verfügen über eine Menge statischer
+IPv6-Adressen über den Tunnel-Broker (SixXS)[https://www.sixxs.net/]
+mit mehreren schnellen Zugangspunkten in geographischer Nähe.
+
+
 # Alternative: Isolation
 
 Du trägst Bedenken und fühlst dich ohne uns im Internet besser aufgehoben?

From dc20cc8cfb4c84f440944872720f8701326d8db2 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 20 Dec 2016 15:12:34 +0100
Subject: [PATCH 09/11] upstream: bump upstream2 up-bandwidth

---
 salt-pillar/upstream/upstream2.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt-pillar/upstream/upstream2.sls b/salt-pillar/upstream/upstream2.sls
index 211754e..cc9a9ff 100644
--- a/salt-pillar/upstream/upstream2.sls
+++ b/salt-pillar/upstream/upstream2.sls
@@ -1,7 +1,7 @@
 upstream:
   interface: up2
   nat66-interface: up2
-  up-bandwidth: 6200
+  up-bandwidth: 12400
   flow-keys: nfct-src
   flows: 2048
 

From 349e87a3c2518651b14c18c9f348b0641a5e4842 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 20 Dec 2016 15:18:04 +0100
Subject: [PATCH 10/11] doc/hello

---
 doc/hello.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/hello.md b/doc/hello.md
index 5f9e97e..428c433 100644
--- a/doc/hello.md
+++ b/doc/hello.md
@@ -109,7 +109,7 @@ Fritzbox. Um WLAN kümmern wir uns schließlich.
   das [Bufferbloat](https://en.wikipedia.org/wiki/Bufferbloat)-Problem
   zu umgehen.
 * Du könntest deinen Internetanschluß mit Nachbarn teilen.
-* Wir ermöglichen Zugang zum internen Zentralwerk-Netz.
+* Wir ermöglichen gleichzeitig Zugang zum internen Zentralwerk-Netz.
 
 
 ### Kabeldose in der Wohnung?
@@ -122,7 +122,7 @@ erreichen wenn du einen der von uns konfigurierten Router nutzt.
 
 Du willst weltweit erreichbar sein mit dem Internet-Protokoll der
 Zukunft? Kein Problem: wir verfügen über eine Menge statischer
-IPv6-Adressen über den Tunnel-Broker (SixXS)[https://www.sixxs.net/]
+IPv6-Adressen über den Tunnel-Broker [SixXS](https://www.sixxs.net/)
 mit mehreren schnellen Zugangspunkten in geographischer Nähe.
 
 

From 2262daf93bb20d9a4dc68c3705f28d6f239c8450 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 20 Dec 2016 15:39:27 +0100
Subject: [PATCH 11/11] doc/hello: embed core.png

---
 doc/hello.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/hello.md b/doc/hello.md
index 428c433..f67c4a7 100644
--- a/doc/hello.md
+++ b/doc/hello.md
@@ -140,3 +140,6 @@ Kabelmodem und deine Datendose bekommen.
 Dienstags und Donnerstags 16:00-18:00 Uhr
 
 [C3D2](https://www.c3d2.de/space.html), Haus B Souterrain, genau in der Mitte
+
+
+![Kernnetz visualisiert von eri!](core.png)