From d54777514c0bb1fe1091c584aa4583041d42e1cf Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 7 Mar 2025 15:15:23 +0000
Subject: [PATCH] Improve blackholing of AWS routes on he.net

---
 cookbooks/networking/templates/default/network.erb |  6 ++++++
 roles/equinix-ams-public.rb                        |  5 ++++-
 roles/equinix-dub-public.rb                        | 10 +++++-----
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/cookbooks/networking/templates/default/network.erb b/cookbooks/networking/templates/default/network.erb
index 7f38de3c5..f837c65a5 100644
--- a/cookbooks/networking/templates/default/network.erb
+++ b/cookbooks/networking/templates/default/network.erb
@@ -91,6 +91,9 @@ Destination=<%= destination %>
 <% if details[:metric] -%>
 Metric=<%= details[:metric] %>
 <% end -%>
+<% if details[:table] -%>
+Table=<%= details[:table] %>
+<% end -%>
 <% if details[:type] -%>
 Type=<%= details[:type] %>
 <% end -%>
@@ -107,6 +110,9 @@ Destination=<%= destination %>
 <% if details[:metric] -%>
 Metric=<%= details[:metric] %>
 <% end -%>
+<% if details[:table] -%>
+Table=<%= details[:table] %>
+<% end -%>
 <% if details[:type] -%>
 Type=<%= details[:type] %>
 <% end -%>
diff --git a/roles/equinix-ams-public.rb b/roles/equinix-ams-public.rb
index def6bc25f..a67b1bfcc 100644
--- a/roles/equinix-ams-public.rb
+++ b/roles/equinix-ams-public.rb
@@ -16,7 +16,10 @@ default_attributes(
         },
         :inet6 => {
           :prefix => "64",
-          :gateway => "2001:470:1:fa1::1"
+          :gateway => "2001:470:1:fa1::1",
+          :routes => {
+            "2600:9000::/28" => { :table => 3, :type => "unreachable" }
+          }
         }
       },
       :equinix => {
diff --git a/roles/equinix-dub-public.rb b/roles/equinix-dub-public.rb
index 4aea8ef63..3cac11b43 100644
--- a/roles/equinix-dub-public.rb
+++ b/roles/equinix-dub-public.rb
@@ -16,7 +16,10 @@ default_attributes(
         },
         :inet6 => {
           :prefix => 64,
-          :gateway => "2001:470:1:b3b::1"
+          :gateway => "2001:470:1:b3b::1",
+          :routes => {
+            "2600:9000::/28" => { :table => 101, :type => "unreachable" }
+          }
         }
       },
       :equinix => {
@@ -31,10 +34,7 @@ default_attributes(
         },
         :inet6 => {
           :prefix => 64,
-          :gateway => "2001:4d78:fe03:1c::1",
-          :rules => [
-            { :to => "2600:9000::/28", :table => 203, :priority => 100 }
-          ]
+          :gateway => "2001:4d78:fe03:1c::1"
         }
       }
     }
-- 
2.39.5