diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index 059a5ff..8c84271 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -37,8 +37,18 @@ router bgp {{ asn.asn }}
   neighbor {{ iface }} bfd 3 150 150
 {% endfor %}
 
-{% for family in ['ipv4', 'ipv6'] %}
-  address-family {{ family }} unicast
+  address-family ipv4 unicast
+    redistribute connected route-map loopback
+
+    neighbor fabric soft-reconfiguration inbound
+    neighbor fabric route-map fabric->default in
+    neighbor fabric route-map default->fabric out
+
+    import vrf outside
+    import vrf route-map default-import
+  exit-address-family
+
+  address-family ipv6 unicast
     redistribute connected route-map loopback
 
     neighbor fabric activate
@@ -50,7 +60,6 @@ router bgp {{ asn.asn }}
     import vrf route-map default-import
   exit-address-family
 
-{% endfor %}
   address-family l2vpn evpn
     advertise-all-vni
     advertise-default-gw
@@ -77,12 +86,10 @@ router bgp {{ asn.asn }} vrf outside
 {% endfor %}
 
   address-family ipv4 unicast
-    neighbor peerlink.4 activate
     neighbor peerlink.4 soft-reconfiguration inbound
     neighbor peerlink.4 route-map peer.4->me in
     neighbor peerlink.4 route-map me->peer.4 out
 
-    neighbor firewall activate
     neighbor firewall allowas-in 1
     neighbor firewall default-originate
     neighbor firewall soft-reconfiguration inbound
@@ -137,8 +144,27 @@ router bgp {{ asn.asn }} vrf inside
   neighbor {{ iface }}.2 bfd 3 150 150
 {% endfor %}
 
-{% for family in ['ipv4', 'ipv6'] %}
-  address-family {{ family }} unicast
+  address-family ipv4 unicast
+    neighbor peerlink.2 soft-reconfiguration inbound
+    neighbor peerlink.2 route-map peer.2->me in
+    neighbor peerlink.2 route-map me->peer.2 out
+
+    neighbor firewall allowas-in 1
+    neighbor firewall soft-reconfiguration inbound
+    neighbor firewall route-map inside->firewall out
+{% for iface in ifaces_firewall %}
+    neighbor {{ iface }}.2 route-map firewall-{{ loop.index }}->inside in
+{% endfor %}
+
+    redistribute connected route-map loopback-inside
+{% for vrf in inside_vrfs %}
+    import vrf {{ vrf }}
+{% endfor %}
+    import vrf default
+    import vrf route-map inside-import
+  exit-address-family
+
+  address-family ipv6 unicast
     neighbor peerlink.2 activate
     neighbor peerlink.2 soft-reconfiguration inbound
     neighbor peerlink.2 route-map peer.2->me in
@@ -160,15 +186,25 @@ router bgp {{ asn.asn }} vrf inside
     import vrf route-map inside-import
   exit-address-family
 
-{% endfor %}
-
 
 {% for vrf in vrfs.values() | selectattr('name', 'in', inside_vrfs) %}
 router bgp {{ asn.asn }} vrf {{ vrf.name }}
   bgp bestpath as-path multipath-relax
 
-{% for family in ['ipv4', 'ipv6'] %}
-  address-family {{ family }} unicast
+  address-family ipv4 unicast
+    redistribute connected
+    import vrf inside
+{% if  vrf.custom_fields.imports %}
+{% for import in vrf.custom_fields.imports %}
+    import vrf {{ import.name }}
+{% endfor %}
+    import vrf route-map {{ vrf.name }}-import
+{% else %}
+    import vrf route-map office-import
+{% endif %}
+  exit-address-family
+
+  address-family ipv6 unicast
     redistribute connected
     import vrf inside
 {% if vrf.custom_fields.imports %}
@@ -182,7 +218,6 @@ router bgp {{ asn.asn }} vrf {{ vrf.name }}
   exit-address-family
 
 {% endfor %}
-{% endfor %}
 
 # Prefix lists.
 ip prefix-list default permit 0.0.0.0/0
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 83e748f..df83109 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -51,12 +51,6 @@
     mode: 0644
   notify: enable interfaces
 
-- name: Set up resolv.conf
-  template:
-    dest: /etc/resolv.conf
-    src: resolv.conf.j2
-    mode: 0644
-
 - name: Set up sysctls
   template:
     dest: /etc/sysctl.d/firewall.conf
diff --git a/roles/firewall/templates/frr.conf.j2 b/roles/firewall/templates/frr.conf.j2
index 9078004..81ae5f3 100644
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@@ -40,14 +40,26 @@ router bgp {{ asn.asn }}
   neighbor {{ iface.name }}.4 bfd profile fast
 {% endfor %}
 
-{% for family in ['ipv4', 'ipv6'] %}
-  address-family {{ family }} unicast
-{% if family == 'ipv4' %}
+  address-family ipv4 unicast
 {% for network in nat %}
     network {{ network }}
 {% endfor %}
 
-{% endif %}
+    redistribute connected route-map loopback
+    maximum-paths 16
+
+    neighbor outside soft-reconfiguration inbound
+    neighbor outside route-map outside->default in
+    neighbor outside route-map default->outside out
+
+    neighbor inside allowas-in origin
+    neighbor inside default-originate
+    neighbor inside soft-reconfiguration inbound
+    neighbor inside route-map inside->default in
+    neighbor inside route-map default->inside out
+  exit-address-family
+
+  address-family ipv6 unicast
     redistribute connected route-map loopback
     maximum-paths 16
 
@@ -64,8 +76,6 @@ router bgp {{ asn.asn }}
     neighbor inside route-map default->inside out
   exit-address-family
 
-{% endfor %}
-
 # Prefix lists.
 ip prefix-list default permit 0.0.0.0/0
 ipv6 prefix-list default permit ::/0
@@ -75,9 +85,9 @@ ip prefix-list fabric permit 10.34.0.0/24 ge 32
 {% for prefix in vrf_prefixes | rejectattr('vrf.name', '==', 'outside')
     | sort(attribute='family.value') %}
 {% if prefix.family.value == 4 %}
-ip prefix-list office permit {{ prefix.prefix }}
+ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
 {% elif prefix.family.value == 6 %}
-ipv6 prefix-list office permit {{ prefix.prefix }}
+ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
 {% endif %}
 {% endfor %}
 
diff --git a/roles/leaf/templates/frr.conf.j2 b/roles/leaf/templates/frr.conf.j2
index a30748b..2510328 100644
--- a/roles/leaf/templates/frr.conf.j2
+++ b/roles/leaf/templates/frr.conf.j2
@@ -41,8 +41,7 @@ router bgp {{ asn.asn }}
 {% endfor %}
 
 {% endfor %}
-{% for family in ['ipv4', 'ipv6'] %}
-  address-family {{ family }} unicast
+  address-family ipv4 unicast
     redistribute connected route-map loopbacks
     neighbor fabric activate
 {% for tenant in my_tenants %}
@@ -52,7 +51,16 @@ router bgp {{ asn.asn }}
 {% endfor %}
   exit-address-family
 
+  address-family ipv6 unicast
+    redistribute connected route-map loopbacks
+    neighbor fabric activate
+{% for tenant in my_tenants %}
+    neighbor dc-{{ tenant }} activate
+    neighbor dc-{{ tenant }} route-map dc-{{ tenant }}->default in
+    neighbor dc-{{ tenant }} route-map default->dc out
 {% endfor %}
+  exit-address-family
+
   address-family l2vpn evpn
     neighbor fabric activate
 {% for iface in ifaces_evpn|default([]) %}
diff --git a/templates/resolv.conf.j2 b/templates/resolv.conf.j2
deleted file mode 100644
index feadf5d..0000000
--- a/templates/resolv.conf.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-search {{ domain }}
-{% for server in dns6 %}
-nameserver {{ server }}
-{% endfor %}