On Mon, Jun 17, 2013 at 6:16 PM, C.J. Adams-Collier KF7BMP <cjac@colliertech.org> wrote:

(Please trim inclusions from previous messages)
_______________________________________________

Hey there John,

I vote JSON rather than XML. The XML marshaling pipeline makes me cry
every time I think about it.

I'll expand on your target platforms for config formats:

Common -> JNOS
Common -> JunOS
Common -> Cisco
Common -> MikroTik
Common -> shorewall / IPTables
Common -> quagga

Rick (CC'd), can you help me and John here out with exercising some code
to configure mikrotik routers? John is the administrator for the
Western Washington /44 block and is issuing San Juan County a subnet.
Traffic on this network can make use of the amateur band to transmit
tcp/ip (as well as Ethernet over 802.11) on non-encrypted channels as
per 47 CFR Part 97. This seems like it would be very useful for your
ISP, since many of your long-range APs run without WPA or WEP. You can
run on channel 7 with a narrow beam at higher gain than unlicensed
users. When transmitting SSL or other application-layer encryption, the
radio must operate at unlicensed power limits. Credentials negotiation
using HMAC algorithms such as SHA-1 (and *mumble* md5 *mumble*) seem to
have been approved. But I would avoid using anything the NIST no longer
considers secure.

http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html

On Mon, 2013-06-17 at 12:00 -0700, K7VE - John wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> I think we need to provide this information in a normalized manner,
> and have scripts for various router implementations:
>
>
> Common -> JNOS
> Common -> Cisco
> Common -> MikroTik
> Common -> IPTables
>
>
> Etc.
>
>
> The current parsing is a pain.
>
>
> Something in JSON on XML would be nice, or at least fixed length
> records, using CIDR and gating hosts.
>
>
> e.g.
>
>
> { gateway: 192.231.186.124, transport : {method: BGP}, subnets :
> [{net:44.24.10.0,mask:24},{net:44.24.100.12,mask:32}]}
>
>
> BGP routes shouldn't need any special rules
>
>
> { gateway: 192.231.186.124, transport : {method: tunnel, protocols:
> [ipip,l2tp]}, subnets :
> [{net:44.24.10.0,mask:24},{net:44.24.100.12,mask:32}]}

John, I had to quote your json key and value strings in order for
JSON.pm to accept them. Is there any way you can get your JSON
generator to wrap string literals in double quotes?

cjac@foxtrot:~/src/perl$ cat import-export-json.pl ; perl import-export-json.pl
#!/usr/bin/perl -w
use strict;
use JSON;

use Data::Dumper;

my @json = (
q{ { "gateway": "192.231.186.124", "transport" : { "method": "BGP" }, "subnets" : [ { "net": "44.24.10.0", "mask": "24" }, { "net": "44.24.100.12", "mask": "32" } ] } },
q{ { "gateway": "192.231.186.124", "transport": { "method": "tunnel", "protocols": ["ipip","l2tp"] }, "subnets": [ { "net": "44.24.10.0", "mask": "24" }, { "net": "44.24.100.12", "mask": "32" } ] } }
);

my @perl = map { decode_json $_ } @json;

print Data::Dumper::Dumper( @perl ), "\n";
__END__
$VAR1 = {
'transport' => {
'method' => 'BGP'
},
'gateway' => '192.231.186.124',
'subnets' => [
{
'net' => '44.24.10.0',
'mask' => '24'
},
{
'net' => '44.24.100.12',
'mask' => '32'
}
]
};
$VAR2 = {
'transport' => {
'protocols' => [
'ipip',
'l2tp'
],
'method' => 'tunnel'
},
'gateway' => '192.231.186.124',
'subnets' => [
{
'net' => '44.24.10.0',
'mask' => '24'
},
{
'net' => '44.24.100.12',
'mask' => '32'
}
]
};

>
>
> On an IPIP tunnel:
>
>
> [admin@MikroTik] interface ipip> add local-address: x.x.x.x remote-address: 192.231.186.124
> [admin@MikroTik] interface ipip> print Flags: X - disabled, R - running # NAME MTU LOCAL-ADDRESS REMOTE-ADDRESS 0 X ipip1 1480 x.x.x.x 192.231.186.124
> [admin@MikroTik] interface ipip> en 0
> [admin@MikroTik] interface ipip> /ip address add address=44.24.10.0/24 interface=ipip1
> [admin@MikroTik] interface ipip> /ip address add address=44.24.100.12/32 interface=ipip1
>

Correct me if I'm wrong here, John and Rick, but you should be able to
get to an admin@MikroTik shell using Net::SSH, right? If this is the
case, it should be trivial to automate the above given the JSON
description of the tunnel endpoints above.

>
>
> Given the above JSON object [pseudo-Javascript Code to generate
> MikroTik].

It's fully javascript. no pseudo about it. values can be the results
of evaluations of javascript code, but I try to avoid that sort of thing
and stick with string literals.

>
> document.write('/interface ipip add local-address: x.x.x.x
> remote-address: ' . gateway);
> document.write('/interface ipip en 0');
> document.write('/interface ipip address add address=' .
> subnets[0].net . '/' . subnets[0].mask . ' interface=ipip1');
> document.write('/interface ipip address add address=' .
> subnets[1].net . '/' . subnets[1].mask . ' interface=ipip1');
>

73,

C.J.

>
>
>
>
>
>
> ______________________________________________________________________
> John D. Hays
> K7VE
> PO Box 1223, Edmonds, WA 98020-1223
>
>
>
>
>
>
>
> On Mon, Jun 17, 2013 at 11:26 AM, C.J. Adams-Collier
>
>
> KF7BMP <cjac@colliertech.org> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> On Mon, 2013-06-17 at 13:54 -0400, Jason R Begley wrote:
> > Let me know if you are
> > interested in a script to convert the encap.txt into a
> loadable
> > config.
>
> Oh, yes, please!
>
> http://phx0.colliertech.org/~cjac/tmp/IMG_20130617_112301.jpg
>
>
> _________________________________________
> 44Net mailing list
> 44Net@hamradio.ucsd.edu
> http://hamradio.ucsd.edu/mailman/listinfo/44net
> http://www.ampr.org/donate.html
>
>
>
> _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html

_________________________________________
44Net mailing list
44Net@hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html