It was hand generated :) hence, pseudo :)
------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 http://k7ve.org/blog http://twitter.com/#!/john_hays http://www.facebook.com/john.d.hays
On Mon, Jun 17, 2013 at 6:16 PM, C.J. Adams-Collier KF7BMP < cjac@colliertech.org> wrote:
(Please trim inclusions from previous messages) _______________________________________________
Hey there John,
I vote JSON rather than XML. The XML marshaling pipeline makes me cry every time I think about it.
I'll expand on your target platforms for config formats:
Common -> JNOS Common -> JunOS Common -> Cisco Common -> MikroTik Common -> shorewall / IPTables Common -> quagga
Rick (CC'd), can you help me and John here out with exercising some code to configure mikrotik routers? John is the administrator for the Western Washington /44 block and is issuing San Juan County a subnet. Traffic on this network can make use of the amateur band to transmit tcp/ip (as well as Ethernet over 802.11) on non-encrypted channels as per 47 CFR Part 97. This seems like it would be very useful for your ISP, since many of your long-range APs run without WPA or WEP. You can run on channel 7 with a narrow beam at higher gain than unlicensed users. When transmitting SSL or other application-layer encryption, the radio must operate at unlicensed power limits. Credentials negotiation using HMAC algorithms such as SHA-1 (and *mumble* md5 *mumble*) seem to have been approved. But I would avoid using anything the NIST no longer considers secure.
http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
On Mon, 2013-06-17 at 12:00 -0700, K7VE - John wrote:
(Please trim inclusions from previous messages) _______________________________________________ I think we need to provide this information in a normalized manner, and have scripts for various router implementations:
Common -> JNOS Common -> Cisco Common -> MikroTik Common -> IPTables
Etc.
The current parsing is a pain.
Something in JSON on XML would be nice, or at least fixed length records, using CIDR and gating hosts.
e.g.
{ gateway: 192.231.186.124, transport : {method: BGP}, subnets : [{net:44.24.10.0,mask:24},{net:44.24.100.12,mask:32}]}
BGP routes shouldn't need any special rules
{ gateway: 192.231.186.124, transport : {method: tunnel, protocols: [ipip,l2tp]}, subnets : [{net:44.24.10.0,mask:24},{net:44.24.100.12,mask:32}]}
John, I had to quote your json key and value strings in order for JSON.pm to accept them. Is there any way you can get your JSON generator to wrap string literals in double quotes?
cjac@foxtrot:~/src/perl$ cat import-export-json.pl ; perlimport-export-json.pl #!/usr/bin/perl -w use strict; use JSON;
use Data::Dumper; my @json = ( q{ { "gateway": "192.231.186.124", "transport" : { "method": "BGP"}, "subnets" : [ { "net": "44.24.10.0", "mask": "24" }, { "net": "44.24.100.12", "mask": "32" } ] } }, q{ { "gateway": "192.231.186.124", "transport": { "method": "tunnel", "protocols": ["ipip","l2tp"] }, "subnets": [ { "net": "44.24.10.0", "mask": "24" }, { "net": "44.24.100.12", "mask": "32" } ] } } );
my @perl = map { decode_json $_ } @json; print Data::Dumper::Dumper( @perl ), "\n"; __END__ $VAR1 = { 'transport' => { 'method' => 'BGP' }, 'gateway' => '192.231.186.124', 'subnets' => [ { 'net' => '44.24.10.0', 'mask' => '24' }, { 'net' => '44.24.100.12', 'mask' => '32' } ] }; $VAR2 = { 'transport' => { 'protocols' => [ 'ipip', 'l2tp' ], 'method' => 'tunnel' }, 'gateway' => '192.231.186.124', 'subnets' => [ { 'net' => '44.24.10.0', 'mask' => '24' }, { 'net' => '44.24.100.12', 'mask' => '32' } ] };On an IPIP tunnel:
[admin@MikroTik] interface ipip> add local-address: x.x.x.x
remote-address: 192.231.186.124
[admin@MikroTik] interface ipip> print Flags: X - disabled, R -
running # NAME MTU LOCAL-ADDRESS REMOTE-ADDRESS 0 X ipip1 1480 x.x.x.x 192.231.186.124
[admin@MikroTik] interface ipip> en 0 [admin@MikroTik] interface ipip> /ip address add address=44.24.10.0/24interface=ipip1 [admin@MikroTik] interface ipip> /ip address add address=
44.24.100.12/32 interface=ipip1
Correct me if I'm wrong here, John and Rick, but you should be able to get to an admin@MikroTik shell using Net::SSH, right? If this is the case, it should be trivial to automate the above given the JSON description of the tunnel endpoints above.
Given the above JSON object [pseudo-Javascript Code to generate MikroTik].
It's fully javascript. no pseudo about it. values can be the results of evaluations of javascript code, but I try to avoid that sort of thing and stick with string literals.
document.write('/interface ipip add local-address: x.x.x.x remote-address: ' . gateway); document.write('/interface ipip en 0'); document.write('/interface ipip address add address=' . subnets[0].net . '/' . subnets[0].mask . ' interface=ipip1'); document.write('/interface ipip address add address=' . subnets[1].net . '/' . subnets[1].mask . ' interface=ipip1');
73,
C.J.
John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223
On Mon, Jun 17, 2013 at 11:26 AM, C.J. Adams-Collier
KF7BMP cjac@colliertech.org wrote: (Please trim inclusions from previous messages) _______________________________________________ On Mon, 2013-06-17 at 13:54 -0400, Jason R Begley wrote: > Let me know if you are > interested in a script to convert the encap.txt into a loadable > config.
Oh, yes, please! http://phx0.colliertech.org/~cjac/tmp/IMG_20130617_112301.jpg _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html_________________________________________ 44Net mailing list
44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html