Create the DANOS Image from the ISO
Create a new image using the Virtual Box Manager → Machine → New
Enter a name (e.g. danosVRR)
Select 4096 MB of RAM and Click Next
Select ‘Create a virtual hard disk now’ and Click Create
Select ‘Virtual Hard Disk’, not VDI or VMDK (these may work but the DANOS image uses a fixed disk size) and Click Next
Select ‘Use Fixed Size’ and Click Next
Select 8.00 GB and Click Create
The image should now be in your list of instances available to start
You may want to set Adapter 1 Adapter-Type to Advanced → Paravirtualized Network (virtio-net) so that you avoid an error when we activate dhcp in the next section.
Install the DANOS Image
Start the image you just created
Select as the start-up image the DANOS ISO
Click on the file folder icon
Click on +Add and a file browser window should pop up
Navigate to the DANOS ISO and click on “Open”
The ISO should be on the displayed list of options, select and click on “Choose”
The virtual machine should now boot from the ISO, present a boot screen and then proceed to boot to a shell as vyatta
We want to activate dhcp on the dp0p0s3 port and turn on ssh so that we can use putty or ssh to configure DANOS with copy/paste. The recommended way is to use the config cli and to choose /config/config.boot as the source of the configuration when doing install image.
Code Block language bash
config set interfaces dataplane dp0p0s3 address dhcp set service ssh commit exit
You may get an error as it tries to start the dhcp client but you should ignore this error since we will correct the Adapter Type’s in the next section.
You can check that the config is correct with a show config
Type ‘install image’ and follow the same sequence as the libvirt install
default for image name
default to select /config/config.boot
default to vyatta as the login
password is your option but ‘vyatta’ is simplest for local demonstration purposes
enter your password a second time to confirmIn the 2005 version, you will be asked to create an administrator account by supplying a username and password.
In the 1908 version the default user is vyatta and you supply a password.
default No for grub password
default No for reduced grub layout
it will prompt to confirm to install on /sda (this will be the new hard disk image we use instead of the iso)
default for gpt
default for partition and partition size
default for log partition 
default for Print final sizes
enter ‘yes’ to Continue the install
you should get a ‘Done’ at the end
Configure Machine Settings
At this point, the ISO is still attached to the machine and needs to be removed
Shutdown the machine (I usually pick sending the signal)
Remove the ISO image attached to the optical device
Go into Virtual Box Manager
Select your DANOS instance
Right-click on the DANOS ISO and Select ‘Remove Attachment’
Select System and set the number of CPUs to 4. If your environment is limited you should be able to get by with just 2 vCPUs. The default Chipset PIIX3 should be fine.
Network: let's enable adapters for our demonstrations. You will need to make sure that all enabled adapters use an Adapter-Type of Paravirtualized Network (virtio-net) or the dataplane will not come up. Select Network
Adapter 1 should be attached as 'Bridged Adapter'
Select Adapter Type: Paravirtualized Network (virtio-net)
Select Adapter 2, Select Enable and Select Internal Network and take the default name as ‘intnet’
select Advanced and chose Adapter Type: Paravirtualized Network (virtio-net) like adapter 1.
we will attach traffic source and traffic sink to this internal VB network and use static IP address
Repeat for Adapter 3 and 4 just like Adapter 2 with the same name for the internal network (you can use a different internal network name but then we have to set that same name for the other VMs and for a local demonstration it is not needed.
We enabled Adapter 4 in case you want to try more advanced routing options but it is not used in this setup.
Start the machine
There should not be a long delay if the Adapters are set correctly and you should see dp0p0s3 starting DHCP. After a minutes you should be at the console port with a login prompt
Login at vyatta/vyatta (or your chosen password)
show interfaces should show the dp0p0s3 interfaces as u/u
if you need to edit networking you may need to add your login to the superuser status.
Enter config mode
set system login user vyatta level superuser
log out of the machine and login
you should be able to sudo and edit /etc/network/interfaces as needed
You should be able to login to the vRR using telnet/putty to the IP listed.
Lets Configure DANOS for our demonstration
enter config mode
set interface dataplane dp0p0s8 address 192.168.2.2/24
set interface dataplane dp0p0s9 address 192.168.3.2/24
Create a Traffic Sink
Create a Ubuntu VM (you may need to download a Ubuntu ISO )
1 vcpu, 2 Gb memory , 10 Gb storage but even less memory is probably okay
Adapter 1 should be NAT
Adapter 2 should be enabled on the Internal Network with the same name as the vRR
There is no need for advanced settings.
The Ubuntu install will automatically remove the iso image during the install so simply hit enter on the reboot after install.
I enable Adapter 1, login and do apt update, apt install lighttpd, apt install curl, apt install net-tools , apt install traceroute and then disable Adapter 1.
This may not be needed if your networking environment doesn't confuse Ubuntu like mine did
You may need to add a corporate proxy to your API installation
sudo vi /etc/apt/apt.conf.d/proxy.conf
You can use Ubuntu → Settings → Network to set the static IP address on the dp0p0s8 adapter
192.168.3.3 255.255.255.0 192.168.3.2
Make sure curl http://127.0.01/ returns some html and you can ping the gateway 192.168.3.2 on the traffic-SINK
Repeat for the Traffic-Source but use 192.168.2.3, 192.168.2.2 as the gateway
You should be able to ping the 192.168.3.3 address from the Traffic Source (192.168.2.3) and vice versa. Curl from the traffic-SINK should work to the 192.168.3.3 from 192.168.2.3.
show interface counters should reflect the routing through the vRR
You can update the DANOS firewall rules and enable/disable the firewall to test a Port 80 connection policy just like the Openstack use case.
Create a Firewall policy and attach it to interface dp0p0s8 (the traffic-SOURCE ingress port towards the traffic-SINK)
vyatta@vyatta# set security firewall name Test80 description "Allow port 80"
vyatta@vyatta# set security firewall name Test80 rule 100 destination address 192.168.3.3
vyatta@vyatta# set security firewall name Test80 rule 100 destination port 80
vyatta@vyatta# set security firewall name Test80 rule 100 protocol tcp
vyatta@vyatta# set security firewall name Test80 rule 100 action accept
vyatta@vyatta# set interfaces dataplane dp0p0s8 firewall in Test80
Curl should still work but ping will fail because the policy does not allow ICMP through.
Disable port 80
set security firewall name Test80 rule 100 action drop
Curl should also be blocked now
Enable Curl on port 80 with:
set security firewall name Test80 rule 100 action accept
vyatta@vyatta# set security firewall name Test80 rule 110 destination address 192.168.3.3
vyatta@vyatta# set security firewall name Test80 rule 110 protocol icmp
vyatta@vyatta# set security firewall name Test80 rule 110 action accept
g. Turn on UDP to permit traceroute through so we can see the vRR is doing the routing.
vyatta@vyatta# set security firewall name Test80 rule 120 destination address 192.168.3.3
vyatta@vyatta# set security firewall name Test80 rule 120 protocol udp
vyatta@vyatta# set security firewall name Test80 rule 120 action accept
You should be able to extend this How-To for more features and different topologies depending on how much memory/cpu you have available.