Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Create the DANOS Image from the ISO

    1. Create a new image using the Virtual Box Manager → Machine → New

    2. Enter a name (e.g. danosVRR)

    3. Select Linux

    4. Select Debian-64

    5. Click Next

    6. Select 4096 MB of RAM and Click Next

    7. Select ‘Create a virtual hard disk now’ and Click Create

    8. Select ‘Virtual Hard Disk’, not VDI or VMDK (these may work but the DANOS image uses a fixed disk size) and Click Next

    9. Select ‘Use Fixed Size’ and Click Next

    10. Select 8.00 GB and Click Create

    11. The image should now be in your list of instances available to start

    12. You may want to set Adapter 1 Adapter-Type to Advanced → Paravirtualized Network (virtio-net) so that you avoid an error when we activate dhcp in the next section.

  2. Install the DANOS Image

    1. Start the image you just created

    2. Select as the start-up image the DANOS ISO

      1. Click on the file folder icon

      2. Click on +Add and a file browser window should pop up

      3. Navigate to the DANOS ISO and click on “Open”

      4. The ISO should be on the displayed list of options, select and click on “Choose”

      5. Click Start

    3. The virtual machine should now boot from the ISO, present a boot screen and then proceed to boot to a shell as vyatta

    4. We want to activate dhcp on the dp0p0s3 port and turn on ssh so that we can use putty or ssh to configure DANOS with copy/paste. The recommended way is to use the config cli and to choose /config/config.boot as the source of the configuration when doing install image.

    5. Code Block
      set interfaces dataplane dp0p0s3 address dhcp
      set service ssh

      You may get an error as it tries to start the dhcp client but you should ignore this error since we will correct the Adapter Type’s in the next section.

      You can check that the config is correct with a show config

    6. Type ‘install image’ and follow the same sequence as the libvirt install

    7. default for image name

    8. default to select /config/config.boot

    9. default to vyatta as the login

    10. password is your option but ‘vyatta’ is simplest for local demonstration purposes

    11. enter your password a second time to confirmIn the 2005 version, you will be asked to create an administrator account by supplying a username and password.

      1. In the 1908 version the default user is vyatta and you supply a password.

    12. default tty

    13. default No for grub password

    14. default No for reduced grub layout

    15. it will prompt to confirm to install on /sda (this will be the new hard disk image we use instead of the iso)

    16. default for gpt

    17. default for partition and partition size

    18. default for log partition [0]

    19. default for Print final sizes

    20. enter ‘yes’ to Continue the install

    21. you should get a ‘Done’ at the end

  3. Configure Machine Settings

    1. At this point, the ISO is still attached to the machine and needs to be removed

      1. Shutdown the machine (I usually pick sending the signal)

      2. Remove the ISO image attached to the optical device

        1. Go into Virtual Box Manager

        2. Select your DANOS instance

        3. Select Settings

        4. Select Storage

          Image Modified

        5. Right-click on the DANOS ISO and Select ‘Remove Attachment’

        6. Click ‘Remove’

          Image Modified

    2. Select System and set the number of CPUs to 4. If your environment is limited you should be able to get by with just 2 vCPUs. The default Chipset PIIX3 should be fine.

      Image Modified

      Image Modified

      Image Modified

    3. Network: let's enable adapters for our demonstrations. You will need to make sure that all enabled adapters use an Adapter-Type of Paravirtualized Network (virtio-net) or the dataplane will not come up. Select Network

      1. Adapter 1 should be attached as 'Bridged Adapter'

        1. Click Advanced

        2. Select Adapter Type: Paravirtualized Network (virtio-net)

          Image Modified

      2. Select Adapter 2, Select Enable and Select Internal Network and take the default name as ‘intnet’

        1. select Advanced and chose Adapter Type: Paravirtualized Network (virtio-net) like adapter 1.

        2. we will attach traffic source and traffic sink to this internal VB network and use static IP address

          Image Modified

      3. Repeat for Adapter 3 and 4 just like Adapter 2 with the same name for the internal network (you can use a different internal network name but then we have to set that same name for the other VMs and for a local demonstration it is not needed.

        1. We enabled Adapter 4 in case you want to try more advanced routing options but it is not used in this setup.

  4. Start the machine
    There should not be a long delay if the Adapters are set correctly and you should see dp0p0s3 starting DHCP. After a minutes you should be at the console port with a login prompt

    Image Modified

  5. Login at vyatta/vyatta (or your chosen password)

  6. show interfaces should show the dp0p0s3 interfaces as u/u

    Image Modified

  7. if you need to edit networking you may need to add your login to the superuser status.

    1. Enter config mode

    2. set system login user vyatta level superuser

    3. commit

    4. exit

    5. log out of the machine and login

    6. you should be able to sudo and edit /etc/network/interfaces as needed

  8. You should be able to login to the vRR using telnet/putty to the IP listed.

    Image Modified

  9. Lets Configure DANOS for our demonstration

    1. enter config mode

    2. set interface dataplane dp0p0s8 address

    3. set interface dataplane dp0p0s9 address

    4. commit

    5. show interfaces

    6. exit

    7. show interfaces

      Image Modified

  10. Create a Traffic Sink

    1. Create a Ubuntu VM (you may need to download a Ubuntu ISO )

      1. 1 vcpu, 2 Gb memory , 10 Gb storage but even less memory is probably okay

      2. Adapter 1 should be NAT

      3. Adapter 2 should be enabled on the Internal Network with the same name as the vRR

      4. There is no need for advanced settings.

      5. The Ubuntu install will automatically remove the iso image during the install so simply hit enter on the reboot after install.

    2. I enable Adapter 1, login and do apt update, apt install lighttpd, apt install curl, apt install net-tools , apt install traceroute and then disable Adapter 1.

      1. This may not be needed if your networking environment doesn't confuse Ubuntu like mine did (smile)

      2. You may need to add a corporate proxy to your API installation

        1. sudo vi /etc/apt/apt.conf.d/proxy.conf

        2. Acquire::http::Proxy "http://yourproxyaddress:proxyport";

    3. You can use Ubuntu → Settings → Network to set the static IP address on the dp0p0s8 adapter
      IPv4 Manual

      Image Modified

      Image Modified

    4. Make sure curl http://127.0.01/ returns some html and you can ping the gateway on the traffic-SINK

      Image Modified

  11. Repeat for the Traffic-Source but use, as the gateway

    Image Modified

  12. Test
    You should be able to ping the address from the Traffic Source ( and vice versa. Curl from the traffic-SINK should work to the from
    show interface counters should reflect the routing through the vRR

    Image Modified

  13. You can update the DANOS firewall rules and enable/disable the firewall to test a Port 80 connection policy just like the Openstack use case.

    1. Create a Firewall policy and attach it to interface dp0p0s8 (the traffic-SOURCE ingress port towards the traffic-SINK)

      vyatta@vyatta:~$ config
      vyatta@vyatta# set security firewall name Test80 description "Allow port 80"
      vyatta@vyatta# set security firewall name Test80 rule 100 destination address
      vyatta@vyatta# set security firewall name Test80 rule 100 destination port 80
      vyatta@vyatta# set security firewall name Test80 rule 100 protocol tcp
      vyatta@vyatta# set security firewall name Test80 rule 100 action accept
      vyatta@vyatta# set interfaces dataplane dp0p0s8 firewall in Test80

    2. Curl should still work but ping will fail because the policy does not allow ICMP through.

    3. Disable port 80

      set security firewall name Test80 rule 100 action drop

      Image Modified

    4. Curl should also be blocked now

    5. Enable Curl on port 80 with:

      set security firewall name Test80 rule 100 action accept


vyatta@vyatta# set security firewall name Test80 rule 110 destination address
vyatta@vyatta# set security firewall name Test80 rule 110 protocol icmp
vyatta@vyatta# set security firewall name Test80 rule 110 action accept
vyatta@vyatta# commit

Image Modified

Image Modified

g. Turn on UDP to permit traceroute through so we can see the vRR is doing the routing.

vyatta@vyatta# set security firewall name Test80 rule 120 destination address
vyatta@vyatta# set security firewall name Test80 rule 120 protocol udp
vyatta@vyatta# set security firewall name Test80 rule 120 action accept
vyatta@vyatta# commit


Image Modified

You should be able to extend this How-To for more features and different topologies depending on how much memory/cpu you have available.