Setting Up VyOS In GNS3 And Basic Configuration

In this lab I will show you how you can add and setup VyOS in GNS3.

What is VyOS?

VyOS is an open source network operating system based on Debian GNU/Linux. VyOS provides a free routing platform that competes directly with other commercially available solutions from well known network providers.

it is able to be used as a router and firewall platform for cloud deployments.

You can download the .iso file directly from VyOS.io website under the following link [https://support.vyos.io/en/downloads]

How to setup VyOS in GNS3?

Step 1:In GNS3 click on Routers, then New Template, depending on if you are running a GNS3 like I am in my case select the first option Install an appliance from the GNS3 server (recommended).

Step 2: Click Next and you will be taken to the Appliances from Server screen. Here select Routers and menu will expand where you can find a number of routers from different vendors. Also on the top of this list you can type in the device you are looking for within the filter field.

how%20to%20add%20to%20GNS3.jpg

Step 3:Select VyOS and click Install

Step 4: Leave the option Install the appliance on the GNS3 VM (recommended) which in my case is the only option that I can choose, since I chose to install appliance from GNS3 server in Step 1. Again click Next.

Step 5: Now select the version from the list. I chose version 1.1.8 since that was the only version available for download at the time of this lab. You will see Missing Files, select the file vyos-1.1.8-amd64.iso and click on import. Locate the file on your local drive where you have downloaded the ISO image from VyOS downloads

Select empty8G.qcow2 and import file by locating it on your hard drive. This file can be downloaded from https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/

Step 6: Once both files have been imported and you see Ready to install, click Next. You will be prompted "Would you like to install VyOS version 1.1.8?" select Yes and the router will appear in router category. Click Finish.

Step 7 (optional): You can change the icon used for this router in the Router category by right click > configure template and Browse Symbol and select the icon of your choice. I have chosen an icon which I downloaded from GNS3 repository on Github.

You can then start a new project in GNS3 and build your lab topology. Once a topology of your choice is setup start the nodes.

Lab setup

VyOS%20lab%20topology.png

Initial Configuration

Once the VyOS router/firewall boots up, login using the default credentials admin: vyos and password: vyos.

The command line interface is quite similar to Junos, but has some variation in commands e.g on Junos to display the set commands we would type

show configuration | display set

however in VyOS we would type

show configuration commands

To check the version

vyos@vyos:~$ show version 
Version:      VyOS 1.1.8
Description:  VyOS 1.1.8 (helium)
Copyright:    2017 VyOS maintainers and contributors
Built by:     maintainers@vyos.net
Built on:     Sat Nov 11 13:44:36 UTC 2017
Build ID:     1711111344-b483efc
System type:  x86 64-bit
Boot via:     livecd
Hypervisor:   KVM
HW model:     Standard PC (i440FX + PIIX, 1996)
HW S/N:       Not Specified
HW UUID:      79B53F5E-6A84-3041-A788-6DAAE2590EA7
Uptime:       23:26:54 up 56 min,  1 user,  load average: 0.00, 0.01, 0.03

Interface configuration
Below is an example configuration I did on R1. Interfaces on other routers will be configured similarly.

set interfaces ethernet eth0 address '10.10.10.1/30'
set interfaces ethernet eth0 description 'to VyOS Router 2 eth0'
set interfaces ethernet eth0 hw-id '0c:85:58:bf:2c:00'
set interfaces ethernet eth1 address '10.10.14.1/24'
set interfaces ethernet eth1 description 'to VyOS Router 4 eth1'
commit

!---Let's verify the interface status

vyos@vyos:~$ show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             10.10.10.1/30                     u/u  
                                                        to 
                                                        VyOS 
                                                        Router 
                                                        2 
                                                        eth0 
eth1             10.10.14.1/24                     u/u  
                                                        to 
                                                        VyOS 
                                                        Router 
                                                        4 
                                                        eth1 
eth2             -                                 u/D  
lo               127.0.0.1/8                       u/u  
                 ::1/128

As you may see that the State is Up and Link is Up. I did not find this output to be impressive in terms of the details it provides as well as how it is formatted. However the show interface details command gives more details. Looks similar to linux ip link output.

vyos@vyos:~$ show interfaces detail 
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0c:85:58:bf:2c:00 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/30 brd 10.10.10.3 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e85:58ff:febf:2c00/64 scope link 
       valid_lft forever preferred_lft forever
    Description: to VyOS Router 2 eth0

    RX:  bytes    packets     errors    dropped    overrun      mcast
          9228        109          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
         10264        121          0          0          0          0
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0c:85:58:bf:2c:01 brd ff:ff:ff:ff:ff:ff
    inet 10.10.14.1/24 brd 10.10.14.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::e85:58ff:febf:2c01/64 scope link 
       valid_lft forever preferred_lft forever
    Description: to VyOS Router 4 eth1

    RX:  bytes    packets     errors    dropped    overrun      mcast
          8812        107          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
         10552        123          0          0          0          0
eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 0c:85:58:bf:2c:02 brd ff:ff:ff:ff:ff:ff

    RX:  bytes    packets     errors    dropped    overrun      mcast
             0          0          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
             0          0          0          0          0          0
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

    RX:  bytes    packets     errors    dropped    overrun      mcast
        422224       6974          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
        422224       6974          0          0          0          0

OSPF configuration

I will enable OSPF on all the routers and they all will participate in Area 0.

set protocols ospf area 0 network '10.10.10.0/30'
set protocols ospf area 0 network '10.10.14.0/24'          !---I could have changed the area id for this interface connected to R4

Now lets check the OSPF neighbor adjacencies.

vyos@vyos:~$ show ip ospf interface 
eth0 is up
  ifindex 2, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST>
  Internet Address 10.10.10.1/30, Broadcast 10.10.10.3, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.10.10.1, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.10.10.1, Interface Address 10.10.10.1
  Backup Designated Router (ID) 10.10.10.2, Interface Address 10.10.10.2
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 9.303s
  Neighbor Count is 1, Adjacent neighbor count is 1
eth1 is up
  ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST>
  Internet Address 10.10.14.1/24, Broadcast 10.10.14.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.10.10.1, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State Backup, Priority 1
  Designated Router (ID) 10.10.14.4, Interface Address 10.10.14.4
  Backup Designated Router (ID) 10.10.10.1, Interface Address 10.10.14.1
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 9.303s
  Neighbor Count is 1, Adjacent neighbor count is 1
eth2 is down
  ifindex 4, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,MULTICAST>
  OSPF not enabled on this interface
lo is up
  ifindex 1, MTU 65536 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
  OSPF not enabled on this interface

And the neighbor adjacencies.
vyos@vyos:~$ show ip ospf neighbor        

    Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.10.10.2        1 Full/Backup       31.223s 10.10.10.2      eth0:10.10.10.1          0     0     0
10.10.14.4        1 Full/DR           37.236s 10.10.14.4      eth1:10.10.14.1          0     0     0

OSPF LSA types

Since we configured only Area 0, we will only see Type 1 and Type 2 LSA.

vyos@vyos:~$ show ip ospf database 

       OSPF Router with ID (10.10.10.1)

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.10.10.1      10.10.10.1      1048 0x80000006 0x481e 2
10.10.10.2      10.10.10.2       996 0x80000007 0xe768 2
10.10.14.4      10.10.14.4      1082 0x80000005 0x9815 1
10.10.23.3      10.10.23.3       997 0x80000003 0xb8d6 1

                Net Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum
10.10.10.1      10.10.10.1        18 0x80000002 0x835b
10.10.14.4      10.10.14.4      1082 0x80000001 0x6f59
10.10.23.3      10.10.23.3       998 0x80000001 0x4e61

BGP

I have configured eBGP between R4 and R3 using the loopback addresses.

R3 Loopback0: 3.3.3.3/32
R4 Loopback0: 4.4.4.4/32

both loopbacks have been added to OSPF, hence both routers can see the route and ping each other loopback interfaces.

vyos@VyOS-R4# run show ip ospf route    
============ OSPF network routing table ============
N IA 3.3.3.3/32            [40] area: 0.0.0.0
                           via 10.10.14.1, eth1
N    4.4.4.4/32            [10] area: 0.0.0.40
                           directly attached to lo
N    10.10.10.0/30         [20] area: 0.0.0.0
                           via 10.10.14.1, eth1
N    10.10.14.0/24         [10] area: 0.0.0.0
                           directly attached to eth1
N    10.10.23.0/24         [30] area: 0.0.0.0
                           via 10.10.14.1, eth1

============ OSPF router routing table =============
R    10.10.23.3            [30] area: 0.0.0.0, ABR
                           via 10.10.14.1, eth1

vyos@VyOS-R4# run ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3) 56(84) bytes of data.
64 bytes from 3.3.3.3: icmp_req=1 ttl=62 time=1.68 ms
64 bytes from 3.3.3.3: icmp_req=2 ttl=62 time=8.11 ms
64 bytes from 3.3.3.3: icmp_req=3 ttl=62 time=4.63 ms
64 bytes from 3.3.3.3: icmp_req=4 ttl=62 time=7.05 ms
64 bytes from 3.3.3.3: icmp_req=5 ttl=62 time=2.15 ms
64 bytes from 3.3.3.3: icmp_req=6 ttl=62 time=2.10 ms
^C
--- 3.3.3.3 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5024ms
rtt min/avg/max/mdev = 1.686/4.290/8.116/2.535 ms

As you may see from the output above 3.3.3.3 which is in Area 30 is being learned through OSPF and is appearing as an inter-area route.

Now lets configure BGP on both R3 and R4.

Note: I have configured the keepalive and holdtime timers, though they are the default values, I just hard coded the configuration, this may not be required when you configure unless you want to set it to a different value.

R3
set protocols bgp 65003 neighbor 4.4.4.4 ebgp-multihop '10'
set protocols bgp 65003 neighbor 4.4.4.4 remote-as '65004'
set protocols bgp 65003 neighbor 4.4.4.4 update-source 'lo'
set protocols bgp 65003 network '3.3.3.3/32'
set protocols bgp 65003 timers holdtime '180'
set protocols bgp 65003 timers keepalive '60'

R4
set protocols bgp 65004 neighbor 3.3.3.3 ebgp-multihop '10'
set protocols bgp 65004 neighbor 3.3.3.3 remote-as '65003'
set protocols bgp 65004 neighbor 3.3.3.3 update-source 'lo'
set protocols bgp 65004 network '4.4.4.4/32'
set protocols bgp 65004 timers holdtime '180'
set protocols bgp 65004 timers keepalive '60'

On R4 if we check the BGP peer status we can see that the peers are now in Established state, and 1 prefix the loopback that I had advertised through BGP is being received.

vyos@vyos:~$ show ip bgp summary 
BGP router identifier 4.4.4.4, local AS number 65004
IPv4 Unicast - max multipaths: ebgp 1 ibgp 1
RIB entries 3, using 288 bytes of memory
Peers 1, using 4560 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4 65003      50      52        0    0    0 00:48:04        1

Total number of neighbors 1

Complete configuration done on R1

Complete configuration done on R2

Complete configuration of R3

Complete configuration done on R4

Link to the official VyOS documentation https://docs.vyos.io/en/latest/index.html

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License