Table of Contents

Summary

This chapter describes installation or upgrade of Traffic Dictator, and basic configuration to enable network connectivity.

Traffic Dictator is supplied in 2 forms: (1) Docker container; (2) Virtual machine. Please check the relevant section for installation instructions.

TD quick start with Containerlab

To quickly run a pre-configured topology of Traffic Dictator with Cisco XRd or Arista cEOS in Containerlab environment, check the following guide:

https://vegvisir.ie/2024/06/11/traffic-dictator-quick-start-with-containerlab/

Install or upgrade Traffic Dictator container

Download the image from https://vegvisir.ie/downloads/, upload to your host that runs containers.

Load the image to Docker:

sudo docker load -i traffic-dictator-1.1.tar.gz

Verify the image has been imported correctly:

dima@container-lab:~$ sudo docker images
REPOSITORY                 TAG       IMAGE ID       CREATED        SIZE
traffic_dictator           1.1       24cbb5dc47b1   2 hours ago    1.56GB

Then there are multiple ways to run the container.

If you have an existing configuration, or upgrading from an older version, run the container with provided config, for example:

sudo docker run --name traffic-dictator --hostname TD1 -v /home/dima/TD_config_ISIS:/usr/local/td/startup-config --privileged -d traffic_dictator:1.1

Alternatively, run TD with default config:

sudo docker run --name traffic-dictator --hostname TD1 --privileged -d traffic_dictator:1.1

If you want TD to use host networking:

sudo docker run --name traffic-dictator --hostname TD1 --privileged --network=host -d traffic_dictator:1.1

Verify the container runs:

dima@container-lab:~$ sudo docker ps
CONTAINER ID   IMAGE                  COMMAND        CREATED         STATUS         PORTS                              NAMES
5d5baa0db4c4   traffic_dictator:1.1   "/sbin/init"   6 seconds ago   Up 5 seconds   22/tcp, 80/tcp, 179/tcp, 443/tcp   traffic-dictator

Wait for 2-3 minutes after the container started so that all processes can start correctly.

Connect to container:

sudo docker exec -ti traffic-dictator /bin/bash

Verify that TD is running:

root@TD1:/# systemctl status td
● td.service - Vegvisir Systems Traffic Dictator
     Loaded: loaded (/etc/systemd/system/td.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-06-05 11:14:52 UTC; 4s ago
       Docs: https://vegvisir.ie/
   Main PID: 10620 (traffic_dictato)
      Tasks: 3 (limit: 10834)
     Memory: 2.6M
        CPU: 8ms
     CGroup: /system.slice/td.service
             ├─10620 /bin/bash /usr/local/td/traffic_dictator_start.sh
             ├─10622 /usr/local/td/td_policy_engine
             └─10623 /bin/sleep 5

Jun 05 11:14:52 TD1 systemd[1]: Started td.service - Vegvisir Systems Traffic Dictator.
Jun 05 11:14:52 TD1 traffic_dictator_start.sh[10620]: Requested Traffic Dictator start
Jun 05 11:14:52 TD1 traffic_dictator_start.sh[10620]: Starting Policy Engine...
Jun 05 11:14:52 TD1 traffic_dictator_start.sh[10622]: Policy engine started at: 2024-06-05 11:14:52.522

Connect to CLI:

root@TD1:/# tdcli
### Welcome to the Traffic Dictator CLI! ###
TD1#

Alternatively, you can connect to TD CLI directly when connecting to Docker container:

sudo docker exec -ti traffic-dictator tdcli

Configure container networking

TD uses IP addresses configured on the container. Docker by default allocates IP addresses from 172.17.0.0/16 subnet and your container will get one of those addresses. It is possible to add more interfaces using Docker CLI, e.g. :

sudo docker network create net1

sudo docker network connect net1 traffic-dictator

This will create a new network net1, connect TD to this network and assign an IP address from configured range. Container orchestration tools like Kubernetes use their own networking modules.

From inside the container, you can use the regular linux ip commands such as “ip address add”, “ip route add” etc to manage networking.

Containerlab configuration

To connect Traffic Dictator to Container-lab as an external container, add this to .clab.yml file (replace with your IP addresses and interface names).

topology:
  nodes:
    # other nodes
    traffic-dictator:
      kind: ext-container
      exec:
        - ip address add 192.168.0.1/24 dev eth1
        - ip -6 address add 2001:192::1/64 dev eth1

  links:
    # other endpoints
    - endpoints: ["R1:Gi0-0-0-3", "traffic-dictator:eth1"]

Alternatively, if you run the container with “–network=host” argument, it will use IP addresses of your host.

Export relevant data from docker container

For system backup, software upgrade or troubleshooting you might want to export some files from container.

Export startup-config:

sudo docker cp traffic-dictator:/usr/local/td/startup-config TD_config.txt

Export logs:

sudo docker exec traffic-dictator sh -c 'tar cvf /tmp/TD_logs.tar /var/log/traffic_dictator.log*' && sudo docker cp traffic-dictator:/tmp/TD_logs.tar TD_logs.tar

Export historic show techs:

sudo docker exec traffic-dictator sh -c 'tar cvf /tmp/historic_show_tech.tar /usr/local/td/tech-support' && sudo docker cp traffic-dictator:/tmp/historic_show_tech.tar historic_show_tech.tar

Install or upgrade Traffic Dictator VM

TBD

Install licenses

Commercial deployment of TD requires an active license. It also includes technical support. Without a license, all functionality is available but the scale is limited to 50 policies, which should be sufficient for evaluation and studying.

To install a license obtained from Vegvísir Systems, add the following config using TD CLI:

root@TD1:/# tdcli
### Welcome to the Traffic Dictator CLI! ###
TD1#configure 
TD1(config)#management licenses 
TD1(config-mgmt-licenses)#license general 
TD1(config-mgmt-licenses-general)#key <your license key>

Verify the license has been installed:

TD1#show logging | grep license
...
2024-06-20 08:47:51,251 TD1 INFO: Policy-engine: Received license update
2024-06-20 08:47:51,251 TD1 INFO: Policy-server: Activated license for company Vegvisir Systems, valid until 2025-12-31


TD1#sh ver
Traffic Dictator by Vegvisir Systems

Software version: 1.1
Image build date: 2024-06-20

System start time: June 20, 2024 08:29:18
Uptime: 2 hours, 4 minutes, 13 seconds

Documentation: https://vegvisir.ie/documentation/
Support: support@vegvisir.ie

Installed license:
  Company name:   Vegvisir Systems
  Valid until:    2025-12-31

Note: if you have configured more than 50 policies without a valid license and then installed a license, run “clear traffic-eng *” to recalculate all inactive policies.

Verify TD health status

Run “show tech-support” to collect all diagnostics information about current TD instance.

show tech-support  | gzip > /usr/local/td/show-tech-$HOSTNAME-$(date +%m_%d.%H%M).gz

Copy generated tech-support file from container to host:

sudo docker cp traffic-dictator:/usr/local/td/show-tech-TD1-06_05.1135.gz show-tech-TD1-06_05.1135.gz

Advanced networking configuration

While Traffic Dictator has a BGP daemon, it is used to collect network topology information and install SR-TE policies, so TD relies on system configuration for underlay networking. For advanced deployments it is possible to install a routing daemon such as FRR in a container or VM.

Install FRR:

apt-get install frr
systemctl enable frr
systemctl start frr

Add a static route:

root@TD1:/# vtysh

Hello, this is FRRouting (version 8.4.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

TD1# configure terminal 
TD1(config)# ip route 10.0.0.0/24 192.168.0.101

Verify routing:

TD1# show ip route
---
S>* 10.0.0.0/24 [1/0] via 192.168.0.101, eth1, weight 1, 00:03:15


root@TD1:/# ip route ls
---
10.0.0.0/24 nhid 10 via 192.168.0.101 dev eth1 proto static metric 20

Similarly, it is possible to use dynamic routing protocols such as OSPF or BGP to provide underlay connectivity between TD and the network.