NSX-T infrastructure as code - SDDC deployment

Related tags

Networkingsddc-demos
Overview

Deploy NSX-T Infrastructure - Simple Topology

by Nicolas MICHEL @vpackets / LinkedIn

Introduction

The purpose of this entire repository is to automate the deployment of an NSX-T infrastructure.

Infrastructure Deployed

This repository will deploy the following virtual machines:

  • 1x NSX-T Manager
  • 6x NSX-T Edge (4 Used in the topology + 2 unused for random testing)

This repository will configure the following on NSX-T:

  • NSX-T: Compute Manager
  • NSX-T: License
  • NSX-T: Uplink Profiles
  • NSX-T: IP Pools
  • NSX-T: Transport Zones
  • NSX-T: Transport Zones Profiles
  • NSX-T: Transport Nodes
  • NSX-T: Edge Clusters

Topology used

This topology will be used in this particular example:

BGP P2P Topology

Simple Topology

This topology will deploy 2 T0 installed on 4 different edge nodes.

Tenant 01:

  • 1x T0 will be installed on Edge node 01 and Edge node 02 [Edge Cluster 01]
    • HA Mode: Active / Standby - Preemption
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Tenant 02:

  • 1x T0 will be installed on Edge node 03 and Edge node 04 [Edge Cluster 02]
    • HA Mode: Active / Active
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Deployment

01 - Deploy NSX-T Infrastructure - Ansible

In this playbook Ansible will deploy and configure the following:

  • One NSX-T Manager.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-manager.yml

02 - vCenter Registration to the NSX-T Manager - REST API

In this task, vCenter will be registered to the NSX-T manager using REST API

URL and Authentication need to be provided in the nsxt_parameters.py file

/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_register.py
/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_verify.py

03 - NSX-T Basic Configuration - Ansible

In this task, the following will be configured on the NSX-T Manager:

  • Configure the NSX-T License
  • Configure the IP Pool
  • Configure the Transport Zone
  • Confgiure the Transport node Profile
  • Deploy NSX-T on all hypervisors in a particular cluster.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-infra.yml

03 - NSX-T IPv6 / MTU / EVPN Pool / BFD Profile / Edge Cluster Profile

In this task, the following will be configured on the NSX-T Manager:

  • Enable IPv6 in NSX-T
  • Set MTU to 9000 in NSX-T
  • Set an EVPN Pool (for future use)
  • Set BFD Profile for VM and BM edge nodes
  • Create the edge cluster profiles.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

04 - Deploy Edges - ANSIBLE

6 Edges nodes will be deployed in this topology

URL and Authentication need to be provided in the nsxt_parameters.py file

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

05 - Create VM Template

Please refer to the following repo: https://github.com/cloudmaniac/packer-templates

06 - Deploy Virtual Machines

Please refer to the following repo: https://github.com/cloudmaniac/terraform-deploy-vmware-vm

Notes

User must configure answerfile.yml and provide credential/URL for the Python scripts to work

Owner
GitHub Repository
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.

Tor Network Top 100 IPs Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool. Just execute top100ipstor.py to get th

Juan Manuel 0 Jan 23, 2022
This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )

This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID

12 Dec 13, 2022
Utility for converting IP Fabric webhooks into a Teams format.

IP Fabric Webhook Integration for Microsoft Teams and/or Slack Setup IP Fabric Setup Go to Settings Webhooks Add webhook Provide a name URL will b

Community Fabric 1 Jan 26, 2022
Very simple and tiny file sharing service written in python

Simple File sharing tool Sharing client usage (You will need to use python3 for linux) main.py --send -f file/path Optionnal flags : pwd : set a passw

2 Jul 26, 2022
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface

1.6k Jan 01, 2023
No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers.

nntpserver.py No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers for python =3.7. Develope

Manos Pitsidianakis 44 Nov 14, 2022
Simple P2P application for sending files over open and forwarded network ports.

FileShareV2 A major overhaul to the V1 (now deprecated) FileShare application. V2 brings major improvements in both UI and performance. V2 is now base

Michael Wang 1 Nov 23, 2021
Extended refactoring capabilities for Python LSP Server using Rope.

pylsp-rope Extended refactoring capabilities for Python LSP Server using Rope. This is a plugin for Python LSP Server, so you also need to have it ins

36 Dec 24, 2022
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

📡 WebMap A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation

Iliass Alami Qammouri 274 Jan 01, 2023
ProtOSINT is a Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses

ProtOSINT ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you i

pixelbubble 249 Dec 23, 2022
EUserv - A Python script which can help you renew your free EUserv IPv6 VPS

English | 简体中文 This project comes from https://github.com/a-beam-of-light/eu_ex

阿两 0 Jan 06, 2022
CORS Bypass Proxy Cloud Function

CORS Bypass Proxy Cloud Function

Elayamani K 1 Oct 23, 2021
VRF-StarkNet - Contracts for verifiable randomness on StarkNet

VRF-StarkNet Contracts for verifiable randomness on StarkNet Motivation Deployed

Non 32 Oct 30, 2022
Decentra Network is an open source blockchain that combines speed, security and decentralization.

Decentra Network is an open source blockchain that combines speed, security and decentralization. Decentra Network has very high speeds, scalability, asymptotic security and complete decentralization

Decentra Network 74 Nov 22, 2022
MoreIP 一款基于Python的面向 MacOS/Linux 用户用于查询IP/域名信息的日常渗透小工具

MoreIP 一款基于Python的面向 MacOS/Linux 用户用于查询IP/域名信息的日常渗透小工具

xq17 9 Sep 21, 2022
Simple DNS resolver for asyncio

Simple DNS resolver for asyncio aiodns provides a simple way for doing asynchronous DNS resolutions using pycares. Example import asyncio import aiodn

Saúl Ibarra Corretgé 471 Dec 27, 2022
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Mariusz B. 715 Dec 25, 2022
API to establish connection between server and client

Socket-programming API to establish connection between server and client, socket.socket() creates a socket object that supports the context manager ty

Muziwandile Nkomo 1 Oct 30, 2021
This is the code repository for Mastering Python for Networking and Security – Second Edition

Mastering Python for Networking and Security – Second Edition This is the code repository for Mastering Python for Networking and Security – Second Ed

Frank Gottinger 1 Feb 09, 2022
NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

TRIKKSS 5 Oct 05, 2022