NSX-T infrastructure as code - SDDC deployment

Related tags

Networkingsddc-demos
Overview

Deploy NSX-T Infrastructure - Simple Topology

by Nicolas MICHEL @vpackets / LinkedIn

Introduction

The purpose of this entire repository is to automate the deployment of an NSX-T infrastructure.

Infrastructure Deployed

This repository will deploy the following virtual machines:

  • 1x NSX-T Manager
  • 6x NSX-T Edge (4 Used in the topology + 2 unused for random testing)

This repository will configure the following on NSX-T:

  • NSX-T: Compute Manager
  • NSX-T: License
  • NSX-T: Uplink Profiles
  • NSX-T: IP Pools
  • NSX-T: Transport Zones
  • NSX-T: Transport Zones Profiles
  • NSX-T: Transport Nodes
  • NSX-T: Edge Clusters

Topology used

This topology will be used in this particular example:

BGP P2P Topology

Simple Topology

This topology will deploy 2 T0 installed on 4 different edge nodes.

Tenant 01:

  • 1x T0 will be installed on Edge node 01 and Edge node 02 [Edge Cluster 01]
    • HA Mode: Active / Standby - Preemption
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Tenant 02:

  • 1x T0 will be installed on Edge node 03 and Edge node 04 [Edge Cluster 02]
    • HA Mode: Active / Active
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Deployment

01 - Deploy NSX-T Infrastructure - Ansible

In this playbook Ansible will deploy and configure the following:

  • One NSX-T Manager.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-manager.yml

02 - vCenter Registration to the NSX-T Manager - REST API

In this task, vCenter will be registered to the NSX-T manager using REST API

URL and Authentication need to be provided in the nsxt_parameters.py file

/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_register.py
/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_verify.py

03 - NSX-T Basic Configuration - Ansible

In this task, the following will be configured on the NSX-T Manager:

  • Configure the NSX-T License
  • Configure the IP Pool
  • Configure the Transport Zone
  • Confgiure the Transport node Profile
  • Deploy NSX-T on all hypervisors in a particular cluster.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-infra.yml

03 - NSX-T IPv6 / MTU / EVPN Pool / BFD Profile / Edge Cluster Profile

In this task, the following will be configured on the NSX-T Manager:

  • Enable IPv6 in NSX-T
  • Set MTU to 9000 in NSX-T
  • Set an EVPN Pool (for future use)
  • Set BFD Profile for VM and BM edge nodes
  • Create the edge cluster profiles.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

04 - Deploy Edges - ANSIBLE

6 Edges nodes will be deployed in this topology

URL and Authentication need to be provided in the nsxt_parameters.py file

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

05 - Create VM Template

Please refer to the following repo: https://github.com/cloudmaniac/packer-templates

06 - Deploy Virtual Machines

Please refer to the following repo: https://github.com/cloudmaniac/terraform-deploy-vmware-vm

Notes

User must configure answerfile.yml and provide credential/URL for the Python scripts to work

Owner
GitHub Repository
Official ProtonVPN Linux app

ProtonVPN Linux App Copyright (c) 2021 Proton Technologies AG This repository holds the ProtonVPN Linux App. For licensing information see COPYING. Fo

ProtonVPN 288 Jan 01, 2023
A web-based app that allows easy, simple - and if desired high-throughput - analysis of qPCR data

qpcr-Analyser A web-based GUI for the qpcr package that allows easy, simple and high-throughput analysis of qPCR data. As is described in more detail

1 Sep 13, 2022
Control your Puffco Peak Pro from your computer!

PuffcoPC Control your Puffco Peak Pro from your computer! Contributions Pull requests are welcome. For major changes, please open an issue first to di

Bryan Muschter 5 Nov 02, 2022
Whoisss is a website information gatharing Tool.

Whoisss Whoisss is a website information gatharing Tool. You can cse it to collect information about website. Usage apt-get update apt-get upgrade pkg

Md. Nur habib 2 Jan 23, 2022
The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

Nelson Wenner 2 Apr 01, 2022
An open source bias lighting program which syncs up colored lights to the contents of your screen.

About Firelight Firelight is an open source bias lighting program which syncs up colored lights to the contents of your screen or TV, providing an imm

Roshan 18 Dec 18, 2022
Qtas(Quite a Storage)is an experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Qtas(Quite a Storage)is a experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Jiaming Zhang 3 Jan 12, 2022
mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Fox-IT 1.3k Jan 05, 2023
MQTT Explorer - MQTT Subscriber client to explore topic hierarchies

mqtt-explorer MQTT Explorer - MQTT Subscriber client to explore topic hierarchies Overview The MQTT Explorer subscriber client is designed to explore

Gambit Communications, Inc. 4 Jun 19, 2022
A simple hosts picker for Microsoft Services

A simple Python scrip for you to select the fastest IP for Microsoft services.

Konnyaku 394 Dec 17, 2022
ExtDNS synchronizes labeled records in docker-compose with DNS providers.

ExtDNS for docker-compose ExtDNS synchronizes labeled records in docker-compose with DNS providers. Inspired by External DNS, ExtDNS makes resources d

DNTSK 6 Dec 24, 2022
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

Build custom OSINT tools and APIs with this python package - It includes different OSINT modules (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whoi

QeeqBox 52 Jan 06, 2023
ServerStatus with node management and monitor

ServerStatus with node management and monitor

lidalao 162 Jan 01, 2023
This is the code repository for the USENIX Security 2021 paper, "Weaponizing Middleboxes for TCP Reflected Amplification".

weaponizing-censors Censors pose a threat to the entire Internet. In this work, we show that censoring middleboxes and firewalls can be weaponized by

UMD Breakerspace 119 Dec 31, 2022
Multipurpose Growtopia Server tools, can be used for newbie to learn things.

Multipurpose Growtopia Server tools, can be used for newbie to learn things.

FelixF 3 Dec 01, 2021
Tripwire monitors ports and icmp to send the admin a message if somebody is scanning a machine that shouldn't be touched

Tripwire monitors ports and icmp to send the admin a message if somebody is scanning a machine that shouldn't be touched

3 Apr 05, 2022
Ping Verification Python Script

Python Script Port Scanner Script WHAT IS IT? Port scanner script using Python. HOW IT WORKS Once the script has been executed, it will request the ta

AC 0 Dec 12, 2021
EV: IDS Evasion via Packet Manipulation

EV: IDS Evasion via TCP/IP Packet Manipulation 中文文档 Introduction EV is a tool that allows you crafting TCP packets and leveraging some well-known TCP/

256 Dec 08, 2022
GitHub action for sspanel automatically checks in to get free traffic quota

SSPanel_Checkin This is a dish chicken script for automatic check-in of sspanel for GitHub action, It is only applicable when there is no verification

FeedCatWithFish 7 Apr 28, 2022
Ip-Seeker - See Details With Public Ip && Find Web Ip Addresses

IP SEEKER See Details With Public Ip && Find Web Ip Addresses Tool By Heshan

M.D.Heshan Sankalpa 1 Jan 02, 2022