NSX-T infrastructure as code - SDDC deployment

Related tags

Networkingsddc-demos
Overview

Deploy NSX-T Infrastructure - Simple Topology

by Nicolas MICHEL @vpackets / LinkedIn

Introduction

The purpose of this entire repository is to automate the deployment of an NSX-T infrastructure.

Infrastructure Deployed

This repository will deploy the following virtual machines:

  • 1x NSX-T Manager
  • 6x NSX-T Edge (4 Used in the topology + 2 unused for random testing)

This repository will configure the following on NSX-T:

  • NSX-T: Compute Manager
  • NSX-T: License
  • NSX-T: Uplink Profiles
  • NSX-T: IP Pools
  • NSX-T: Transport Zones
  • NSX-T: Transport Zones Profiles
  • NSX-T: Transport Nodes
  • NSX-T: Edge Clusters

Topology used

This topology will be used in this particular example:

BGP P2P Topology

Simple Topology

This topology will deploy 2 T0 installed on 4 different edge nodes.

Tenant 01:

  • 1x T0 will be installed on Edge node 01 and Edge node 02 [Edge Cluster 01]
    • HA Mode: Active / Standby - Preemption
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Tenant 02:

  • 1x T0 will be installed on Edge node 03 and Edge node 04 [Edge Cluster 02]
    • HA Mode: Active / Active
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Deployment

01 - Deploy NSX-T Infrastructure - Ansible

In this playbook Ansible will deploy and configure the following:

  • One NSX-T Manager.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-manager.yml

02 - vCenter Registration to the NSX-T Manager - REST API

In this task, vCenter will be registered to the NSX-T manager using REST API

URL and Authentication need to be provided in the nsxt_parameters.py file

/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_register.py
/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_verify.py

03 - NSX-T Basic Configuration - Ansible

In this task, the following will be configured on the NSX-T Manager:

  • Configure the NSX-T License
  • Configure the IP Pool
  • Configure the Transport Zone
  • Confgiure the Transport node Profile
  • Deploy NSX-T on all hypervisors in a particular cluster.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-infra.yml

03 - NSX-T IPv6 / MTU / EVPN Pool / BFD Profile / Edge Cluster Profile

In this task, the following will be configured on the NSX-T Manager:

  • Enable IPv6 in NSX-T
  • Set MTU to 9000 in NSX-T
  • Set an EVPN Pool (for future use)
  • Set BFD Profile for VM and BM edge nodes
  • Create the edge cluster profiles.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

04 - Deploy Edges - ANSIBLE

6 Edges nodes will be deployed in this topology

URL and Authentication need to be provided in the nsxt_parameters.py file

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

05 - Create VM Template

Please refer to the following repo: https://github.com/cloudmaniac/packer-templates

06 - Deploy Virtual Machines

Please refer to the following repo: https://github.com/cloudmaniac/terraform-deploy-vmware-vm

Notes

User must configure answerfile.yml and provide credential/URL for the Python scripts to work

Owner
GitHub Repository
A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook

k8s-tcpdump-webhook A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook Build and Deploy Build docker image; docker build -

Bilal Ünal 2 Sep 01, 2022
A simple implementation of an RPC toolkit

Simple RPC With Raw Sockets Repository for the Data network course project: Introduction In this project, you will attempt to code a simple implementa

Milad Samimifar 1 Mar 25, 2022
Dokumentasi belajar Network automation

Repositori belajar network automation dengan Docker, Python & GNS3 Using Frameworks and integrate with: Paramiko Netmiko Telnetlib CSV SFTP Netmiko, S

Daniel.Pepuho 3 Mar 15, 2022
E4GL3OS1NT - Simple Information Gathering Tool

E4GL30S1NT Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find email with specific name godorker - d

C0MPL3XDEV 195 Dec 21, 2022
An opensource library to use SNMP get/bulk/set/walk in Python

SNMP-UTILS An opensource library to use SNMP get/bulk/set/walk in Python Features Work with OIDS json list [Find Here](#OIDS List) GET command SET com

Alexandre Gossard 3 Aug 03, 2022
mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Fox-IT 1.3k Jan 05, 2023
The Delegate Network: An Interactive Voice Response Delegative Democracy Implementation of Liquid Democracy

The Delegate Network Overview The delegate network is a completely transparent, easy-to-use and understand version of what is sometimes called liquid

James Bowery 2 Feb 25, 2022
Very simple FTP client, sync folder to FTP server, use python, opensource

ftp-sync-python Opensource, A way to safe your data, avoid lost data by Virus, Randsomware Some functions: Upload a folder automatically to FTP server

4 Sep 13, 2022
Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect

wifi-password Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect. Works on macOS and Li

Siddharth Dushantha 2.6k Jan 05, 2023
No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers.

nntpserver.py No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers for python =3.7. Develope

Manos Pitsidianakis 44 Nov 14, 2022
Python Scripts for Cisco Identity Services Engine (ISE)

A set of Python scripts to configure a freshly installed Cisco Identity Services Engine (ISE) for simple operation; in my case, a basic Cisco Software-Defined Access environment.

Roddie Hasan 9 Jul 19, 2022
gRPC typing stubs for Python

gRPC Typing Stubs for Python This is a PEP-561-compliant stub-only package which provides type information of gRPC. Install using pip: pip install grp

Blake Williams 27 Dec 20, 2022
Out-of-box Python RPC framework

typed-jsonrpc Out-of-box Python RPC framework. WIP. Make LSP easy for everyone. The conception of final usage: from typed_jsonrpc import * ls = Langu

Taine Zhao 4 Dec 28, 2021
Compare the contents of your hosted and proxy repositories for coordinate collisions

Nexus Repository Manager dependency/namespace confusion checker This repository contains a script to check if you have artifacts containing the same n

Sonatype Community 59 Mar 31, 2022
A Python3 discord trojan, utilizing discord webhooks for sending information.

Vape-Lite-RAT A Python3 discord trojan, utilizing discord webhooks for sending information. What you do with this code / project / idea is non of my b

NightTab 12 Oct 15, 2022
This python script can change the mac address after some attack

MAC-changer Hello people, this python script was written for people who want to change the mac address after some attack, I know there are many ways t

5 Oct 10, 2022
A simple, personal chat program that runs on a single computer. No Internet, just you.

MultiChat A simple, personal chat program that runs on a single computer. No Internet, just you. Simple and Local MultiChat was created with ease of u

Owls 2 Aug 19, 2022
Usbkill - an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

Usbkill - an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

Hephaestos 4.1k Dec 30, 2022
This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

Nord Fondkommission AB 2 Dec 15, 2021
HTTP proxy pool server primarily meant for evading IP whitelists

proxy-forwarder HTTP proxy pool server primarily meant for evading IP whitelists. Setup Create a file named proxies.txt and fill it with your HTTP pro

h0nda 2 Feb 19, 2022