NSX-T infrastructure as code - SDDC deployment

Related tags

Networkingsddc-demos
Overview

Deploy NSX-T Infrastructure - Simple Topology

by Nicolas MICHEL @vpackets / LinkedIn

Introduction

The purpose of this entire repository is to automate the deployment of an NSX-T infrastructure.

Infrastructure Deployed

This repository will deploy the following virtual machines:

  • 1x NSX-T Manager
  • 6x NSX-T Edge (4 Used in the topology + 2 unused for random testing)

This repository will configure the following on NSX-T:

  • NSX-T: Compute Manager
  • NSX-T: License
  • NSX-T: Uplink Profiles
  • NSX-T: IP Pools
  • NSX-T: Transport Zones
  • NSX-T: Transport Zones Profiles
  • NSX-T: Transport Nodes
  • NSX-T: Edge Clusters

Topology used

This topology will be used in this particular example:

BGP P2P Topology

Simple Topology

This topology will deploy 2 T0 installed on 4 different edge nodes.

Tenant 01:

  • 1x T0 will be installed on Edge node 01 and Edge node 02 [Edge Cluster 01]
    • HA Mode: Active / Standby - Preemption
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Tenant 02:

  • 1x T0 will be installed on Edge node 03 and Edge node 04 [Edge Cluster 02]
    • HA Mode: Active / Active
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Deployment

01 - Deploy NSX-T Infrastructure - Ansible

In this playbook Ansible will deploy and configure the following:

  • One NSX-T Manager.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-manager.yml

02 - vCenter Registration to the NSX-T Manager - REST API

In this task, vCenter will be registered to the NSX-T manager using REST API

URL and Authentication need to be provided in the nsxt_parameters.py file

/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_register.py
/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_verify.py

03 - NSX-T Basic Configuration - Ansible

In this task, the following will be configured on the NSX-T Manager:

  • Configure the NSX-T License
  • Configure the IP Pool
  • Configure the Transport Zone
  • Confgiure the Transport node Profile
  • Deploy NSX-T on all hypervisors in a particular cluster.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-infra.yml

03 - NSX-T IPv6 / MTU / EVPN Pool / BFD Profile / Edge Cluster Profile

In this task, the following will be configured on the NSX-T Manager:

  • Enable IPv6 in NSX-T
  • Set MTU to 9000 in NSX-T
  • Set an EVPN Pool (for future use)
  • Set BFD Profile for VM and BM edge nodes
  • Create the edge cluster profiles.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

04 - Deploy Edges - ANSIBLE

6 Edges nodes will be deployed in this topology

URL and Authentication need to be provided in the nsxt_parameters.py file

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

05 - Create VM Template

Please refer to the following repo: https://github.com/cloudmaniac/packer-templates

06 - Deploy Virtual Machines

Please refer to the following repo: https://github.com/cloudmaniac/terraform-deploy-vmware-vm

Notes

User must configure answerfile.yml and provide credential/URL for the Python scripts to work

Owner
GitHub Repository
Tiny Interactive File Transfer Application

TIFTA: Tiny Interactive File Transfer Application This repository holds all the source code, tests and documentation of the TIFTA software. The main g

Jorge Martínez 2 Dec 08, 2021
Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

Herramienta para transferir eventos de Shadowserver REST API hacia Azure Blob Storage.

CSIRT-RD 1 Feb 04, 2022
This Python script can be used to bypass IP source restrictions using HTTP headers.

ipsourcebypass This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON expo

Podalirius 322 Dec 28, 2022
VRF-StarkNet - Contracts for verifiable randomness on StarkNet

VRF-StarkNet Contracts for verifiable randomness on StarkNet Motivation Deployed

Non 32 Oct 30, 2022
Port Traffic/Bandwidth Monitor Script

python-switch-port-traffic-alarm Port Traffic/Bandwidth Monitor Script That's an Switch Port Traffic monitor program is checking the switch uplink por

goksinenki 4 Sep 02, 2021
Wifi-jammer - Continuously perform deauthentication attacks on all detectable stations

wifi-jammer Continuously perform deauthentication attacks on all detectable stat

Leonardo de Araujo 14 Nov 03, 2022
Synchronised text editor over TCP, for live editing with others.

SyncTEd Synchronised text editor over TCP, for live editing with others. Written in Python with PyGame. Run Install requirements: pip install -r requi

Marko Živić 1 May 13, 2022
A simple python script to send cute messages to my boyfriend.

Morning Messages A simple python script to send cute messages to my boyfriend. It gives him the weather and news currently. Installation git clone htt

Sabrina Medwinter 3 Oct 12, 2022
NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

TRIKKSS 5 Oct 05, 2022
Free,Cross-platform,Single-file mass network protocol server simulator

FaPro Free,Cross-platform,Single-file mass network protocol server simulator 中文Readme Description FaPro is a Fake Protocol Server tool, Can easily sta

FOFA Pro 1.4k Jan 06, 2023
This is an open project to maintain a list of domain names that serve YouTube ads

The YouTube ads blocklist project This is an open project to maintain a list of domain names that serve YouTube ads. The original project only produce

Evan Pratten 574 Dec 30, 2022
euserv auto-renew script - A Python script which can help you renew your free EUserv IPv6 VPS.

eu_ex eu_ex means EUserv_extend. A Python script which can help you renew your free EUserv IPv6 VPS. This Script can check the VPS amount in your acco

A beam of light 92 Jan 25, 2022
Desktop application for checking sites connection in a background mode

Site connectivity checker Desktop application for checking site connection in a background mode by sending ICMP messages. Problem and solution Usually

Karina Singatullina 26 Dec 19, 2022
Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding

Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding Tor ağı ile Dark Web servislerini kullanarak anonim biçimde p

249 Dec 29, 2022
It's a little project for change MAC address, for ethical hacking purposes

MACChangerPy It's a small project for MAC address change, for ethical hacking purposes, don't use it for bad purposes, any infringement will be your r

Erick Adriano Nunes da Silva 1 Mar 11, 2022
E4GL3OS1NT - Simple Information Gathering Tool

E4GL30S1NT Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find email with specific name godorker - d

C0MPL3XDEV 195 Dec 21, 2022
List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

Anders Pitman 7.3k Jan 03, 2023
Dos attack a Bluetooth connection!

Bluetooth Denial of service Script made for attacking Bluetooth Devices By Samrat Katwal. Warning This project was created only for fun purposes and p

Samrat 1 Oct 29, 2021
This is simple script that changes the config register of a cisco router over serial so that you can reset the password

Cisco-router-config-bypass-tool- This is simple script that changes the config register of a cisco router over serial so that you can bypass the confi

James 1 Jan 02, 2022
AV Evasion, a Red Team Tool - Fiber, APC, PNG and UUID

AV Evasion, a Red Team Tool - Fiber, APC, PNG and UUID

9 Mar 07, 2022