Scribd
Upload
24 views

NSX Deploy Pre-Req

Uploaded by

jayanandjai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views

NSX Deploy Pre-Req

Uploaded by

jayanandjai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

NSX-T Deployment

Pre-requisite
Contents
1. Deployment Pre-requisite:.........................................................................................................................................3
2. DNS Records:..............................................................................................................................................................5
3. Certificate Replacement:............................................................................................................................................5
4. Port group Creation:...................................................................................................................................................5
5. Vlan Creation in Physical Router:................................................................................................................................6
6. Routing Requirement.................................................................................................................................................6
7. Ports & Requirement:.................................................................................................................................................6
The purpose of this Document is to give details about high level deployment steps.

1.Deployment Pre-requisite:
As the NSX-T manager will be Deployed in Management Cluster and in the same vCenter Network, I assume there
is no Firewall within the same vlan.

If Firewall is involved, we will have to open , there are few port requirements to be opened between NSX Manager,
vCenter & Esxi Host.
2.DNS Records:
Please create all the forward and reverse lookup records in DNS Server:

a) NSX manager vm's (3 node ip and Vip ip)

VIP---- IP

Node-1-----IP

Node-2-----IP

Node-3-----IP

b) Edge Node (2 ip)

Edge01----IP

Edge02----IP

3.Certificate Replacement:
Post the NSX manager Deployment, we need to replace the self-signed certificate to CA signed certificate for
all the four NSX-T manager Ip’s.

VIP---- IP
Node-1-----IP
Node-2-----IP
Node-3-----IP

4.Port group Creation:


For NSX-T Edge nodes, we must create a few port groups to allow North/South traffic and Overlay traffic. For
the same we must create below port groups in MGMT VDS.

Please create below portgroup in the MGMT VDS with below trunk vlan.

Site:

a) Edge MGMT PG

b) Edge-MultiTep-Trunk-Uplink-PG-1

c) Edge-MultiTep-Trunk-Uplink-PG-2
5. Vlan Creation in Physical Router:
Configure the vlans required for NSX-T Edge Routing traffic and Edge TEP vlan & Host TEP vlan.

Site:

Host TEP- Vlan x


Edge TEP- Vlan x
Edge Uplink Left Vlan x
Edge Uplink Right Vlan x

6.Routing Requirement
We need to configure the necessary Routing Configuration in the Core router to support BGP routing in NSX-T.

1) We need only the Default route from Core router redistributed to BGP.
2) As per design discussion, we have opted for /29. But for adding additional Edge nodes, we can go with /27
range.
3) Please have the below AS number configured in Core Router:

Site:

BGP AS No:

Core IP Left Vlan-id IP-


Core IP Right Vlan-id IP-

7.Ports & Requirement:


These Ports are required to open if there is a Firewall within the Management vlan where vCenter, Esxi & NSX-T
manager will be deployed.

Produc Protoco
t Releases Port l Source Destination Service Description
NSX Managers,
NSX Edge
nodes,
Transport
nodes, vCenter Install-upgrade HTTP
NSX 4.1.0.0 443 TCP Server NSX Manager repository
NSX Managers,
NSX Edge
nodes, Install-upgrade HTTP
NSX 4.0.0.1 8080 TCP Transport NSX Manager repository
nodes, vCenter
Server
4.0.0.1, NSX Edge
NSX 4.1.0.0 443 TCP nodes NSX Manager HTTPS
4.0.0.1, NSX Edge NSX Edge
NSX 4.1.0.0 50263 UDP nodes nodes High-Availability
4.0.0.1, NSX Edge NSX Edge NSX Cloud - NSX Edge local
NSX 4.1.0.0 6666 TCP nodes nodes communication.
4.0.0.1, NSX Edge NSX Edge
NSX 4.1.0.0 2480 TCP nodes nodes Nestdb
Lower Control Plane (LCP)
4.0.0.1, NSX Edge to Central Control Plane
NSX 4.1.0.0 1235 TCP nodes NSX Manager (CCP) communication
3784,
4.0.0.1, 3785, NSX Edge External BFD for static routes and
NSX 4.1.0.0 4784 UDP Nodes Routing Peers BGP peers.
NSX Edge
3784, nodes, BFD between the
4.0.0.1, 3785, Transport NSX Edge Transport node TEP IP
NSX 4.1.0.0 4784 UDP nodes nodes address in the data.
NSX
4.0.0.1, Management Autonomous
NSX 4.1.0.0 443 TCP Clients Edge Nodes HTTPS
4.0.0.1, External LDAP
NSX 4.1.0.0 3,89,636 TCP NSX Manager server Active Directory/LDAP
NSX Managers,
5671, NSX Edge
1234, nodes,
4.0.0.1, 1235, Transport
NSX 4.1.0.0 443 TCP nodes NSX Manager NSX messaging
Syslog (export over TLS).
To verify which TCP port
must be used to retrieve
the Certificate Revocation
Lists (CRLs), verify against
Intermediate the CRL Distribution Point
4.0.0.1, Host Transport and Root CA (CDP) URI of the certificate
NSX 4.1.0.0 80 TCP Node servers authority.
4.0.0.1, Host Transport Syslog (Refer to the host
NSX 4.1.0.0 6514 UDP Node Syslog Servers syslog documenation)
4.0.0.1, Host Transport Syslog (Refer to the host
NSX 4.1.0.0 6514 TCP Node Syslog Servers syslog documenation)
4.0.0.1, Host Transport Syslog (Refer to the host
NSX 4.1.0.0 514 UDP Node Syslog Servers syslog documenation)
NSX 4.0.0.1, 514 TCP Host Transport Syslog Servers Syslog (Refer to the host
4.1.0.0 Node syslog documenation)
Syslog (export over TLS).
To verify which TCP port
must be used to retrieve
the Certificate Revocation
Lists (CRLs), verify against
Intermediate the CRL Distribution Point
4.0.0.1, NSX Edge and Root CA (CDP) URI of the certificate
NSX 4.1.0.0 80 TCP nodes Servers authority.
4.0.0.1, NSX Edge External
NSX 4.1.0.0 4789 UDP Nodes Routing Peers VXLAN encap traffic
4.0.0.1,
NSX 4.1.0.0 9040 TCP NSX Manager NSX Manager Distributed Datastore
DHCP Lease Info Sync for
4.0.0.1, NSX Edge NSX Edge HA over secure channel on
NSX 4.1.0.0 1167 TCP nodes nodes Edge Management port
Federation Management
NSX Local NSX Local plane and control plane
Manager(s)/NS Manager(s)/NS communication between
4.0.0.1, 12,36,44 X Global X Global locations (Async
NSX 4.1.0.0 3 TCP Manager(s) Manager(s) Replicator)
4.0.0.1, 50,04,50 NSX Edge External IPSEC
NSX 4.1.0.0 0 50,51 Nodes Peers IPSEC VPN session
NSX
Application
4.0.0.1, Platform
NSX 4.1.0.0 123 UDP NTP Servers (NAPP) NTP
NSX
Application
4.0.0.1, Management Platform
NSX 4.1.0.0 22 TCP Clients (NAPP) SSH
Management NSX
Clients / NSX Application
4.0.0.1, Unified Platform
NSX 4.1.0.0 443 TCP Appliance (NAPP) NSX API Server
NSX Unified NSX Incoming messages from
Appliance / Application NSX Unified Appliance or
4.0.0.1, Transport Platform Transport Nodes to NSX
NSX 4.1.0.0 9092 TCP Nodes (NAPP) Intelligence Appliance

You might also like