NSX-T infrastructure as code - SDDC deployment

Related tags

Networking sddc-demos
Overview

Deploy NSX-T Infrastructure - Simple Topology

by Nicolas MICHEL @vpackets / LinkedIn

Introduction

The purpose of this entire repository is to automate the deployment of an NSX-T infrastructure.

Infrastructure Deployed

This repository will deploy the following virtual machines:

  • 1x NSX-T Manager
  • 6x NSX-T Edge (4 Used in the topology + 2 unused for random testing)

This repository will configure the following on NSX-T:

  • NSX-T: Compute Manager
  • NSX-T: License
  • NSX-T: Uplink Profiles
  • NSX-T: IP Pools
  • NSX-T: Transport Zones
  • NSX-T: Transport Zones Profiles
  • NSX-T: Transport Nodes
  • NSX-T: Edge Clusters

Topology used

This topology will be used in this particular example:

BGP P2P Topology

Simple Topology

This topology will deploy 2 T0 installed on 4 different edge nodes.

Tenant 01:

  • 1x T0 will be installed on Edge node 01 and Edge node 02 [Edge Cluster 01]
    • HA Mode: Active / Standby - Preemption
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Tenant 02:

  • 1x T0 will be installed on Edge node 03 and Edge node 04 [Edge Cluster 02]
    • HA Mode: Active / Active
    • No statefull services
    • BGP Route Redistribution:
      • no Prefix list
      • T0: Redistributing Static routes
      • T0: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
      • T1: Redistributing Connected routes (Service Interface / Loopback / Router link / External Interface Subnet)
    • Tenant 01 IPv4 and IPv6 Segments :
      • Web: 10.1.1.0/24 - 2001:0010:0001:0001::/64
      • App: 10.1.2.0/24 - 2001:0010:0001:0002::/64
      • DB : 10.1.3.0/24 - 2001:0010:0001:0003::/64

Deployment

01 - Deploy NSX-T Infrastructure - Ansible

In this playbook Ansible will deploy and configure the following:

  • One NSX-T Manager.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-manager.yml

02 - vCenter Registration to the NSX-T Manager - REST API

In this task, vCenter will be registered to the NSX-T manager using REST API

URL and Authentication need to be provided in the nsxt_parameters.py file

/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_register.py
/usr/bin/python3 ./02-Configure-NSXT-Global/nsxt_infra_compute_manager_verify.py

03 - NSX-T Basic Configuration - Ansible

In this task, the following will be configured on the NSX-T Manager:

  • Configure the NSX-T License
  • Configure the IP Pool
  • Configure the Transport Zone
  • Confgiure the Transport node Profile
  • Deploy NSX-T on all hypervisors in a particular cluster.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-nsxt-infra.yml

03 - NSX-T IPv6 / MTU / EVPN Pool / BFD Profile / Edge Cluster Profile

In this task, the following will be configured on the NSX-T Manager:

  • Enable IPv6 in NSX-T
  • Set MTU to 9000 in NSX-T
  • Set an EVPN Pool (for future use)
  • Set BFD Profile for VM and BM edge nodes
  • Create the edge cluster profiles.

Modifying the value in the answerfile is mandatory or use a secure Vault

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

04 - Deploy Edges - ANSIBLE

6 Edges nodes will be deployed in this topology

URL and Authentication need to be provided in the nsxt_parameters.py file

ansible-playbook ./00-Infrastructure-NSXT/deploy-edges.yml

05 - Create VM Template

Please refer to the following repo: https://github.com/cloudmaniac/packer-templates

06 - Deploy Virtual Machines

Please refer to the following repo: https://github.com/cloudmaniac/terraform-deploy-vmware-vm

Notes

User must configure answerfile.yml and provide credential/URL for the Python scripts to work

You might also like...
pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more.
pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more.

pyinfra automates/provisions/manages/deploys infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployme

Nick Barrett 2.1k Dec 29, 2022
CTF infrastructure deployment automation tool.

CTF infrastructure deployment automation tool. Focus on the challenges. Mirrored from

Fake News 1 Apr 12, 2022
The deployment framework aims to provide a simple, lightweight, fast integrated, pipelined deployment framework that ensures reliability, high concurrency and scalability of services.

savior是一个能够进行快速集成算法模块并支持高性能部署的轻量开发框架。能够帮助将团队进行快速想法验证(PoC),避免重复的去github上找模型然后复现模型;能够帮助团队将功能进行流程拆解,很方便的提高分布式执行效率;能够有效减少代码冗余,减少不必要负担。

Tao Luo 125 Dec 22, 2022
FwordCTF 2021 Infrastructure and Source code of Web/Bash challenges

FwordCTF 2021 You can find here the source code of the challenges I wrote (Web and Bash) in FwordCTF 2021 and the source code of the platform with our

Kahla 5 Nov 25, 2022
Infrastructure as Code (IaC) for a self-hosted version of Gnosis Safe on AWS
Infrastructure as Code (IaC) for a self-hosted version of Gnosis Safe on AWS

Welcome to Yearn Gnosis Safe! Setting up your local environment Infrastructure Deploying Gnosis Safe Prerequisites 1. Create infrastructure for secret

Numan 16 Jul 18, 2022
An end-to-end Python-based Infrastructure as Code framework for network automation and orchestration.

Nectl An end-to-end Python-based Infrastructure as Code framework for network automation and orchestration. Features Data modelling and validation. Da

Adam Kirchberger 15 Oct 14, 2022
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Ansible Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc ta

Ansible 55.9k Jan 4, 2023
Training code and evaluation benchmarks for the
Training code and evaluation benchmarks for the "Self-Supervised Policy Adaptation during Deployment" paper.

Self-Supervised Policy Adaptation during Deployment PyTorch implementation of PAD and evaluation benchmarks from Self-Supervised Policy Adaptation dur

Nicklas Hansen 101 Nov 1, 2022
Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:

Latest Salt Documentation Open an issue (bug report, feature request, etc.) Salt is the world’s fastest, most intelligent and scalable automation engi

SaltStack 12.9k Jan 4, 2023
Parris, the automated infrastructure setup tool for machine learning algorithms.
Parris, the automated infrastructure setup tool for machine learning algorithms.

README Parris, the automated infrastructure setup tool for machine learning algorithms. What Is This Tool? Parris is a tool for automating the trainin

Joseph Greene 319 Aug 2, 2022
Harvis is designed to automate your C2 Infrastructure.

Harvis Harvis is designed to automate your C2 Infrastructure, currently using Mythic C2. 📌 What is it? Harvis is a python tool to help you create mul

Thiago Mayllart 99 Oct 6, 2022
A collection of infrastructure and tools for research in neural network interpretability.
A collection of infrastructure and tools for research in neural network interpretability.

Lucid Lucid is a collection of infrastructure and tools for research in neural network interpretability. We're not currently supporting tensorflow 2!

null 4.5k Jan 7, 2023
IP address management (IPAM) and data center infrastructure management (DCIM) tool.
IP address management (IPAM) and data center infrastructure management (DCIM) tool.

NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team a

NetBox Community 11.8k Jan 7, 2023
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

🌩️ tfquery 🌩️ Run SQL queries on your Terraform infrastructure. Ask questions that are hard to answer 🚀 What is tfquery? tfquery is a framework tha

Mazin Ahmed 311 Dec 21, 2022
An experiment to deploy a serverless infrastructure for a scrapy project.
An experiment to deploy a serverless infrastructure for a scrapy project.

Serverless Scrapy project This project aims to evaluate the feasibility of an architecture based on serverless technology for a web crawler using scra

José Ferraz Neto 5 Jul 8, 2022
SmartSim Infrastructure Library.
SmartSim Infrastructure Library.

Home Install Documentation Slack Invite Cray Labs SmartSim SmartSim makes it easier to use common Machine Learning (ML) libraries like PyTorch and Ten

Cray Labs 139 Jan 1, 2023
Visius Heimdall is a tool that checks for risks on your cloud infrastructure
Visius Heimdall is a tool that checks for risks on your cloud infrastructure

Heimdall Cloud Checker 🇧🇷 About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) 🎸 ! As we value open s

visius 48 Jun 20, 2022
This solution helps you deploy Data Lake Infrastructure on AWS using CDK Pipelines.
This solution helps you deploy Data Lake Infrastructure on AWS using CDK Pipelines.

CDK Pipelines for Data Lake Infrastructure Deployment This solution helps you deploy data lake infrastructure on AWS using CDK Pipelines. This is base

AWS Samples 66 Nov 23, 2022
Konomi: Kind and Optimized Next brOadcast watching systeM Infrastructure
Konomi: Kind and Optimized Next brOadcast watching systeM Infrastructure

Konomi 備考・注意事項 現在 α 版で、まだ実験的なプロダクトです。通常利用には耐えないでしょうし、サポートもできません。 安定しているとは到底言いがたい品質ですが、それでも構わない方のみ導入してください。 使い方などの説明も用意できていないため、自力でトラブルに対処できるエンジニアの方以外に

tsukumi 243 Dec 30, 2022
Owner
null
GitHub
Connection package to a raspberry or any other machine using ssh, it simplifies the deployment scripts and monitoring.

Connection package to a raspberry or any other machine using ssh, it simplifies the deployment scripts and monitoring.

Dashstrom 7 Mar 29, 2022
Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect

wifi-password Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect. Works on macOS and Li

Siddharth Dushantha 2.6k Jan 5, 2023
This is the code repository for the USENIX Security 2021 paper, "Weaponizing Middleboxes for TCP Reflected Amplification".

weaponizing-censors Censors pose a threat to the entire Internet. In this work, we show that censoring middleboxes and firewalls can be weaponized by

UMD Breakerspace 119 Dec 31, 2022
This is a simple python code to get the list of banned IP addresses from Fail2ban

Fail2ban Scripts Usage banned_list.py This script tries to get the banned list of IP addresses by Fail2ban for the service freeswitch. You can modify

Yehor Smoliakov 9 Dec 28, 2022
Initial code of an A3C network

A3C-network Initial code of an A3C network Open the python file named as "APL452 Project Report2" The following libraries and packages have been insta

Ayush Tanwar 0 Jun 11, 2022
PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected

LoveBoxer PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected. This PoC was is what I used in this blogpost Usage

Graham Helton 10 May 24, 2022
This repository contain sample code of gRPC Communication between Python and GoLang

This repository contain sample code of gRPC Communication between Python and GoLang, the Server is running on GoLang while Python is running the client

Abdullahi Muhammad 2 Nov 29, 2021
A simple python application for generating a WiFi QR code for ease of connection

A simple python application for generating a WiFi QR code Initialize the class by providing QR code values WiFi_QR_Code(self, error_correction: int =

Ivan 2 Aug 1, 2022
Python code that get the name and ip address of a computer/laptop

IP Address This is a python code that provides the name and the internet protocol address of the computer. You need to install socket pip install sock

CODE 2 Feb 21, 2022
This is the code repository for Mastering Python for Networking and Security – Second Edition

Mastering Python for Networking and Security – Second Edition This is the code repository for Mastering Python for Networking and Security – Second Ed

Frank Gottinger 1 Feb 9, 2022