NSX-T ICM 2.2 Lab Topology [PDF]

VMware NSX-T 2.2: Install, Configure, Manage Lab Topology © 2018 VMware Inc. All rights reserved. Physical Layout Con

32 0 919KB

Report DMCA / Copyright

DOWNLOAD PDF FILE

Papiere empfehlen
Fizica Utm Lab.22
Fizica Utm Lab.22

0 0 141KB Read more

Lab 5
Lab 5

0 0 183KB Read more

VHDL Lab
VHDL Lab

0 0 897KB Read more

Lab 4
Lab 4

0 0 6MB Read more

Lab 4
Lab 4

0 0 520KB Read more

Lab 2
Lab 2

0 0 140KB Read more

Lab 3
Lab 3

4 0 663KB Read more

Lab 1
Lab 1

1 0 217KB Read more

Lab. 3
Lab. 3

0 0 306KB Read more

Lab 1
Lab 1

0 0 2MB Read more

NSX-T ICM 2.2 Lab Topology [PDF]

  • 0 0 0
  • Gefällt Ihnen dieses papier und der download? Sie können Ihre eigene PDF-Datei in wenigen Minuten kostenlos online veröffentlichen! Anmelden
Datei wird geladen, bitte warten...
Zitiervorschau

VMware NSX-T 2.2: Install, Configure, Manage Lab Topology

© 2018 VMware Inc. All rights reserved.

Physical Layout Controller Cluster

sa-nsxctrl-01: 172.20.10.46 Your Personal Desktop Student Desktop

student-a-01 172.20.10.80

NSX Manager

vCenter Server

vIDM

sa-vcsa-01 172.20.10.94

sa-nsxvidm-01 172.20.10.39

sa-nsxmgr-01 172.20.10.41

Edge Node 2

Edge Node 1

sa-nsxedge-01 sa-nsxedge-02 172.20.10.61 172.20.10.62

vdc--a.vmeduc.com (Green Desktop background)

sa-esxi-01 172.20.10.51

sa-esxi-02 172.20.10.52

sa-esxi-03 172.20.10.53

sa-esxi-04 172.20.10.54

.10

vMotion: 172.20.12.0/24 SA-Production: 172.20.11.0/24

sa-kvm-02 172.20.10.152

Compute Cluster SA-Compute-01

Management and Edge Cluster SA-Management-Edge

Storage: SA-Shared-02-Remote

sa-kvm-01 sa-esxi-05 172.20.10.55 172.20.10.151

Control Center

.10

SA-Production Network SA-Management: 172.20.10.0/24 .10

dc.vclass.local 172.20.10.10

SA-Management Network vMotion Network

Note: Only one controller is deployed in this lab environment. In a real production environment, three controllers must be deployed.

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

2

Logical Layout 172.20.0.0/24 Fence Network

.80

.10

Student Desktop

.80

172.20.10.0/24 SA-Management

Control Center

.10 .10 172.20.11.0/24 SA-Production

.1

VyOS Router

192.168.100.0/24 Edge Network

.1 .2 T0-LR-01

172.16.10.0/24 Web-Tier

T1-LR-01 .1

172.16.30.0/24 DB-Tier

.1 .1

Web-LS

.11

T1-Web-01

App-LS

.12

T1-Web-02

.13

T1-Web-03

DB-LS

172.16.20.0/24 App-Tier .11

T1-App-01

.11

T1-DB-01

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

3

IP Addressing (1) Domain name: vclass.local

Device

FQDN

IP Address

Control Center (DNS/DHCP/Routing)

dc.vclass.local

172.20.10.10 (mgmt.) 172.20.0.10 (fence network) 172.20.11.10 (sa-production)

Student Desktop

student-a-01

172.20.10.80

vCenter Server

sa-vcsa-01

172.20.10.94

VMware Identity Manager

sa-nsxvidm-01

172.20.10.39

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

4

IP Addressing (2)

Device

FQDN

IP Address

Host ESXi 01

sa-esxi-01

172.20.10.51

Host ESXi 02

sa-esxi-02

172.20.10.52

Host ESXi 03

sa-esxi-03

172.20.10.53

Host ESXi 04

sa-esxi-04

172.20.10.54

Host ESXi 05

sa-esxi-05

172.20.10.55

Host KVM 01

sa-kvm-01

172.20.10.151

Host KVM 02

sa-kvm-02

172.20.10.152

Domain name: vclass.local VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

5

IP Addressing (3)

Device

FQDN

IP Address

NSX Manager

sa-nsxmgr-01

172.20.10.41

NSX Controller 1

sa-nsxctrl-01

172.20.10.46

NSX Edge 1

sa-nsxedge-01

172.20.10.61

NSX Edge 2

sa-nsxedge-02

172.20.10.62

Upstream Vyos Router

sa-vyos-01

172.20.10.1 (mgmt.) 172.20.11.1 (sa-production) 192.168.100.1 (ECMP link 1) 192.168.110.1 (ECMP link 2)

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

6

IP Addressing (4) Device

FQDN

IP Address

Gateway

Web Tier VM 1

T1-web-01

172.16.10.11

172.16.10.1

Web Tier VM 2

T1-web-02

172.16.10.12

172.16.10.1

Web Tier VM 3

T1-web-03

172.16.10.13

172.16.10.1

App Tier VM

T1-app-01

172.16.20.11

172.16.20.1

DB Tier VM

T1-db-01

172.16.30.11

172.16.30.1

Ubuntu Test VM 1

Ubuntu-01a

Variable

Variable

Ubuntu Test VM 2

Ubuntu-02a

Variable

Variable

Address Pool

Address Range

TEP-IP-Pool

172.20.11.151 – 170

Subnet Mask Gateway /24

172.20.11.10

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

7

Login Credentials

Device

Login Name

Password

Windows VM

vclass\Admininstrator

VMware1!

vCenter Server

[email protected]

VMware1!

ESXi Host

root

VMWare1!

KVM Host

vmware

VMware1!

VyOS Router

vmware

VMware1!

NSX Manager

admin

VMware1!

NSX Controller

admin

VMware1!

NSX Edge

admin

VMware1!

VMware Identity Manager admin

VMware1!

3-Tier Tenant VM

VMware1!

root

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

8

Lab 1 Reviewing the Configuration of the Predeployed NSX Manager Instance vCenter Server

Control Center

VyOS Router

Student Desktop

sa-vyos-01 172.20.10.1

student-a-01.vclass.local 172.20.10.80

Control Center

sa-vcsa-01 172.20.10.94

dc.vclass.local 172.20.10.10

Edge Cluster Management Network 172.20.10.0/24

TEP Network 172.20.11.0/24

nsxedge-01

NSX Manager sa-nsxmgr-01 172.20.10.41

T1-DB-01

nsxedge-02

Control Cluster

T1-Web-03

KVM Hosts (Compute Cluster)

NSX Controller nsxctrl-01

Ubuntu-01

Ubuntu-02

T1-App-01

T1-Web-01

T1-Web-02

ESXi Hosts (Management & Edge Cluster)

ESXi Hosts (Compute Cluster) VMware NSX-T: Note: No topology diagrams are needed for labs 19, 22Install, andConfigure, 23. Manage © 2018 VMware Inc. All rights reserved.

9

Deploying the NSX Control Cluster NSX Manager sa-nsxmgr-01 172.20.10.41

NSX Controller nsxctrl-01 172.20.10.46

ESXi Hosts (Management & Edge Cluster) Your NSX Controller nsxctrl-01 can be deployed on any ESXi host in the Management & Edge Cluster, depending on the available resource on each host. For this lab environment, you create a single-node controller cluster. In a production environment, a three-node cluster must be deployed to provide redundancy and HA. VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

10

Lab 3 Preparing the NSX Infrastructure KVM Hosts (Compute Cluster) 172.20.10.151

Management Network 172.20.10.0/24

TEP Network 172.20.11.0/24

T1-DB-01

T1-Web-03

172.20.10.152

Ubuntu-01

T1-Web-02

172.20.10.55

172.20.10.54

TEP IP Pool: 172.20.11.151 - .170

Ubuntu-02

T1-App-01

T1-Web-01

ESXi Hosts (Compute Cluster)

Transport Zone: Global-Overlay-TZ

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

11

Managing Users and Roles with VMware Identity Manager NSX Manager sa-nsxmgr-01 172.20.10.41

Identity Manager sa-nsxvidm-01 172.20.10.39

NSX Controller nsxctrl-01 172.20.10.46

ESXi Hosts (Management & Edge Cluster)

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

12

Lab 5 Configuring Logical Switching

T1-LR-01 172.16.30.0/24 DB-Tier

172.16.10.0/24 Web-Tier .1

.1

172.16.20.0/24 App-Tier

.1

Web-LS .11

App-LS .12

.13

T1-Web-01 T1-Web-02 T1-Web-03

DB-LS .11

T1-App-01

.11

T1-DB-01

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

13

Lab 6 Using Network I/O Control to Allocate Network Bandwidth

Web-LS Web-Tier

test.img Ubuntu-01a 172.16.10.17 ESXi Host

Ubuntu-02a 172.16.10.18 ESXi Host

Transport Node: sa-esxi-0X.vclass.local

Transport Node: sa-esxi-0Y.vclass.local

NIOC Profile: Limit-VM-Traffic

NIOC Profile: Limit-VM-Traffic

Note: The Ubuntu VMs should be on two different ESXi hosts in the Compute cluster. VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

14

Lab 7 Configuring Guest VLAN Tagging

GVLAN-LS (VLAN 10)

Transport Zone: Global-Overlay-TZ

Subinterface 192.168.1.1 (VLAN 10)

Ubuntu-01a 172.16.40.11

Subinterface 192.168.1.2 (VLAN 10)

Ubuntu-02a 172.16.40.12

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

15

Lab 8 Deploying and Configuring NSX Edge Nodes Edge Cluster

sa-nsxedge-01 172.20.10.61

sa-nsxedge-02 172.20.10.62

NSX Manager sa-nsxmgr-01 172.20.10.41

Identity Manager sa-nsxvidm-01 172.20.10.39

NSX Controller nsxctrl-01 172.20.10.46

ESXi Hosts (Management & Edge Cluster) VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

16

Lab 9 Configuring Tier-1 Logical Routing

T1-LR-1 T1-LR-Web-RP 172.16.10.1

.12

T1-Web-02

.13

T1-Web-03

172.16.30.0/24 DB-Tier

DB-LS

App-LS

Web-LS

T1-Web-01

T1-LR-App-RP 172.16.20.1

172.16.20.0/24 App-Tier

172.16.10.0/24 Web-Tier

.11

T1-LR-App-RP 172.16.30.1

.11

.11

T1-App-01

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

T1-DB-01

17

Lab 10 Configuring Tier-0 Logical Routing Student Desktop

172.20.10.0/24

.80

.10

Control Center

Vyos Router

172.20.11.0/24 .1

.10

192.168.100.1

192.168.110.1

Uplink-LS-1

Uplink-LS-2

Uplink-1-RP 192.168.100.2

BGP AS 200 BGP AS 100

Uplink-2-RP 192.168.110.2

100.64.x.x/31

T0-LR

T1-LR-Web-RP 172.16.10.1 172.16.10.0/24 Web-Tier Web-LS

T1-LR-1 T1-LR-App-RP 172.16.30.1

172.16.20.0/24 App-Tier

T1-LR-App-RP 172.16.20.1

DB-LS

App-LS

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

172.16.30.0/24 DB-Tier

18

Lab 11 Configuring Equal Cost Multi-Pathing Student Desktop

172.20.10.0/24

.80

.10

Control Center

Vyos Router

172.20.11.0/24 .1

.10

192.168.100.1

192.168.110.1

Uplink-LS-1

Uplink-LS-2

BGP AS 200 BGP AS 100

ECMP Uplink-1-RP 192.168.100.2

Uplink-2-RP 192.168.110.2

100.64.x.x/31

T0-LR

T1-LR-Web-RP 172.16.10.1 172.16.10.0/24 Web-Tier Web-LS

T1-LR-1 T1-LR-App-RP 172.16.30.1

172.16.20.0/24 App-Tier

T1-LR-App-RP 172.16.20.1

DB-LS

App-LS

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

172.16.30.0/24 DB-Tier

19

Lab 12 Configuring Centralized Ports Student Desktop

172.20.10.0/24

.80

.10

Control Center

Vyos Router

172.20.11.0/24 .1

.10

192.168.110.1

192.168.100.1

Edge Cluster-01

T0-LR

T1-LR-1 CP-T1-Overlay 172.16.50.1

T1-LR-App-RP 172.16.30.1

T1-LR-Web-RP T1-LR-App-RP 172.16.10.1 172.16.20.1 CP-T1-Port -Overlay

CP-LS-Overlay

Web-LS .11

App-LS .12

.13

DB-LS

.11

.11

172.16.50.12

Ubuntu-02a

T1-Web-01

T1-Web-02

T1-Web-03

T1-App-01

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

T1-DB-01

20

Lab 13 Configuring Network Address Translation Student Desktop

172.20.10.0/24

.80

.10

Control Center 172.20.11.0/24 .1 .10 192.168.100.1

Vyos Router

192.168.110.1

Edge Cluster-01

T0-LR

T1-LR-2-NAT

T1-LR-1

NAT Translated IP 80.80.80.1 172.16.101.1 NAT-LS-RP NAT-LS 172.16.101.0/24

172.16.10.0/24 Web-LS

172.16.20.0/24 App-LS

T2-NAT-01 172.16.101.11

172.16.30.0/24 DB-LS

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

21

Lab 14 Configuring Load Balancing Student Desktop 172.20.10.0/24 .80 .10

Control Center 172.20.11.0/24 .10

Vyos Router .1

192.168.100.1

192.168.110.1

T0-LR

T1-LR-1 Web-LB

Web-Pool

T1-Web-01 172.16.10.11

Backup Pool

Web-LS

T1-Web-02 172.16.10.12

Virtual Server: Web-VIP VIP: 192.168.100.7 Service: HTTP

T1-Web-03 172.16.10.13

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

22

Lab 15 Configuring NSX Distributed Firewall

T1-LR-1

172.16.10.0/24 Web-LS

172.16.30.0/24 DB-LS

172.16.20.0/24 App-LS

Allow Intra-tier HTTP traffic Allow Inter-tier SSH traffic

Allow Inter-tier MySQL traffic

Default Layer 3 Rule: Drop all traffic VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

23

Lab 16 Configuring NSX Edge Firewall Student Desktop

172.20.10.0/24

.80

.10

Control Center 172.20.11.0/24 .1 .10 192.168.100.1

Vyos Router

192.168.110.1

T0-LR

Block SSH from Outside

X

Web-Tier

172.16.10.0/24 Web-LS

T1-LR-1 App-Tier

172.16.20.0/24 App-LS

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

24

Lab 17 Configuring SpoofGuard

T1-LR-1

Web-LS T1-SpoofGuard-Profile

X X

T1-Web-01

T1-Web-02

T1-Web-03

T1-Web-03

172.16.10.11 00:50:56:ae:1d:9d

172.16.10.12 00:50:56:ae:92:cd

172.16.10.13 00:23:20:43:72:E6

172.16.10.14 00:23:20:43:72:E6

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

25

Lab 18 Configuring Syslog

Student Desktop student-a-01.vclass.local 172.20.10.80 Syslog Server

NSX Controller

sa-nsxctrl-01 172.20.10.46

NSX Manager

sa-nsxmgr-01 172.20.10.41

Edge Node 1

Edge Node 2

sa-nsxedge-01 172.20.10.61

sa-nsxedge-02 172.20.10.62

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

26

Lab 20 Configuring Logical SPAN for Port Mirroring

SA-Compute-01 Cluster

sa-esxi-0X.vclass.local

sa-esxi-0Y.vclass.local 172.16.40.0/24 Web-Tier

Host

Host

Web-LS

.13

.11

.12 TCPDUMP

T1-Web-01

Ubuntu-01a

Web-Tier-Logical-SPAN SOURCE

Ubuntu-02a Web-Tier-Logical-SPAN DESTINATION

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

27

Lab 21 Configuring ERSPAN for Remote Mirroring across IP Networks Student Desktop Wireshark .80

172.20.10.0/24 SA-Management

Control Center

.10

.10 172.20.11.0/24 SA-Production .1

Web01-ERSPAN DESTINATION

VyOS Router .1

192.168.100.0/24 .2 Edge Network T0-LR-01

T1-LR-01

Web-LS

Web-Tier 172.16.10.0/24 .11

T1-Web-01

.12

T1-Web-02

Web01-ERSPAN SOURCE VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

28

Note: No topology diagrams are needed for labs 19, 22 and 23.

VMware NSX-T: Install, Configure, Manage © 2018 VMware Inc. All rights reserved.

29

Our partners will collect data and use cookies for ad personalization and measurement. Learn how we and our ad partner Google, collect and use data. Agree Cookies