11-06-2012 10:04 AM
Hi All
Need expert opinion on designing ESX connectivity for DMZ.
We have an already existing Nexus 1010 with 2 VSM's (for prod & dev)... We might need another VSM for DMZ.. Nexus 1010 support a max of 6 VSB's ... correct ?
The DMZ ESX server will be behind a firewall.. Will it be an issue to integrate the newly built VSM with a VEM behind a firewall ? Are there any restrictions?
Any other pointers to decide on our DMZ VM design would be highly valued.
Regards
11-06-2012 01:48 PM
Hello Rajagopal,
This is a supported topology. The N1k for the DMZ will need to use svs mode L3 to cross the firewall boundary. You will need to open UDP 4785 between VSM & ESX hosts and TCP 80/443 between VSM & vCenter.
The Nexus 1010 supports a max of 6 VSB pairs. The 1110 series supports up to 10 depending upon model.
Matthew
11-07-2012 08:14 AM
Thanks for the confirmation Matthew.
Are there any licensing requirements for adding new VSM's ?
Regards
11-07-2012 11:30 AM
Hello Rajagopal,
The licensing model for N1k has recently changed. Please consult this blog for details.
Matthew
11-09-2012 09:57 AM
Hi Matthew
Thanks.
One last question.
We have an existing ESX server integrated to nexus 1000v vsm , using 4x 10 G links.. We have some free ports in this ESX server. Can we extend one of the free ports in this ESX device directly to the DMZ switch, and build VM's using the internal VM switch instead of nexus 1010?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide