Nexus 1000 VSM in DMZ

Rajagopal Sivaramakrishnan · ‎11-06-2012

Hi All

Need expert opinion on designing ESX connectivity for DMZ.

We have an already existing Nexus 1010 with 2 VSM's (for prod & dev)... We might need another VSM for DMZ.. Nexus 1010 support a max of 6 VSB's ... correct ?

The DMZ ESX server will be behind a firewall.. Will it be an issue to integrate the newly built VSM with a VEM behind a firewall ? Are there any restrictions?

Any other pointers to decide on our DMZ VM design would be highly valued.

Regards

mwronkow · ‎11-06-2012

Hello Rajagopal,

This is a supported topology. The N1k for the DMZ will need to use svs mode L3 to cross the firewall boundary. You will need to open UDP 4785 between VSM & ESX hosts and TCP 80/443 between VSM & vCenter.

The Nexus 1010 supports a max of 6 VSB pairs. The 1110 series supports up to 10 depending upon model.

Matthew

Rajagopal Sivaramakrishnan · ‎11-07-2012

Thanks for the confirmation Matthew.

Are there any licensing requirements for adding new VSM's ?

Regards

mwronkow · ‎11-07-2012

Hello Rajagopal,

The licensing model for N1k has recently changed. Please consult this blog for details.

Matthew

Rajagopal Sivaramakrishnan · ‎11-09-2012

Hi Matthew

Thanks.

One last question.

We have an existing ESX server integrated to nexus 1000v vsm , using 4x 10 G links.. We have some free ports in this ESX server. Can we extend one of the free ports in this ESX device directly to the DMZ switch, and build VM's using the internal VM switch instead of nexus 1010?