Before installing NSX, it is important to understand its requirements. NSX Manager and its related components require a considerable amount of resources and planning ahead is very important. The following table lists the minimum resource requirements for NSX Manager and its related components:
Component |
CPU |
Memory |
Disk Space |
NSX Manager |
4 vCPU |
16 GB |
60 GB |
NSX Controller |
4 vCPU |
4 GB |
20 GB |
NSX Edge |
1 vCPU (Compact) 2 vCPU (Large) 4 vCPU (Quad Large) 6 vCPU (X-Large) |
512 MB(Compact) 1GB (Large) 2GB (Quad Large) 8GB (X-Large) |
Compact, Large, Quad Large: 1 disk 584MB + 1 disk 512MB XLarge: 1 disk 584MB + 1 disk 2GB + 1 disk 256MB
|
Guest Introspection |
2 vCPU |
1GB |
4GB |
You also need to have vCenter 6.0 or later installed in your environment and with each server running ESXi version 6.0 or newer. NSX also requires a range of ports to be allowed in your network. We will need TCP port 80 and 443 open for vSphere communication and NSX REST API functionality. We also need TCP ports 1234, 5671, and 22 for host to controller cluster communication, the rabbit MQ message bus, and SSH console access, respectively.
The following is a list of ports that must be open for NSX to operate flawlessly:
Source |
Target |
Port |
Protocol |
Purpose |
Sensitive |
TLS |
Authentication |
Client PC |
NSX Manager |
443 |
TCP |
NSX Manager Administrative Interface |
No |
Yes |
PAM Authentication |
Client PC |
NSX Manager |
80 |
TCP |
NSX Manager VIB Access |
No |
No |
PAM Authentication |
ESXi Host |
vCenter Server |
80 |
TCP |
ESXi Host Preparation |
No |
No |
-
|
vCenter Server |
ESXi Host |
80 |
TCP |
ESXi Host Preparation |
No |
No |
-
|
ESXi Host |
NSX Manager |
5671 |
TCP |
RabbitMQ |
No |
Yes |
Rabbit MQ user/password |
ESXi Host |
NSX Controller |
1234 |
TCP |
User World Agent Connection |
No |
Yes |
-
|
NSX Controller |
NSX Controller |
2878, 2888, 3888 |
TCP |
Controller Cluster - State Sync |
No |
Yes |
IPsec |
NSX Controller |
NSX Controller |
7777 |
TCP |
Inter-Controller RPC Port |
No |
Yes |
IPsec |
NSX Controller |
NSX Controller |
30865 |
TCP |
Controller Cluster - State Sync |
No |
Yes |
IPsec |
NSX Controller |
NTP Time Server |
123 |
TCP |
NTP client connection |
No |
Yes |
No Authentication |
NSX Manager |
NSX Controller |
443 |
TCP |
Controller to Manager Communication |
No |
Yes |
User/Password |
NSX Manager |
vCenter Server |
443 |
TCP |
TCP vSphere Web Access |
No |
Yes |
-
|
NSX Manager |
vCenter Server |
902 |
TCP |
vSphere Web Access |
No |
Yes |
-
|
NSX Manager |
ESXi Host |
443 |
TCP |
Management and provisioning connection |
No |
Yes |
-
|
NSX Manager |
ESXi Host |
902 |
TCP |
Management and provisioning connection |
No |
Yes |
-
|
NSX Manager |
DNS Server |
53 |
TCP |
DNS client connection |
No |
No |
-
|
NSX Manager |
Syslog Server |
514 |
TCP |
Syslog connection |
No |
Yes |
-
|
NSX Manager |
NTP Time Server |
123 |
TCP |
NTP client connection |
No |
Yes |
-
|
vCenter Server |
NSX Manager |
80 |
TCP |
TCP Host Preparation |
No |
Yes |
-
|
REST Client |
NSX Manager |
443 |
TCP |
NSX Manager REST API |
No |
Yes |
User/Password |
NSX Controller |
NTP Time Server |
123 |
UDP |
NTP client connection |
No |
Yes |
No Authentication |
NSX Manager |
DNS Server |
53 |
UDP |
DNS client connection |
No |
No |
-
|
NSX Manager |
Syslog Server |
514 |
UDP |
Syslog connection |
No |
Yes |
-
|
NSX Manager |
NTP Time Server |
123 |
UDP |
NTP client connection |
No |
Yes |
-
|
VXLAN Tunnel End Point (VTEP) |
VXLAN Tunnel End Point (VTEP) |
8472 or 4789* |
UDP |
Transport network encapsulation between VTEPs |
No |
Yes |
-
|
ESXi Host |
ESXi Host |
6999 |
UDP |
ARP on VLAN LIFs |
No |
Yes |
-
|
ESXi Host |
NSX Manager |
8301, 8302 |
UDP |
DVS Sync |
No |
Yes |
-
|
NSX Manager |
ESXi Host |
8301, 8302 |
UDP |
DVS Sync |
No |
Yes |
-
|
You will also need virtual distributed switches in your environment, which is the foundation for VXLAN logical segments.