Before beginning the installation, you must ensure that your network has sufficient IP addresses available to assign to each of the appliance ports that you plan on using. Depending on whether you are installing the appliance as a single-node cluster or as a primary or secondary node in a three-node cluster, you will need these appliance port (NIC) addresses:

• Enterprise port address (Required): One IP address with a subnet mask.

• Cluster port address (Required): One IP address with a subnet mask.

• Management port address (Optional): One IP address with a subnet mask.

• Internet port address (Optional): One IP address with a subnet mask. This is an optional port, used only when you cannot connect to the cloud using the Enterprise port. You do not need an IP address for the Internet port unless you must use it for this purpose.

• CIMC port address (Optional, but strongly recommended): One IP address with a subnet mask.

Note

All of the IP addresses called for in these requirements must be valid IPv4 addresses with valid IPv4 netmasks. Ensure that the addresses and their corresponding subnets do not overlap. Service communication issues can result if they do.

You will also need additional IP addresses and dedicated IP subnets, which are prompted for and applied during the configuration of the appliance, including:

• Cluster virtual IP addresses: One virtual IP (VIP) address per configured network interface per cluster. This requirement applies to three-node clusters and single-node clusters that are likely to be converted into a three-node cluster in the future. You must supply a VIP for each network interface you configure. Each VIP should be from the same subnet as the IP address of the corresponding configured interface.

  There are four interfaces on each appliance: Enterprise, Cluster, Management, and Internet. At a minimum, you must configure the Enterprise and Cluster port interfaces, because they are required for Catalyst Center functionality. An interface is considered configured if you supply an IP address for that interface, along with a subnet mask and one or more associated gateways or static routes. If you skip an interface entirely during configuration, that interface is considered as not configured.

  Note

  • If you have a single-node setup and do not plan to convert it into a three-node cluster in the future, you are not required to specify a VIP address. However, if you decide to do so, you must specify a VIP address for every configured network interface as if you were configuring for a three-node cluster.

  • If the intracluster link for a single-node cluster fails, the VIP addresses associated with the Management and Enterprise interfaces also fail. When this happens:

    • Catalyst Center is unusable until the intracluster link is restored.

    • The Software Image Management [SWIM] and Cisco Identity Services Engine [ISE] integration becomes non-operational.

    • Cisco Catalyst Assurance data cannot be gathered from Network Data Platform [NDP] collectors.

  • Do not use a link-local or nonroutable IP address for the Enterprise or Management interface.

• Default gateway IP address: The IP address for your network's preferred default gateway. If no other routes match the traffic, traffic will be routed through this IP address. Typically, you should assign the default gateway to the interface in your network configuration that accesses the internet. For information on security considerations to keep in mind when deploying Catalyst Center, see the Cisco Catalyst Center Security Best Practices Guide.

• DNS server IP addresses: The IP addresses for your network's preferred Domain Name System (DNS) servers. Specify up to three DNS server IP addresses as a space-separated list during configuration. Make sure the DNS servers have an entry for localhost that resolves to 127.0.0.1; otherwise, network validation will fail.

  Caution

  Problems can occur if you specify more than three servers for an appliance.

• (Optional) Static route addresses: The IP addresses, subnet masks, and gateways for one or more static routes. During configuration, you can specify multiple static-route IP addresses, netmasks, and gateways by entering them as a space-separated list.

  You can set one or more static routes for an interface on the appliance. You should supply static routes when you want to route traffic in a specific direction other than the default gateway. Each of the interfaces with static routes will be set as the device through which the traffic will be routed in the IP route command table. For this reason, it is important to match the static route directions with the interface through which the traffic will be sent.

  Static routes are not recommended in network device routing tables, like those used by switches and routers. Dynamic routing protocols are better for this. However, you should add static routes where needed, to allow the appliance access to particular parts of the network that can be reached no other way.

• NTP server IP addresses: The DNS-resolvable hostname or IP address for at least one Network Time Protocol (NTP) server.

  During configuration, you can specify multiple NTP server IP addresses/masks or hostnames by entering them as a space-separated list. For a production deployment, we recommend that you configure a minimum of three NTP servers.

  Specify these NTP servers during preflight hardware synchronization, and again during the configuration of the software on each appliance in the cluster. Time synchronization is critical to the accuracy of data and the coordination of processing across a multihost cluster. Before deploying the appliance in a production environment, make sure that the time on the appliance system clock is current and that the NTP servers you specified are keeping accurate time. If you are planning to integrate the appliance with ISE, you should also ensure that ISE is synchronizing with the same NTP servers as the appliance.

• Container subnet: Identifies one dedicated IP subnet for the appliance to use in managing and getting IP addresses for communications among its internal application services, such as Assurance, inventory collection, and so on. By default, Catalyst Center configures a link-local subnet (169.254.32.0/20) for this parameter. We recommend that you use this subnet. If you decide to enter another subnet, ensure that it does not conflict or overlap with any other subnet used by Catalyst Center's internal network or any external network. Also ensure that the minimum size of the subnet is 21 bits. The subnet you specify must conform with the IETF RFC 1918 and RFC 6598 specifications for private networks, which support these address ranges:

  • 10.0.0.0/8

  • 172.16.0.0/12

  • 192.168.0.0/16

  • 100.64.0.0/10

  For details, see RFC 1918, Address Allocation for Private Internets, and RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space.

  • Ensure that you specify a valid CIDR subnet. Otherwise, incorrect bits will be present in the 172.17.1.0/20 and 172.17.61.0/20 subnets.

  • After configuration of your Catalyst Center appliance is completed, you cannot assign a different subnet without first reimaging the appliance (see Reimage the appliance).

• Cluster subnet: Identifies one dedicated IP subnet for the appliance to use in managing and getting IPs for communications among its infrastructure services, such as database access, the message bus, and so on. By default, Catalyst Center configures a link-local subnet (169.254.48.0/20) for this parameter, and we recommend that you use this subnet. If you decide to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by Catalyst Center's internal network or any external network. Also ensure that the minimum size of the subnet is 21 bits. The subnet you specify must conform with the IETF RFC 1918 and RFC 6598 specifications for private networks, which support these address ranges:

  • 10.0.0.0/8

  • 172.16.0.0/12

  • 192.168.0.0/16

  • 100.64.0.0/10

  For details, see RFC 1918, Address Allocation for Private Internets, and RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space.

  If you were to specify 10.10.10.0/21 as your Container subnet, you could also specify a Cluster subnet of 10.0.8.0/21 since these two subnets do not overlap. Also, the configuration wizard detects overlaps (if any) between these subnets and prompts you to correct the overlap.

  • Ensure that you specify a valid CIDR subnet. Otherwise, incorrect bits will be present in the 172.17.1.0/20 and 172.17.61.0/20 subnets.

  • After configuration of your Catalyst Center appliance is completed, you cannot assign a different subnet without first reimaging the appliance (see Reimage the appliance).

  • When entering an IP address for the Cluster port, container subnet, or cluster subnet, don't specify an address that falls within the 169.254.0.0/23 subnet.

The recommended total IP address space for the two Container and Cluster subnets contains 4,096 addresses, broken down into two /21 subnets of 2,048 addresses each. The two /21 subnets must not overlap. The Catalyst Center internal services require a dedicated set of IP addresses. This is a Catalyst Center microservice architecture requirement. To accommodate this requirement, you must allocate two dedicated subnets for each Catalyst Center system.

The appliance requires this amount of address space to maintain system performance. It uses internal routing and tunneling technologies for east-west (internode) communications. Using overlapping address spaces forces the appliance to run Virtual Routing and Forwarding (VRF) FIBs internally. This process creates multiple encapsulation and decapsulation steps for packets going between services. These steps cause high internal latency and result in cascading impacts at higher layers.

The Kubernetes-based service containerization architecture of Catalyst Center is another reason. Each appliance uses the IP addresses in this space for each Kubernetes K8 node. Multiple nodes can make up a single service. Currently, Catalyst Center supports more than 100 services, each requiring several IP addresses, and new features and corresponding services are being added all the time. The address space requirement is intentionally large to ensure that Cisco can add new services and features without running out of IP addresses. This also avoids requiring the reallocation of contiguous address spaces when upgrading systems.

The services supported over these subnets are also enabled at Layer 3. The Cluster space, in particular, carries data between application and infrastructure services, and is heavily used.

The RFC 1918 and RFC 6598 requirement is because of the requirement by Catalyst Center to download packages and updates from the cloud. If the selected IP address ranges do not conform with RFC 1918 and RFC 6598, this can quickly lead to problems with public IP address overlaps.