General prerequisites and guidelines
This section describes requirements and guidelines for the Nexus Dashboard cluster regardless of the deployment type.
General deployment guidelines and restrictions
-
Deploying a 4-cluster node, where the cluster consists of:
-
3 virtual nodes (data), and
-
1 standby node
is not a supported configuration. Redeploy this cluster without the standby node. If one of the nodes in the cluster fails, reinstall a new node and navigate to
, then click to add the reinstalled node back into the cluster. -
-
Deploying virtual Nexus Dashboard VMs on remote storage is unsupported and may lead to unexpected behavior.
Domain Name System (DNS) and Network Time Protocol (NTP)
The Nexus Dashboard nodes require valid DNS and NTP servers for all deployments and upgrades.
Lack of valid DNS connectivity (such as if using an unreachable or a placeholder IP address) can prevent the system from deploying or upgrading successfully, as well as impact regular services functionality.
![]() Note |
Nexus Dashboard acts as both a DNS client and resolver. It uses an internal Core DNS server which acts as DNS resolver for internal services. It also acts as a DNS client to reach external hosts within the intranet or the Internet, hence it requires an external DNS server to be configured. |
The following guidelines apply for DNS:
-
For external DNS servers, both TCP and UDP traffic must be allowed. See Communication ports for LAN deployments and Communication ports for SAN deployments for more information.
-
Nexus Dashboard does not support DNS servers with wildcard records.
Nexus Dashboard also supports NTP authentication using symmetrical keys. If you want to enable NTP authentication, you will need to provide the following information during cluster configuration:
-
NTP Key–A cryptographic key that is used to authenticate the NTP traffic between the Nexus Dashboard and the NTP server(s). You will define the NTP servers in the following step, and multiple NTP servers can use the same NTP key.
-
Key ID–Each NTP key must be assigned a unique key ID, which is used to identify the appropriate key to use when verifying the NTP packet.
-
Auth Type–This release supports
MD5
,SHA
, andAES128CMAC
authentication types.
The following guidelines apply when enabling NTP authentication:
-
For symmetrical authentication, any key you want to use must be configured the same on both your NTP server and Nexus Dashboard.
The ID, authentication type, and the key/passphrase itself must match and be trusted on both your NTP server and Nexus Dashboard.
-
Multiple servers can use the same key.
In this case the key must only be configured once on Nexus Dashboard, then assigned to multiple servers.
-
Both Nexus Dashboard and the NTP servers can have multiple keys as long as key IDs are unique.
-
This release supports SHA1, MD5, and AES128CMAC authentication/encoding types for NTP keys.
Note
We recommend using AES128CMAC due to its higher security.
-
When adding NTP keys in Nexus Dashboard, you must tag them as
trusted
; untrusted keys will fail authentication.This option allows you to easily disable a specific key in Nexus Dashboard if the key becomes compromised.
-
You can choose to tag some NTP servers as
preferred
in Nexus Dashboard.NTP clients can estimate the "quality" of an NTP server over time by taking into account RTT, time response variance, and other variables. Preferred servers will have higher priority when choosing a primary server.
-
If you are using an NTP server running
ntpd
, we recommend version 4.2.8p12 at a minimum. -
The following restrictions apply to all NTP keys:
-
The maximum key length for SHA1 and MD5 keys is 40 characters, while the maximum length for AES128 keys is 32 characters.
-
Keys that are shorter than 20 characters can contain any ASCII character excluding '
#
' and spaces. Keys that are over 20 characters in length must be in hexadecimal format. -
Keys IDs must be in the 1-65535 range.
-
If you configure keys for any one NTP server, you must also configure the keys for all other servers.
-
Enabling and configuring NTP authentication is described as part of the deployment steps in the later sections.
IPv4 and IPv6 support
Nexus Dashboard supports pure IPv4, pure IPv6, or dual stack IPv4/IPv6 configurations for the cluster nodes and services.
When defining an IP address configuration, the following guidelines apply:
-
All nodes and networks in the cluster must have a uniform IP configuration, either pure IPv4, pure IPv6, or dual stack IPv4/IPv6.
-
If you deploy the cluster in pure IPv4 mode and want to switch to dual stack IPv4/IPv6 or pure IPv6, you must redeploy the cluster.
-
For dual stack configurations:
-
The data, management, app, and service networks must be in dual stack mode.
Mixed configurations, such as IPv4 data network and dual stack management network, are not supported.
-
For IPv6-based Nexus Dashboard deployments, the CIMCs of all physical servers must also have IPv6 addresses.
-
You can configure either IPv4 or IPv6 addresses for the nodes' management network during initial node bring up, but you must provide both types of IP addresses during the cluster bootstrap workflow.
Management IP addresses are used to log in to the nodes for the first time to initiate cluster bootstrap process.
-
Kubernetes internal core services will start in IPv4 mode.
-
DNS will serve and forward both IPv4 and IPv6 requests.
-
VXLAN overlay for peer connectivity will use data network's IPv4 addresses.
Both IPv4 and IPv6 packets are encapsulated within the VXLAN's IPv4 packets.
-
The GUI will be accessible on both IPv4 and IPv6 management network addresses, provided both are configured.
-
-
For pure IPv6 configurations:
-
Pure IPv6 mode is supported for physical and virtual form factors only.
Clusters deployed through the vND deployment process on AWS public cloud do not support pure IPv6 or dual stack mode.
-
You must provide IPv6 management network addresses when initially configuring the nodes.
After the nodes are up, these IP addresses are used to log in to the GUI and continue cluster bootstrap process.
-
You must provide IPv6 CIDRs for the internal app and service networks described above.
-
You must provide IPv6 addresses and gateways for the data and management networks described above.
-
All internal services will start in IPv6 mode.
-
VXLAN overlay for peer connectivity will use data network's IPv6 addresses.
IPv6 packets are encapsulated within the VXLAN's IPv6 packets.
-
All internal services will use IPv6 addresses.
-
IPv6 addresses are required for physical servers' CIMCs.
-
Necessary URLs for certain connections
There are certain URLs that Nexus Dashboard must reach that are necessary for these connections:
-
Cisco Intersight: Connecting your Nexus Dashboard cluster to Cisco Intersight has these benefits:
-
Automatic meta data updates that certain features can use to provide updated data
-
TAC log collection and uploads
-
-
Connecting to Smart Licensing
-
Pulling energy management stats from electricity maps
These are the URLs that Nexus Dashboard must reach for these connections and why:
URL |
Protocol/Port/Service |
Description |
---|---|---|
amazontrust.com |
TCP/80(HTTP) TCP/443(HTTPS) |
Used to securely connect to Cisco Intersight |
connectdna.cisco.com |
TCP/443(HTTPS) |
Used to securely connect to Cisco Intersight and Smart Licensing |
swapi.cisco.com |
TCP/443(HTTPS) |
Used to securely connect to Cisco Smart Licensing |
svc.ucs-connect.com |
TCP/443(HTTPS) |
Used to securely connect to Cisco Intersight |
svc-static1.ucs-connect.com |
TCP/443(HTTPS) |
Used to securely connect to Cisco Intersight |