This guide outlines the steps required to prepare a cluster environment that will support deployment of ExtremeCloud Edge applications to the customers' premises.
Minimum Requirements for Installation
Four Public IP addresses exposed via the firewall and port-forwarded to the internal service sets
Firewall adjustments to allow communication of system functions to external entities (licensing, component upgrades, device management) and CloudOPS access for lifecycle management of the intalled applications/software. Please refer to section Firewall Access for Critical Settings.
A cluster of Universal Compute Platform appliances.
Note
The cluster size must be a multiple of three. The minimum cluster size for ExtremeCloud IQ with up to 5,000 devices is three nodes. However, six nodes is the typical size for most deployments. Check with your sales representative to size your deployment according to your application choices and capacity requirements.
Network Connectivity for the hosts both in backplane (ICC) and application data operations (data ports). 10 Gbps minimimun links recommended.
ICC: Interconnect (backplane) for cluster operations, component state and shared filesystem synchronization. Each node requires connection of ICC to common backplane network segment.
Data: Interfaces that the applications will use with other devices or systems for operation management, such as remote device management (for access points and switches) and license services. Data interface is also utilized for remote lifecycle management of installed software.
Application requirements for the cluster configuration:
Four IP addresses representing the various services offered by the application to provide load balancing (Service Set 1 – 4).
Each node in the cluster must map each of the services to a data interface, and all services can be mapped into the same interface. The same data interface can represent a direct point of reference for each of the front-end VRRP services.
Four VRRP IP address are required to support port-overlap services for different services or a functional model (such as CAPWAP Master vs CAPWAP Server).
Out-of-Bound Routing for Outgoing Traffic
The VRRP service set mappings provide load balancing and service abstraction for incoming traffic. For outgoing traffic that originates from installed components, including responding to incoming traffic that came through these mappings, is steered through the default gateway. At the internal firewall, the source address for the outgoing traffic is the address of the data interface on the node from which the traffic originated.
Service Set 1: Cluster Administration, Account Access (https), CAPWAP Master, Diagnostics
Table 1. Example port assignments for Service Set 1
Port
Protocol
Service
Description
80
TCP
CAPWAP
CAPWAP Master
443
TCP
NGINX
ExtremeCloud IQ Admin, software management
1443
TCP
XAPI
ExtremeCloud IQ API
2083
TCP
IDM
IDM Auth
12222
UDP
CAPWAP
CAPWAP Master
Service Set 2: AP Registration/CAPWAP Load Balancing
Table 2. Example port assignments for Service Set 2
Port
Protocol
Service
Description
80
TCP
CAPWAP
CAPWAP Master
443
TCP
SD-WAN
SD-WAN Communicator
5825
TCP
Inlets
Device Communication
8090
TCP
Inlets
Device Communication
9090
TCP
SD-WAN
SD-WAN Communicator
12222
UDP
CAPWAP
CAPWAP Master
Service Set 3: AP Registration/CAPWAP Load Balancing
Table 3. Example port assignments for Service Set 3
Port
Protocol
Service
Description
80
TCP
CAPWAP
CAPWAP Master
443
TCP
SD-WAN
SD-WAN Communicator
12222
UDP
CAPWAP
CAPWAP Master
Service Set 4: AP Registration/CAPWAP Load Balancing
Table 4. Example port assignments for Service Set 4
