Skip to content

Instantly share code, notes, and snippets.

@tonysangha

tonysangha/bubble_network_2.0.ps1

Created November 13, 2017 03:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tonysangha/d151c400c4a6f72f045e6986414c05c3 to your computer and use it in GitHub Desktop.
Save tonysangha/d151c400c4a6f72f045e6986414c05c3 to your computer and use it in GitHub Desktop.
Download ZIP
Updated script by Shane White
Raw
bubble_network_2.0.ps1
<#
Created by Tony Sangha
July 2017
tonysangha.com
version 0.1
Modified by Shane White
October 2017
Version 1.0
####################################
macOS PowerCLI specific commands
Get-Module -ListAvailable PowerCLI* | Import-Module
Get-Module -ListAvailable PowerNSX* | Import-Module
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
#>
param( [string[]] $param)
$networkno = $param.Count -3
$networkno = $networkno /2
$log_path = "c:\scripts\"
$log_name = $param[1] + ".bubble"
$log_file = $log_path + $log_name
if ((Test-Path $log_file)) {
Write-Output "That bubble exists"
throw "That bubble network exists"
}
#######################################
### Edit any parameters here only ###
#######################################
if ($param[0] -eq "NSX-1") {
write-output "Connecting to NSX Site 1"
Connect-NsxServer -NsxServer vsnsxmgr01.vsnsx-1.local -Username "admin" -Password "VMware1!" -VIUserName "administrator@vsphere.local" -VIPassword "VMware1!"
$nsx_manager_ip = '10.10.10.111'
$transport_zone_name = "NSX-Site1"
$datastore = "ReadyNAS_NFS_NSX"
$edge_cluster = "NSX"
$esg_uplink_ls = "Transit"
}
ElseIF ($param[0] -eq "NSX-2") {
write-output "Connecting to NSX Site 2"
Connect-NsxServer -NsxServer vsnsxmgr02.vsnsx-1.local -Username "admin" -Password "VMware1!" -VIUserName "administrator@vsphere.local" -VIPassword "VMware1!"
$nsx_manager_ip = '10.10.20.101'
$transport_zone_name = "NSX-Site-2"
$datastore = "ReadyNAS_NFS"
$edge_cluster = "Site-2"
$esg_uplink_ls = "Transit"
}
ElseIF ($param[0] -eq "NSX-3") {
write-output "Connecting to NSX Site 3"
Connect-NsxServer -NsxServer vsnsxmgr00.vsphere.local -Username "admin" -Password "VMware1!" -VIUserName "administrator@vsphere.local" -VIPassword "VMware1!"
$nsx_manager_ip = '10.10.30.101'
$transport_zone_name = "vSoft"
$datastore = "ReadyNAS_NFS"
$edge_cluster = "vSoft"
$esg_uplink_ls = "Transit"
}
# DLR, ESG and Sec & Grp names, will be created randomly if not changed here
$bubble_name = $param[1]
$dlr_name = "DLR-" + $bubble_name.toString()
$esg_name = "ESG-" + $bubble_name.toString()
$sg_name = "SG-BUBBLE-" + $bubble_name.toString()
$sec_name = "BUBBLE-NETWORK-" + $bubble_name.toString()
<# Logical Switch and IP Addressing for the Edge Services Gateway Bubble Router
Logical Switch, IP and Next Hop IP's are required for Uplink and Internal
Interfaces. Uplink logical switch should already be available in NSX-v and
will not be dynamically created by this script #>
$esg_uplink_ls = "Transit"
$esg_uplink_ip = $param[2]
$esg_uplink_next_hop = "192.168.1.1"
$esg_internal_ip = "192.168.0.254/24"
<# Logical Switch and IP Information for Internal networks and for HA/Uplink
interfaces on the DLR. Variable $logical_switch_name_ip can be appended to
with interfaces and IP Addresses as required #>
$dlr_uplink_transit = 'ls_transit ' + $bubble_name
$dlr_uplink_ls_ip = @{$dlr_uplink_transit ='192.168.0.1/24'}
$dlr_ha_mgmt_ls = "ls_ha_mgmt " + $bubble_name
$ls_1 = "ls_" + $param[3] + "-" + $bubble_name
$logical_switch_name_ip= @{$ls_1 =$param[4]}
$networkno--
$paramcount = 5
while ($networkno -ne 0) {
#write-output "I'm in the loop"
$ls_1 = "ls_"+$param[$paramcount] + "-" +$bubble_name
$logical_switch_name_ip.add($ls_1, $param[$paramcount+1])
$paramcount = $paramcount +2
$networkno--
}
# Use a Summary route if possible for logical switches created above or append
$esg_to_dlr_static_routes=@('192.168.0.0/21','10.10.10.0/24')
####################################
### DO NOT EDIT BEYOND THIS LINE ###
####################################
write-host -ForegroundColor Magenta `
" ____ _ _ _ _ _ _ _ `
| _ \ | | | | | | | \ | | | | | | `
| |_) |_ _| |__ | |__ | | ___ | \| | ___| |___ _____ _ __| | __ `
| _ <| | | | '_ \| '_ \| |/ _ \ | . ` |/ _ \ __\ \ /\ / / _ \| '__| |/ / `
| |_) | |_| | |_) | |_) | | __/ | |\ | __/ |_ \ V V / (_) | | | < `
|____/ \__,_|_.__/|_.__/|_|\___| |_| \_|\___|\__| \_/\_/ \___/|_| |_|\_\ `
`
"
write-host -ForegroundColor DarkYellow "Starting Execution of PowerNSX Script"
#######################################
### Create Local Logical Switches ###
#######################################
# Get and Store Transport Zone object in a variable
$tz = get-nsxtransportzone $transport_zone_name
<# Create NSX Logical switches in the designated transport zone, by looping
though the $logical_switch_name_ip hash table #>
foreach($item in $logical_switch_name_ip.keys){
$ls = new-nsxlogicalswitch -name $item -transportzone $tz `
-Description "Created with PowerNSX"
write-host -ForegroundColor cyan "Created Switch:" $ls.name
}
# Create Logical Switch for DLR HA/MGMT network and Bubble Internal Transit
$ls = new-nsxlogicalswitch -name $dlr_uplink_ls_ip.keys -transportzone $tz
write-host -ForegroundColor cyan "Created Switch:" $ls.name
$ls = new-nsxlogicalswitch -name $dlr_ha_mgmt_ls -transportzone $tz
write-host -ForegroundColor cyan "Created Switch:" $ls.name
#######################################
### Create Distributed Logical Router #
#######################################
# Create empty hash table to store internal interface specs for the DLR
$internal_int_specs = New-Object System.Collections.ArrayList
<# Loop over the logical_switch_name_ip hashtable and add interface specs
to empty specs table created above #>
foreach($item in $logical_switch_name_ip.GetEnumerator()){
$ip_address = $item.Value.split('/')
$internal = New-NsxLogicalRouterinterfacespec -Name $item.Name `
-Type internal `
-ConnectedTo (Get-NsxLogicalSwitch -TransportZone $tz `
-name $item.Name) `
-PrimaryAddress $ip_address[0] `
-SubnetPrefixLength $ip_address[1]
$x = $internal_int_specs.Add($internal)
}
# Create Interface Specification for Uplink Interface
$dlr_uplink_int_spec = New-NsxLogicalRouterinterfacespec -Name `
$dlr_uplink_ls_ip.keys -Type uplink `
-ConnectedTo (Get-NsxLogicalSwitch -TransportZone $tz `
-name $dlr_uplink_ls_ip.keys) `
-PrimaryAddress ($dlr_uplink_ls_ip.values.split('/')[0]) `
-SubnetPrefixLength ($dlr_uplink_ls_ip.values.split('/')[1])
<# Create Distributed Logical Router, attach interfaces and configure static
routes.#>
write-host -ForegroundColor cyan "Creating Logical Router (DLR):" $dlr_name
$dlr_rtr = New-NsxLogicalRouter -Name $dlr_name -ManagementPortGroup `
(Get-NsxLogicalSwitch $dlr_ha_mgmt_ls) `
-Interface $dlr_uplink_int_spec `
-Cluster (Get-Cluster $edge_cluster) -Datastore `
(get-datastore $datastore)
# Add Internal interfaces to newly created Distributed Logical Router
write-host -ForegroundColor yellow "Adding Logical Switches to:" $dlr_name
foreach($item in $internal_int_specs){
write-host -ForegroundColor cyan $item.Name "LS added to:" $dlr_name
$x = New-NsxLogicalRouterInterface -LogicalRouter `
(get-nsxlogicalrouter $dlr_name) `
-ConnectedTo (Get-NsxLogicalSwitch $item.Name) `
-Name $item.Name -Type "Internal" `
-PrimaryAddress $item.addressGroups.addressGroup.primaryAddress `
-SubnetPrefixLength $item.addressGroups.addressGroup.subnetPrefixLength
}
# Add static default route to ESG Internal Interface
$route = New-NsxLogicalRouterStaticRoute -LogicalRouter `
(get-nsxlogicalrouter $dlr_name | Get-NsxLogicalRouterRouting) `
-NextHop $esg_internal_ip.split('/')[0] `
-Network '0.0.0.0/0' -confirm:$false
write-host -ForegroundColor yellow $route.network "route created on:" `
$dlr_name
#######################################
### Edge Services Gateway ###
#######################################
$esg_uplink_int_spec = New-NsxEdgeInterfaceSpec -Name $esg_uplink_ls `
-Type Uplink `
-ConnectedTo (Get-NsxLogicalSwitch $esg_uplink_ls) `
-PrimaryAddress $esg_uplink_ip.split('/')[0] `
-SubnetPrefixLength $esg_uplink_ip.split('/')[1] -Index 0
$esg_internalint_spec = New-NsxEdgeInterfaceSpec -Name $dlr_uplink_ls_ip.keys `
-Type Internal `
-ConnectedTo (Get-NsxLogicalSwitch $dlr_uplink_ls_ip.keys) `
-PrimaryAddress $esg_internal_ip.split('/')[0] `
-SubnetPrefixLength $esg_internal_ip.split('/')[1] -Index 1
write-host -ForegroundColor cyan "Creating Edge Services Router:" $esg_name
$esg_rtr = New-NsxEdge -Name $esg_name -Datastore (get-datastore $datastore) `
-cluster (get-cluster $edge_cluster) -Username admin `
-Password VMware1!VMware1! -FormFactor compact -AutoGenerateRules `
-FwEnabled -Interface $esg_uplink_int_spec,$esg_internalint_spec
# Create static routes back to the DLR
write-host -ForegroundColor cyan "Creating Routes on ESG:" $esg_name
foreach($item in $esg_to_dlr_static_routes){
$x = Get-NsxEdge $esg_name | Get-NsxEdgeRouting | New-NsxEdgeStaticRoute `
-Network $item -NextHop $dlr_uplink_ls_ip.Values.split('/')[0] `
-confirm:$false
write-host -ForegroundColor yellow $item "route created on:" `
$esg_name
}
# Create Default Route 0/0 to Perimeter Edge Services Gateway
$route = Get-NsxEdge $esg_name | Get-NsxEdgeRouting | New-NsxEdgeStaticRoute `
-Network '0.0.0.0/0' -NextHop $esg_uplink_next_hop -confirm:$false
write-host -ForegroundColor yellow $route.network "route created on:" `
$esg_name
#######################################
### DFW Firewall Rules ###
#######################################
# Create Security Group containing all logical switches
write-host -ForegroundColor cyan "Creating Security Group"
$sg = New-NsxSecurityGroup -name $sg_name
write-host -ForegroundColor yellow "Security Group " $sg.name " created"
foreach($item in $internal_int_specs){
Add-NsxSecurityGroupMember (Get-NsxSecurityGroup $sg_name) `
-Member (Get-NsxLogicalSwitch $item.Name)
}
# Create new NSX Firewall Section
write-host -ForegroundColor cyan "Creating Firewall Section" $sec_name
$section = New-NsxFirewallSection -name $sec_name
write-host -ForegroundColor cyan "Creating Rules in Section" $sec_name
$rule = Get-NsxFirewallSection $section.name | New-NsxFirewallRule -Name `
"$sg_name -> any - deny" -Source $sg `
-Action 'deny'
write-host -ForegroundColor yellow "Rule ID" $rule.id "created"
$rule = Get-NsxFirewallSection $section.name | New-NsxFirewallRule -Name `
"any -> $sg_name - deny" `
-Destination $sg `
-Action 'deny'
write-host -ForegroundColor yellow "Rule ID" $rule.id "created"
$rule = Get-NsxFirewallSection $section.name | New-NsxFirewallRule -Name `
"$sg_name -> $sg_name - allow" -Source $sg `
-Destination $sg `
-Action 'allow'
write-host -ForegroundColor yellow "Rule ID" $rule.id "created"
Disconnect-NsxServer
$logical_switch_name_ip.add($dlr_name, "DLR")
$logical_switch_name_ip.add($esg_name, "ESG")
$logical_switch_name_ip.add($sg_name,"Security_group")
$logical_switch_name_ip.add($Sec_name,"Firewall_rules")
$logical_switch_name_ip.add($dlr_ha_mgmt_ls,"LS")
$logical_switch_name_ip.add($dlr_uplink_transit,"LS")
#$log_name = $bubble_name.ToString() + '.bubble'
$log_path = "c:\scripts\"
#$log_name = $Bubble_name + ".bubble"
$log_file = $log_path + $log_name
$logical_switch_name_ip | out-file $log_file
$bubble_name | Add-Content $log_file
$param[0] | add-content $log_file
write-host -ForegroundColor yellow "Settings saved to file" $log_name
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment