Apstra Server Requirements/References¶
The Apstra server can be deployed on the following hypervisors:
- VMware ESXi
- Supported versions - 6.7, 6.5, 6.0, 5.5
- QEMU / KVM for Ubuntu
- Supported versions - 18.04 LTS
- Microsoft Hyper-V
- Supported version - Windows Server 2016 Datacenter Edition
- Oracle VirtualBox / VMware Workstation
- For lab / evaluation purposes only
Apstra Server VM Resources¶
The required VM resources for the Apstra server may be greater than the recommendations below. Requirements are based on the size of the network (blueprint), the scaling of off-box agents and the use of Intent Based Analytics (IBA). If one VM is insufficient for your needs, you can increase resources by clustering several VMs.
|Memory||64 GB RAM + 300 MB per installed off-box agent*|
|Network||1 network adapter, initially configured with DHCP|
* Off-box agent memory usage is dependent on the number of IBA collectors enabled. Apstra recommends using the web interface AOS Cluster feature to monitor off-box container memory usage (e.g. aos-offbox-172_20_88_11-f). Additional AOS cluster worker nodes can be added to scale off-box agent capacity.
Although, an Apstra server VM might run with fewer resources than specified above, depending on the size of the network, CPU and RAM allocations may be insufficient. In this case, the system encounters errors or a critical “segmentation fault” (core dump). If this happens, delete the VM and redeploy it with additional resources.
Network Security Protocols¶
Open ports and services that run on the Apstra server are listed in the table below. A running iptables instance ensures that network traffic to and from the Apstra server is restricted to the services listed.
|User workstation||Apstra Server||tcp/22 (ssh)||CLI access to the server|
|User workstation||Apstra Server||tcp/80 (http)||Redirects to tcp/443 (https)|
|User workstation||Apstra Server||tcp/443 (https)||Web UI and REST API|
|Network Device for device agents||Apstra Server||tcp/80 (http)||Redirects to tcp/443 (https)|
|Network Device or Off-box Agent||Apstra Server||tcp/443 (https)||Device agent installation and upgrade, Rest API|
|Network Device or Off-box Agent||Apstra Server||tcp/29730-29739||Agent binary protocol (Sysdb)|
|ZTP Server||Apstra Server||tcp/443 (https)||Rest API for Device System Agent Install|
|Apstra Server||Network Devices||tcp/22 (ssh)||Device agent installation and upgrade|
|Off-box Agent||Network Devices||tcp/443 (https) tcp/9443 (nxapi) tcp/830 (for Junos)||Management from Off-box Agent|
Other Network Protocols¶
The network protocols in the table below are not required for Apstra server functionality, but they may be required for network device configuration and discovery, and for direct access to devices.
|Administrator||Network Device||tcp/22 (ssh)||Device management from Administrator|
|Network Device||DNS Server||udp/53 (dns)||DNS Discovery for Apstra server IP (if applicable)|
|Network Device||DHCP Server||udp/67-68 (dhcp)||DHCP for automatic management IP (if applicable)|
|(icmp type 0, type 8 for echo and response)||As necessary for network troubleshooting. Not required for the Apstra server.|
Network Client Services¶
Use and configuration of the Apstra server determine the number of network client services that must be enabled.
|Apstra Server||DNS Server||udp/53 (dns)||Server DNS Client|
|Apstra Server||LDAP Server||tcp/389 (ldap) tcp/636 (ldaps)||Apstra Server LDAP Client (if configured)|
|Apstra Server||TACACS+ Server||tcp/udp/49 (tacacs)||Apstra Server TACACS+ Client (if configured)|
|Apstra Server||RADIUS Server||tcp/udp/1812 (radius)||Apstra Server RADIUS Client (if configured)|
|Apstra Server||Syslog Server||udp/514 (syslog)||Apstra Server Syslog Client (if configured)|