Enterprise

NetBox Enterprise System Requirements {#netbox-enterprise-requirements

Overview

NetBox Enterprise uses an embedded Kubernetes cluster to provide a production-ready NetBox deployment. This document outlines the system, network, and software requirements needed for successful installation and operation.

Hostname and IP address cannot be changed after installation

System Requirements

Hardware Requirements

Deployment Type	vCPU	Memory (RAM)	Disk Space	Disk Location
Production (Recommended)	8 vCPU	24 GB	100 GB SSD	`/var/lib`
Non-Production (Minimum)	4 vCPU	16 GB	50 GB SSD	`/var/lib`

Additional Requirements:

Swap must be disabled (Kubernetes requirement)
SSD or NVMe storage recommended for database performance
x86-64 architecture required

Operating System Requirements

Linux Kernel Requirements:

Linux kernel version 4.3 or higher
x86-64 architecture
Required kernel modules: br_netfilter, ip_vs, ip_vs_rr, ip_vs_wrr, ip_vs_sh, overlay

NetBox Enterprise supports any Linux distribution that meets these kernel requirements. The following distributions have been tested and have specific preparation guides available:

Supported Linux Distributions

The following Linux distributions have been tested and validated for use with NetBox Enterprise Embedded Cluster:

Enterprise Linux

Red Hat Enterprise Linux (RHEL): 9.5, 9.0, 8.10, 7.9 — See distribution-specific guide
Rocky Linux: 9.5, 8.10
Oracle Linux Server: 9.3, 8.9
CentOS Stream: 10, 9

Debian-based

Ubuntu LTS: 24.04 LTS (Noble Numbat), 22.04 LTS (Jammy Jellyfish), 20.04 LTS (Focal Fossa) — See distribution-specific guide
Debian: 12 (Bookworm), 11 (Bullseye)

Other Distributions

Amazon Linux: 2023
Fedora Linux: 41 Cloud Edition
SUSE Linux Enterprise Server: 15 SP6

Recommended Distributions

For production deployments, we recommend using Long Term Support (LTS) versions of Ubuntu or Enterprise Linux distributions (RHEL, Rocky Linux, Oracle Linux) for optimal stability and security update support.

Distribution-Specific Guides

For Red Hat Enterprise Linux (RHEL) deployments, see additional requirements here.

For Ubuntu deployments, see additional requirements here.

Network Requirements

Required Ports:

Port	Protocol	Purpose	Source
`80`	TCP	NetBox HTTP	External users
`443`	TCP	NetBox HTTPS & Diode gRPC	External users
`30000`	TCP	Admin Console	Administrators
`6443`	TCP	Kubernetes API	Internal
`2379-2380`	TCP	etcd	Internal
`10250`	TCP	Kubelet API	Internal
`4789`	UDP	VXLAN overlay (Calico)	Internal
`179`	TCP	BGP (if Calico uses BGP)	Internal

Network Configuration:

Static IP address required (no DHCP)
Hostname must be fully qualified domain name (FQDN) or resolvable short name
Pod networking uses 10.244.0.0/17 and 10.244.128.0/17 ranges

Special Configurations

Proxy Environments

NetBox Enterprise supports installation through proxies (version 1.6.0+).

Required Proxy Configuration:

Before installing, configure your proxy to allow the following hostnames:

*.enterprise.netboxlabs.com
replicated.app
proxy.replicated.com

If your proxy does not support wildcard hostnames, specify the following individual hosts instead of *.enterprise.netboxlabs.com:

app.enterprise.netboxlabs.com
proxy.enterprise.netboxlabs.com
registry.enterprise.netboxlabs.com

These hostnames are required to access various resources used in the NetBox Enterprise installation.

Installation with Proxy:

Pass proxy arguments to the NetBox Enterprise installer when following the installation guide:

sudo ./netbox-enterprise install \
  --license license.yaml \
  --http-proxy http://proxy.example.com:8888 \
  --https-proxy http://proxy.example.com:8888

Proxy Configuration

NetBox Enterprise does not inherit proxy settings from shell environment variables. You must explicitly provide proxy configuration via command-line flags.

Proxy Options:

--http-proxy <proxy-url> and --https-proxy <proxy-url>

The proxy URL should be a complete URL to reach the proxy (e.g., http://myhost:8888).
--no-proxy

By default, the installer will automatically disable proxying on internal cluster addresses and the default network interface. If the installer can't autodetect an interface or you have a more complicated network, specify this manually as a comma-separated list of addresses with CIDR netmasks (1.2.3.4/32) or domains (foo.com, *.bar.com).

Man-In-The-Middle (MITM) Proxies

If you are using a MITM proxy (one that uses an internal TLS certificate authority for communication with the proxy, rather than directly passing encrypted traffic), you will need an additional option:

--private-ca </path/to/private-ca-bundle>

This allows the cluster to accept traffic encrypted using your internal CA.

Firewalld (Common on RHEL)

If using Firewalld, create a zone before installation:

Step 1: Create Zone Configuration

Create /etc/firewalld/zones/netbox-enterprise.xml:

<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>netbox-enterprise</short>
  <description>Zone for NetBox Enterprise communication</description>
  <!-- Add your host IP addresses here -->
  <source address="10.244.0.0/17"/>
  <source address="10.244.128.0/17"/>
  <port protocol="tcp" port="2380"/>
  <port protocol="udp" port="4789"/>
  <port protocol="tcp" port="6443"/>
  <port protocol="tcp" port="7443"/>
  <port protocol="tcp" port="9091"/>
  <port protocol="tcp" port="9443"/>
  <port protocol="tcp" port="10249"/>
  <port protocol="tcp" port="10250"/>
  <port protocol="tcp" port="10256"/>
  <port protocol="tcp" port="30000"/>
  <port protocol="tcp" port="22"/>
</zone>

Step 2: Add External Access

Add source addresses for hosts that need access. For example, for IP 1.2.3.4 and network 192.168.123.0/24:

<source address="1.2.3.4/32" />
<source address="192.168.123.0/24" />

Step 3: Reload Firewall

sudo firewall-cmd --reload

Then proceed with normal installation.

SELinux (RHEL Systems)

NetBox Enterprise can run with SELinux in enforcing mode, but requires initial installation in permissive mode.

Step 1: Disable SELinux Enforcement Temporarily

sudo setenforce 0

Step 2: Install NetBox Enterprise

Follow the standard installation guide.

Step 3: Configure SELinux Policies

After installation completes, configure SELinux to allow NetBox Enterprise operations:

export EC_DIR="/var/lib/embedded-cluster"
export KUBE_DIR="${EC_DIR}/k0s"

# Mark cluster directory for containerd
sudo semanage fcontext -a -t container_var_lib_t "${EC_DIR}"
sudo restorecon -R -v "${EC_DIR}"

# Allow binary execution
sudo semanage fcontext -a -t container_runtime_exec_t "${KUBE_DIR}/bin/containerd.*"
sudo semanage fcontext -a -t container_runtime_exec_t "${KUBE_DIR}/bin/runc"
sudo restorecon -R -v "${KUBE_DIR}/bin"

# Configure containerd permissions
sudo semanage fcontext -a -t container_var_lib_t "${KUBE_DIR}/containerd(/.*)?"
sudo semanage fcontext -a -t container_ro_file_t "${KUBE_DIR}/containerd/io.containerd.snapshotter.*/snapshots(/.*)?"
sudo restorecon -R -v ${KUBE_DIR}/containerd

Step 4: Re-enable SELinux Enforcement

sudo setenforce 1

Or reboot to apply permanently.

SELinux and Upgrades

When upgrading NetBox Enterprise or installing plugins, temporarily set SELinux to permissive mode, then re-run the configuration steps above before re-enabling enforcement.

Next Steps

Follow distribution-specific preparation: Ubuntu or RHEL
Proceed to the installation guide

Overview​

System Requirements​

Hardware Requirements​

Operating System Requirements​

Supported Linux Distributions​

Enterprise Linux

Debian-based

Other Distributions

Network Requirements​

Special Configurations​

Proxy Environments​

Man-In-The-Middle (MITM) Proxies​

Firewalld (Common on RHEL)​

SELinux (RHEL Systems)​

Next Steps​