Updated on February 11, 2025

Prerequisites

Prerequisites

Before deploying a Local Broker, factor these requirements and recommendations:

Hardware Requirements

CPU Cores RAM HDD
8 8 GB (minimum)
16 GB (recommended)		 50 GB (minimum)
80 GB (recommended)

The Local Broker OVA is built on top of Ubuntu 22.04.

Important

A Local Broker needs to be installed as a separate instance. Installing the Local Broker on a Publisher instance is not supported.

Software Requirements

  • Client: v114 or above
  • Publisher: v120 or above
  • Local Broker: v123 or above

Connectivity Requirements

Component Source Destination Service Action Notes
Management Access Admin IP subnets Local Broker IPs/hostname SSH (TCP/22) Allow Allow TCP 22 from sources where SSH connectivity (management) is required.
Client Client IP subnets Local Broker IPs/hostname HTTPS (TCP/443) Allow Allow TCP 443 from internal subnets where clients would connect to the LBR Client Gateway.
Publisher Publisher IPs Local Broker IPs/hostname TCP 1443 Allow Allow TCP 1443 from internal subnets from where Publishers would connect to the LBR Publisher Gateway (Stitcher).
Local Broker LBR1, LBR2 LBR1, LBR2 TCP 5000 Allow Allow TCP 5000 bi-directional between Local Brokers for inter Local Broker connectivity.
Local Broker LBR IPs NTP Server(s) NTP UDP 123 Allow Allow NTP outbound from a Local Broker.
Local Broker LBR IPs DNS Resolver DNS Allow Allow DNS outbound from a Local Broker.
Local Broker LBR IPs

*.docker.com,
*.docker.io,
*.ubuntu.com,
*.k8s.io,
*.pkg.dev,
events.goskope.com, api.snapcraft.io, *.cdn.snapcraftcontent.com,
 ns-<tenant-ID>.<POP-name>.npa.goskope.com,
ns-<tenant-id>.lbr.<POP-name>.npa.goskope.com,
redis.lbr.<POP-name>.npa.goskope.com,
s3.us-west-2.amazonaws.com (for the installer script)

Contact your Netskope SE, TSM, or Support for your tenant-ID and POP-name, and if IP subnets are needed instead of FQDNs.

 HTTPS

Note

HTTP (for *.ubuntu.com only)

 Allow Allow HTTPS and HTTP outbound from a Local Broker.
Tenant-ID would be the typical ID, such as 1234, etc. POP-name represents the Home PoP Name.

For example:
ns-1234.us-sjc1.npa.goskope.com,
ns-1234.lbr.us-sjc1.npa.goskope.com.

MP-Name Variables:

  • us-sv5 (SV5)
  • us-sjc1 (SJC1)
  • us-sjc2 (SJC2)
  • de-fr4 (FR4)
  • nl-am2 (AM2)
  • au-mel2 (MEL2)
  • ch-zur2 (ZUR2)
  • uk-lon3 (LON3)
  • sg-sin2 (SIN2)
  • de-fra2 (FRA2)
  • us-dfw3 (DFW3)

For allowlisting ns-<tenant-ID>.<MP-name>.npa.<tenant-domain> based on IP addresses, refer to the  Netskope Private Access List for Allowlisting.

Note

A Local Broker needs reachability to the official Ubuntu Mirrors during the update process. Please review and allow the appropriate destinations for a successful Local Broker software update.

Local Broker Capacity

When factoring Local Broker capacity and scaling, consider these key points:

  • Each Local Broker instance can handle up to 500 Mbps of throughput.
  • Each Local Broker instance can accept up to 2000 unique client connections.
  • Each tenant has the capability to enable a default maximum limit of 50 local brokers, with a default limit set at 2. If you require an increase in this limit, please reach out to your Netskope Account team.
  • A notification will be displayed on the Local Brokers page as you near the maximum limit.
Share this Doc

Prerequisites

Or copy link

In this topic ...