The Abiquo NSX integration supports NSX version 6.1.x and version 6.2.x. For firewalls and loadbalancers, use at least the Advanced edition. Abiquo only supports one vCenter when working with NSX. Abiquo requires a vCenter user with NSX permissions.
The Abiquo NSX integration leverages the following features:
- Network isolation
- VXLAN management (private networks)
- Firewall management (security group style)
- Load balancer as a service
You can use the NSX integration to provide Internet access for virtual machines that only have the default private network interface on the private network, for example. To configure the NSX integration, you must set a public or external network (of floating IPs). And you must set the port group (public/external) that will be used to connect the network interfaces that use IPs from this public/exernal network. For each enterprise that will use the NSX integration, create a datacenter network device that will define the network virtualization system. Abiquo firewalls are created outside of the Edge as global security groups. For each security group, we create the firewall Accept rules. When the firewall is assigned to a VM, we will enable it with the destination IPs for the VLAN. Abiquo also uses NSX to configure DHCP options (such as static routes) in virtual machines. When you delete the virtual datacenter, Abiquo deletes all NSX elements and all firewalls associated with that VDC that were outside the scope of the Edge. You can use Abiquo External and Public networks in the NSX integration. The Network Administrator must first create the networks in the network virtualization systems. Then in the cloud platform, when you create same external or public network, and select the device that defines your virtualization system. See:
The platform will use the NSX to assign an IP to a virtual machine using DHCP. This means that the virtual machine must have an NSX firewall to allow DHCP to communicate through UDP on port 68. If the platform cannot assign the IP using the DHCP server of the NSX, it will attempt to configure the DHCP server of the Abiquo Remote Services. The platform allows users to work with IP addresses from both standard external networks and NSX external networks at the same time because Abiquo assumes that your Network Engineers have configured routing.
When you are working with the Gateway blueprint and you create a VDC, Abiquo will create an ESG (Edge), which will function as a Gateway, DHCP server and router. The Edge is connected to the public/external port group with a public/external IP from the range configured in properties. The Edge limits the VDC to a maximum of 9 VLANs. In each Abiquo VLAN that is created for the VDC, we will reserve 20 IPs (or the number configured by properties) for use by load balancers.
With the gateway blueprint, Abiquo load balancers can be created with public, private or both types of addresses. Private IP addresses are assigned from the range reserved for load balancers. Public IP addresses are assigned from the public/external network. There is a restrction of one routing rule per load balancer. For each IP of the load balancer, we will create a virtual server, with an Edge firewall rule. We will create an application profile and if SSL is enabled, we will configure SSL. As in other Abiquo integrations, the internal connections between the nodes will not use SSL. When you assign a VM to the load balancer, it will be assigned to a Pool. NSX only allows one health check per Pool, which effectively means you can create one health check per load balancer.For a blueprint diagram, see NSX Gateway configuration guide
When you are working with the ECMP blueprint and you create a VDC, Abiquo will create DLRs and ESGs, and connect the gateways to the tenant network. For a blueprint diagram, see NSX with ECMP configuration guide