The Abiquo NSX integration supports NSX version 6.1.x and version 6.2.x. For firewalls and loadbalancers, use at least the Advanced edition. Abiquo only supports one vCenter when working with NSX. Abiquo requires a vCenter user with NSX permissions.
- Abiquo 3.8.2 introduced the NSX integration that works with the gateway blueprint
- Abiquo 3.8.3 added support for external and public networks
- Abiquo 3.8.5 added support for an additional ECMP blueprint over and above the gateway blueprint.
The Abiquo NSX integration leverages the following features:
- Network isolation
- VXLAN management (private networks)
- Firewall management (security group style)
- Load balancer as a service
You can use the NSX integration to provide Internet access for virtual machines that only have the default private network interface on the private network, for example. To configure the NSX integration, you must set a public or external network (of floating IPs). And you must set the port group (public/external) that will be used to connect the network interfaces that use IPs from this public/exernal network.
The Abiquo NSX integration requires the use of the Cloud provider proxy remote service for the private datacenter. This remote service is optional for private datacenters without SDN and private cloud firewalls and loadbalancers. For each enterprise that will use the NSX integration, create a datacenter network device that will define the network virtualization system.
Abiquo firewalls are created outside of the Edge as global security groups. For each security group, we create the firewall Accept rules. When the firewall is assigned to a VM, we will enable it with the destination IPs for the VLAN.
Abiquo also uses NSX to configure DHCP options (such as static routes) in virtual machines. At the moment we won't support Chef, because the NSX DHCP does not support setting the required vendor-encapsulated-options.
When you delete the virtual datacenter, Abiquo deletes all NSX elements and all firewalls associated with that VDC that were outside the scope of the Edge.
You can use Abiquo External and Public networks in the NSX integration. The Network Administrator must first create the networks in the network virtualization systems. Then in the cloud platform, when you create same external or public network, and select the device that defines your virtualization system. See:
The platform will use the NSX to assign an IP to a virtual machine using DHCP. This means that the virtual machine must have an NSX firewall to allow DHCP to communicate through UDP on port 68. If the platform cannot assign the IP using the DHCP server of the NSX, it will attempt to configure the DHCP server of the Abiquo Remote Services.
The platform allows users to work with IP addresses from both standard external networks and NSX external networks at the same time because Abiquo assumes that your Network Engineers have configured routing.
When you are working with the Gateway blueprint and you create a VDC, Abiquo will create an ESG (Edge), which will function as a Gateway, DHCP server and router. The Edge is connected to the public/external port group with a public/external IP from the range configured in properties. The Edge limits the VDC to a maximum of 9 VLANs. In each Abiquo VLAN that is created for the VDC, we will reserve 20 IPs (or the number configured by properties) for use by load balancers.
With the gateway blueprint, Abiquo load balancers can be created with public, private or both types of addresses. Private IP addresses are assigned from the range reserved for load balancers. Public IP addresses are assigned from the public/external network. There is a restrction of one routing rule per load balancer. For each IP of the load balancer, we will create a virtual server, with an Edge firewall rule. We will create an application profile and if SSL is enabled, we will configure SSL. As in other Abiquo integrations, the internal connections between the nodes will not use SSL. When you assign a VM to the load balancer, it will be assigned to a Pool. NSX only allows one health check per Pool, which effectively means you can create one health check per load balancer.For a blueprint diagram, see NSX Gateway configuration guide
When you are working with the ECMP blueprint and you create a VDC, Abiquo will create DLRs and ESGs, and connect the gateways to the tenant network. For a blueprint diagram, see NSX with ECMP configuration guide
Configure the NSX integration
Use load balancers and firewalls in the NSX integration
The user experience of load balancers and firewalls in the NSX integration is very similar to other integrations.
The cloud administrator should assign the appropriate privileges to tenant administrators and/or users.
For a description of the user functionality, see: