Documentation

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

Abiquo 3.8.2 introduces the NSX integration, which leverages the following features:

  • Network isolation
  • VXLAN management (Private networks)
  • Routing
  • DHCP
  • Firewall management (security group style)
  • Load balancer as a service

The functionality will be extended in future releases. 

The NSX integration can be used to provide  Internet access for virtual machines that only have the default private network interface on the private network, for example. To configure the NSX integration, you must set a public or external network (of floating IPs). And you must set the port group (public/external) that will be used to connect the network interfaces that use IPs from this public/exernal network.

The Abiquo NSX integration requires the use of the Cloud provider proxy remote service for the private datacenter. This remote service is optional for private datacenters without SDN and private cloud firewalls and loadbalancers.

When you create a VDC, Abiquo will create an Edge, which will function as a Gateway, DHCP server and router. The Edge is connected to the public/external port group with a public/external IP from the range configured in properties. The Edge limits the VDC to a maximum of 9 VLANs. In each Abiquo VLAN that is created for the VDC, we will reserve 20 IPs (or the number configured by properties) for use by load balancers.

Abiquo firewalls are created outside of the Edge as global security groups. For each security group, we create the firewall Accept rules. When the firewall is assigned to a VM, we will enable it with the destination IPs for the VLAN.

Abiquo load balancers can be created with public, private or both types of addresses. Private IP addresses are assigned from the range reserved for load balancers. Public IP addresses are assigned from the public/external network. There is a restrction of one routing rule per load balancer. For each IP of the load balancer, we will create a virtual server, with an Edge firewall rule. We will create an application profile and if SSL is enabled, we will configure SSL. As in other Abiquo integrations, the internal connections between the nodes will not use SSL. When you assign a VM to the load balancer, it will be assigned to a Pool. NSX only allows one health check per Pool, which effectively means you can create one health check per load balancer.

Abiquo also uses NSX to configure DHCP options (such as static routes) in virtual machines. At the moment we won't support Chef, as the NSX DHCP does not support setting the required vendor-encapsulated-options.

When you delete the virtual datacenter, Abiquo deletes the Edge and all firewalls associated with that VDC that were outside the scope of the Edge.

Configure the NSX integration

See Configure Abiquo VMware NSX integration

Use load balancers and firewalls in the NSX integration

The user experience of load balancers and firewalls in the NSX integration is very similar to other integrations.

The cloud administrator should assign the appropriate privileges to tenant administrators and/or users.

For a description of the user functionality, see:

 

  • No labels