Configure the Abiquo NSX-T integration

Owned by MS (Unlicensed)
Last updated: Jul 08, 2022Version comment
7 min read

Requirements of the NSX-T integration

Abiquo offers support for NSX-T.

  • For supported versions, see VMware
  • Abiquo 5.4.0 supports NSX-T with N-VDS and VDS (from v5.4.1) 
  • To use load balancers NSX-T Advanced edition or higher is required.
  • The NSX-T plugin requires a separate Abiquo license
  • Abiquo supports only one vCenter per Abiquo datacenter when working with NSX-T
    • The default tier0 and edgeCluster configuration in Abiquo properties is for all NSX-T installations in all Abiquo datacenters. Each enterprise can change the tier0 and/or edgeCluster. The default and enterprise configurations of tier0 and edgeCluster are identified by name and they are all required in all NSX-T installations
  • We recommend using a cluster not managed by Abiquo to deploy the Edge appliances. This cluster is defined in the Remote Services appliance properties in each DC.
  • The administrator must create at least one Tier-0 configuration to register in Abiquo
  • Abiquo v5.4.1 adds support for creating and onboarding public networks using pre-created Tier-0 segments


Introduction to the integration

Abiquo uses the Policy mode and it does not modify the Fabric. The administrator must create at least one Tier-0 configuration to register in Abiquo.  

Every time administrators create a virtual datacenter, Abiquo will create a Tier 1 entity and a segment (Abiquo default private network). Abiquo will manage the east-west firewall with groups to ensure that user VMs can connect to private networks that are in their virtual datacenter only. This is different from other providers, where user VMs can connect to other VMs in the same private network only. 

The integration provides NAT connectivity outside of the enterprise's VDCs using an external IP with a static route.

Users can configure NAT interfaces with SNAT and DNAT interfaces on demand. Users can also configure private networks (segments), and firewall policies (north-south firewall), and load balancers.

To provide public networks in Abiquo, Administrators can create segments on a Tier-0 entity. These networks will be accessible to users in all enterprises using this Tier-0. Administrators can enter the network path to create or capture the corresponding public networks to manage them in Abiquo.

Design your NSX-T networks

Abiquo can work with the following Tier-0 configurations using the NSX-T context properties.

Depending on the combinations of Tier-0 configurations, set context properties on the Abiquo server, and/or as enterprise properties, or during the creation of virtual datacenters.

Tier-0 ConfigurationAbiquo configuration

Single Tier-0 for the whole platform

Configure Tier-0 in Abiquo properties

  • Useful for test environments!

One default Tier-0 and one per tenant

To create a configuration for a tenant, set enterprise properties to override the default configuration in Abiquo properties

Multiple Tier-0 configurations per tenant
(user interface)

  • Remove the default configuration from Abiquo properties
  • And remove this configuration in enterprise properties for the tenant
  • When creating virtual datacenters, supply the Tier-0 configuration as context properties

These configurations are described in the sections below.


Create a Tier-0 configuration in NSX-T

To configure NSX-T, configure one or more Tier-0 configuration as described here.

  1. Create a Tier-0 router
    1. Enable dynamic routing with Border Gateway Protocol 
    2. Enable redistribution
      1. Create a valid list of route redistribution elements (view NSXTEntityConfigurationChecker)
  2. To route from Tier-0 to outside networks or the Internet
    1. Connect the Tier 0 router to your physical infrastructure
    2. Create a VLAN transport zone (TZ) and connect your Tier-0 router to the TZ  
  3. To allow NAT connectivity outside your VDCs, add a source IP for D-NAT to configure as the Tier-0 external IP in Abiquo
  4. Select an Edge Cluster ID where Abiquo will create the Tier-1 gateways
  5. To dynamically assign IP adddresses to all segments, manually create at least one DHCP profile
    1. DHCP Server type
    2. Add an IP and a range, for example, 192.168.254.1/24
  6. Select an Overlay TZ ID to allocate to the Segments
  7. Connect one or more hosts to the Tier-0 (via N-VDS for instance)

Next add the details of your Tier-0 configurations to Abiquo as described below, using either Abiquo properties, enterprise properties, or virtual datacenter context properties.

Check your NSX-T configuration

You can use the nsxt-tool from Abiquo to check your configurations in NSX-T.

The tool will list valid configurations and recommend changes to invalid configurations.


Configure NSX-T on the Remote Services servers

Configure the following properties on the Remote Services servers to define the NSX-T services for your users in Tier-1. 

PropertyDescription

abiquo.nsxt.dhcp.leasetime-ms

Time to keep the lease in the DHCP server of the NSX-T
Default: 86400

abiquo.nsxt.infra.load-balancers.error-log-level

Error log level of the NSXT Load Balancers Valid values are: INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY
Default: INFO

abiquo.nsxt.infra.load-balancers.reserved-ips

Number of IP addresses that are reserved for NSX-T in each private network to allocate to load balancers.
Default: 20

abiquo.nsxt.infra.load-balancers.size

Size of the NSXT Load Balancer. Valid values are: SMALL, MEDIUM, LARGE, XLARGE
Default: SMALL

abiquo.nsxt.infra.tier0-external-ipExternal IP used by the Tier-0

abiquo.nsxt.infra.tier1.pool-allocation

Edges Pool Allocation Size defined at Tier1 Valid values are: ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE
Default: LB_SMALL

abiquo.nsxt.polling-ms

Time to wait between check on the NSXT api
Default: 3000


You can also set the properties to configure the management of asynchronous task and connections to tune the performance of the NSX-T plugin.

For example, you could set the following properties.

#abiquo.nars.async.pool.nsxt.byvdc=true
#abiquo.nars.async.pool.nsxt.max=1
#abiquo.virtualfactory.nsxt.device.openSession=2
#abiquo.virtualfactory.nsxt.device.openSession.byvdc=false


Set Abiquo properties to configure Tier-0 for the platform

To configure one Tier-0 for the Abiquo platform or to configure a default Tier-0:

  1. Log in to the Abiquo server as an administrator
  2. Edit the abiquo.properties file
  3. Set the following properties
PropertyDescription

abiquo.nsxt.infra.dhcp-conf-name

Name of the NSX-T DHCP Profile used to create Tier1 VPCs. NSXT UI path is: Policy - Networking - Ip Management - DCHP

abiquo.nsxt.infra.edge-cluster-name

Name of the NSX-T Edge Cluster used to create Tier1 VPCs. NSXT UI path is: Policy - System - Fabric - Nodes - Edge Clusters
Default: Edge-Cluster-01

abiquo.nsxt.infra.tier0-name

Name of the NSX-T Tier0 used to create the Tier1 VPCs. NSXT UI path is: Policy - Networking - Tier-0 Gateway

abiquo.nsxt.infra.transport-zone-name

Name of the NSX-T Transport Zone (overlay) used to create segments / networks. NSXT UI path is: Policy - System - Fabric - Transport Zones


Set enterprise properties to configure Tier-0 for the tenant

To set a single Tier-0 configuration for a tenant:

  1. Log in to Abiquo as an administrator
  2. Go to Users → edit the tenant enterprise → Properties
  3. Set keys and values for the following enterprise properties (note there is no "abiquo." prefix) 
PropertyDescription

nsxt.infra.dhcp-conf-name

Name of the NSX-T DHCP Profile used to create Tier1 VPCs. NSXT UI path is: Policy - Networking - Ip Management - DCHP

nsxt.infra.edge-cluster-name

Name of the NSX-T Edge Cluster used to create Tier1 VPCs. NSXT UI path is: Policy - System - Fabric - Nodes - Edge Clusters
Default: Edge-Cluster-01

nsxt.infra.tier0-external-ip

External IP used by the Tier-0.

nsxt.infra.tier0-name

Name of the NSX-T Tier0 used to create the Tier1 VPCs. NSXT UI path is: Policy - Networking - Tier-0 Gateway

nsxt.infra.transport-zone-name

Name of the NSX-T Transport Zone (overlay) used to create segments / networks. NSXT UI path is: Policy - System - Fabric - Transport Zones

Screenshot: Enterprise properties example

For more details of how to create enterprise properties, see Manage tenant properties.

Create an NSX-T device

To register the NSX-T in Abiquo:

  1. Log in to Abiquo as an administrator
  2. Go to Infrastructure → Networks → Devices.
  3. Click the + add button and create an NSX-T device
    1. You can create for a single tenant or for all tenants in a datacenter
    2. The NSX-T endpoint will usually be something like  https://ADDRESS , where ADDRESS is the NSX appliance IP address. See  Manage Devices

After you create the device, go to Infrastructure → Servers and add the hosts connected to the NSX-T. 

Abiquo will automatically use NSX-T when you create virtual datacenters in the datacenter.


Configuration to use more than one Tier-0 configuration per tenant

To use more than one Tier-0 configuration per tenant, you will need to register the Tier-0 configuration when you are creating a virtual datacenter.

To make Abiquo request the required Tier-0 configuration, remove the default configuration for the Abiquo properties and for the tenant. 

To remove the default configuration:

  1. Log in to the API Server and edit the abiquo.properties file. Remove the context properties.
  2. Log in to Abiquo as an administrator. Go to Users → edit the tenant enterpriseProperties. Remove the context properties.

Effectively, you must remove the configuration for the platform and for the tenant as described in the configuration sections above.

Now when you create a VDC, the UI will request the missing context properties (as defined in the UI configuration, See Configure Abiquo UI).

The process to create a VDC with context properties in the Abiquo API is the same as the process to create one in the user interface.

Add public networks for NSX-T

The administrator can create Abiquo public networks in NSX-T as segments of Tier-0. The administrator can then add the networks to the platform for use by all tenants that share the Tier-0 configuration.

Before you begin, add NSX-T to your platform as described in the above section.

To create a public network for NSX-T

  1. Log in to NSX-T as an administrator and create a segment in a Tier-0 configuration
  2. From the segment's options menu, select Copy path to clipboard
  3. Log in to Abiquo as an administrator
  4. Go to Infrastructure → Private → select datacenter → Network → Public → Create a public network
  5. Select the Device and as the Provider ID, paste the network path, and Save

The platform will create the network and VMs in the virtual datacenters (Tier-1 entities) that belong to the same Tier-0 as the public network can use IP addresses in this network.

Capture VMs with NSX-T

To test VM capture with NSX-T, use this process:

  1. In Abiquo, create a VDC, which includes a Tier-1 and a segment, and make a note of the segment name
  2. Using vCenter, create a VM and attach it to the opaque network that represents the segment
  3. In Abiquo, capture the VM, assigning it to the VDC that you created earlier (Tier-1 from step 1)


Copyright © 2006-2022, Abiquo Holdings SL. All rights reserved