Abiquo and NSX-T

Abiquo supports NSX-T with a single plugin for advanced cloud networking. With NSX-T Abiquo offers similar functionality to the NSX-V plugin including: virtual datacenters, private networks, NAT, firewalls, load balancers, and bandwidth limits. VMware does not offer an upgrade path from NSX-V to NSX-T and this plugin is also for use with new resources. Abiquo uses the NSX-T Policy mode and it does not modify the Fabric. Abiquo supports N-VDS and VDS.

Before you add the NSX-T to Abiquo, you must create at least one Tier 0 configuration. You can register its details in Abiquo, for example, using Abiquo properties. In NSX-T, Tier 0 is a virtual gateway to the physical infrastructure. By default, Abiquo will use one Tier 0 configuration for the whole platform, but you can also use Tier 0 configurations for enterprises by supplying the configuration as enterprise properties or context properties (during VDC creation).

For full details of how to configure NSX-T, see Configure the Abiquo NSX-T integration.

To add NSX-T to Abiquo, create a device, which can be at the datacenter or enterprise level.

An NSX-T device in Abiquo

When you create a VDC in Abiquo, Abiquo will create the Tier 1 entity and an optional default private network as a segment in NSX-T. Usually, Abiquo creates the default private network when you first deploy a VM, but in NSX-T Abiquo creates it at the same time that it creates the VDC. In NSX-T, Abiquo uses the border gateway protocol to dynamically configure VDC networks.

Users can create additional Abiquo private networks, which will also be segments in NSX-T.

For each VDC, Abiquo will create a DHCP server and an east-west firewall policy with a VDC group, which will allow traffic between private networks within the VDC.

The Abiquo NSX-T integration does not support IPv6, and it does not use the DNS suffix field.

Abiquo private networks in NSX-T

The cloud administrator can create NAT networks, and Abiquo users can obtain NAT IPs for their virtual datacenters and create NAT rules.

When users create Abiquo firewall policies, Abiquo creates north-south firewall policies in NSX-T.

Abiquo supports load balancers using the NSX-T load balancer service. You can configure the size with the previous Abiquo properties that set Edges Pool Allocation Size and Load Balancer Service Size. You can add 1 load balancer pool per load balancer service. The certificate for load balancers does not let you include a private key, and if you do so, Abiquo will ignore it. Abiquo reserves 20 IP addresses for use in load balancers.

On the QoS tab, users can set a bandwidth limit for NAT IPs in their virtual datacenters. Note that the NSX-T SNAT bandwidth limit does not support a peak bandwidth limit.

Abiquo supports public networks, which you can create and onboard to match existing Tier-0 segments. Users can work with these public networks in virtual datacenters (Tier-1) that belong to the Tier-0 entity. To create a network, first select the NSX-T device, then enter the Provider ID, which is the path of the segment. As in private networks, Abiquo reserves the first 20 IP addresses for load balancers and you cannot use a reserved address for a DHCP server.

Abiquo configures firewalls in NSX-T with drop by default and then adds entries in policies to allow traffic. In Abiquo, when users create networks, they can mark the Exclude from firewall checkbox. This means that Abiquo will allow traffic for private networks by adding rules to one Excluded segments from firewall policy for each virtual datacenter. If you delete the policy in NSX-T, then Abiquo will disable the feature.

When you capture a VM from NSX-T, you must add the VM to a VDC with the same network as the VM network. The platform will match the network by provider ID, not by tag as in the previous NSX-V integration.

Related pages: