F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Cloud and Orchestration
  4. BIG-IQ Cloud: VMware NSX Administration
  5. Integrating with VMware NSX
Manual Chapter : Integrating with VMware NSX

Applies To:

Show Versions Show Versions

BIG-IQ Cloud and Orchestration

  • 1.0.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Integrating with VMware NSX

Network requirements for communication with VMware cloud services

For proper communication, BIG-IQ® Cloud must have network access to the resources on which VMware software is installed. Before you can manage cloud resources, you must define a network route between the BIG-IQ Cloud device’s VLAN and the management VLAN on the VMware.

Discovering devices located in the VMware cloud

After you license and perform the initial configuration for the BIG-IQ® system, you can discover BIG-IP® devices running version 11.5 or later. For proper communication between the managing BIG-IQ device and the devices it manages, you must configure the BIG-IQ system with a route to each F5 device you want to manage. If you do not specify the required network communication route between the devices, then device discovery fails.

You must know the IP address that the BIG-IQ device will use to access the BIG-IP device.

Discover a device by providing the BIG-IQ® system with the device's IP address, user name, and password.

  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Hover over the Devices header, click the + icon when it appears, and then select New Device.
    The Devices panel expands to show the New Device screen.
  3. In the IP Address field, type the device's IP address.
    The preferred address for discovering a BIG-IP device is its management IP address.
  4. If the BIG-IQ system and the BIG-IP device are on different subnets, then you need to specify an IP route between them.
    • If the BIG-IQ device and the BIG-IP device communicate using the management IP address, then use SSH to issue a route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: route <route name> {gw <x.x.x.x> network default}
    • If the BIG-IQ device and the BIG-IP device use something other than the management IP address to communicate, then use SSH to issue a tmsh route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
      Note: Where <route name> is a user-provided name to identify the new route, and <x.x.x.x> is the IP address of the default gateway for the internal network.
  5. In the User Name and Password fields, type the administrator user name and password for the managed device.
  6. For the Auto Update Framework setting, select the Update Automatically check box to direct the BIG-IQ system to perform any required REST framework updates on the BIG-IP device.
    For the BIG-IQ system to properly manage a BIG-IP device, the BIG-IP device must be running the most recent REST framework.
  7. Click the Add button.
The BIG-IQ system populates the properties of the device that you added, and displays the device in the Devices panel and its configuration files display in the Configuration panel.
To complete discovery of BIG-IP® devices and populate the Devices panel, provide the administrator user name and password when requested. You can then associate tenants with this resource.

About configuring the BIG-IQ device for a VMware integration

The BIG-IQ ®device facilitates the integration between the VMware NSX and the BIG-IP® device or device cluster. The work flow for configuring this integration takes you back and forth between the two participants in this integration.

You can either integrate with a standalone BIG-IP virtual machine, or with a high availability (HA) cluster of BIG-IP virtual machines. The process for setting up the two configurations is nearly identical. Optional steps and settings to enable HA are noted where applicable.

You can ensure that the traffic management function is always available by configuring two or more BIG-IP systems in a high availability (HA) configuration. Any configuration change that occurs on one BIG-IP system is immediately synchronized with its peer devices. If one BIG-IP system in an HA configuration fails, a peer BIG-IP system takes over the traffic management.

The BIG-IP HA cluster that you create with this process is a single failover group that uses the default traffic group and automatic sync. For a complete discussion of the significance of these details, refer to the BIG-IP® Device Service Clustering: Administration guide, which is available on http://support.f5.com/kb/en-us.html.

Prepare the BIG-IQ devices for NSX integration

To begin the process of preparing the BIG-IQ® device for integration, you set up one or more BIG-IQ devices, create an NSX call back user, and a new server image, and then create an NSX connector.

Configuring a high availability configuration

You must perform basic system setup and activate a license on two or more BIG-IQ® systems before you can configure a high availability cluster.

Configuring BIG-IQ® Cloud as part of a high availability (HA) cluster ensures that you do not lose management capability of the BIG-IP® devices in your network because one BIG-IQ Cloud system fails.

Important: Do not confuse the BIG-IQ HA cluster you create in this process with a BIG-IP device cluster. Although the concept is similar, this process creates a cluster of BIG-IQ devices. BIG-IP HA cluster configuration is a separate process.
Note: Configuring an HA cluster is an optional task in this process.

If you have a primary BIG-IQ system (it can either be brand new, or one that you have been using for a while), and you want to add one or more new BIG-IQ Cloud systems as backup, you simply add the new systems to the primary system's cm-cloud-all-big-iqs group.

Important: To synchronize properly, the BIG-IQ systems must be running the same version of software. The exact configuration in terms of hardware is not required; however, the systems should have comparable resources. This is required because, in the event of a fail over, the peer must be able to maintain the process requirements for both systems. This is especially important in terms of disk space and data collection.
Important: The device that you add as an HA peer must be in an unconfigured state. That is, you should complete only the basic setup tasks. Specifying configuration details beyond those covered in the licensing and initial configuration process is likely to complicate the synching process.
  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. In System, hover over the BIG-IQ Systems header, and click the + icon when it appears.
    The New Device screen opens.
  3. In the IP Address field, type the BIG-IQ System's self IP address.
  4. In the User name and Password fields, type the administrative user name and password for the system.
  5. For the Group setting, select HA Peer Group.
  6. Click the Add button to add this device to this high availability cluster.
The system discovers its peer and displays its status.

If discovery of the newly configured BIG-IQ system fails, a Delete button displays. Verify the correct self IP address and credentials. Then click the Delete button to remove the incorrect information, and re-type the self IP address, user name, and password.

About activating a pool license

When you integrate with VMware NSX to create BIG-IP® VE virtual machines, you can activate a pool license so that BIG-IQ® software can use a license from that pool to license the BIG-IP VE systems that it creates.

You can choose not to use a pool license and skip to discovering devices. If you make this choice, the BIG-IQ device still creates BIG-IP VE systems, but you need to license them before they can be used.

You initiate the license activation process with a base registration key. The base registration key is a character string that the license server uses to verify the functionality that you are entitled to license. If the system has access to the internet, you select an option to automatically contact the F5 license server and activate the license. If the system is not connected to the internet, you must manually retrieve the activation key from a system that is connected to the internet, and then transfer it to the BIG-IQ system.

Note: If you do not have a base registration key, contact your F5 Networks sales representative.
Automatically activating a pool license
You must have a base registration key before you can activate the license pool.
If the resources you are licensing are connected to the public internet, you can automatically activate the license pool.
  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Hover over the Licenses header, and click the + icon when it appears.
    The New License screen opens.
  3. In the License Name field, type the name you want to use to identify this license.
  4. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  5. In the Add-on Keys field, paste any additional license key you have.
  6. For the Activation Method setting, select Automatic.
    The End User Software License Agreement (EULA) displays.
  7. To accept, click the Accept button.
    The system reads your license key and adds the activated license to the License panel.
Manually activating a pool license
You must have a base registration key before you can activate the pool license.
If the BIG-IQ® Device you are licensing is not connected to the public internet, you can activate the pool license manually.
  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Hover over the Licenses header, and click the + icon when it appears.
    The New License screen opens.
  3. In the License Name field, type the name you want to use to identify this license.
  4. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  5. In the Add-on Keys field, paste any additional license key you have.
  6. For the Activation Method setting, select Manual and click the Get Dossier button.
    The BIG-IQ system refreshes and displays the dossier in the Device Dossier field.
  7. Copy the text displayed in the Device Dossier field, and click the Access F5 manual activation web portal link.
    Alternatively, you can navigate to the F5 license activation portal at https://activate.f5.com/license/.
  8. Click Activate License.
    The Activate F5 Product page opens.
  9. Paste the dossier into the Enter your dossier field, and then click the Next button.
    After a pause, the license key text displays.
  10. Copy the license key.
  11. On BIG-IQ Device, into the License Text field, paste the license key.
  12. Click the Activate button.
    If the license does not display as activated in the Licenses panel after several minutes, click the arrow next to the license to contract the list, then click it again to expand. The screen should refresh and display the license as activated.

Creating an NSX callback user

You need to create a user credential that the BIG-IQ® system can use to communicate with the VMware NSX system.
  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Hover over the User header, and click the + icon when it appears.
    The New User screen opens, displaying property fields for the new user.
  3. In the Username field, type the name of the user account that VMware NSX will use when it interacts with the BIG-IQ system.
    The entry can contain a combination of letters, numbers, periods, and hyphens.
    Note: You need to recall this name when you configure the NSX.
  4. From the Auth Provider list, select Local.
  5. In the Full Name field, type a (human friendly) name to identify the NSX account.
    The full name can contain a combination of symbols, letters, numbers and spaces.
  6. In the Password and Confirm Password fields, type the password for the callback user account.
  7. Click the Add button.

Creating a new server image

Before you create a new server image, you must know the accessible location of an F5 BIG-IP ®VE installation file. The accessible location must be either an HTTP URL, or a VCenter datastore. These installation files use the .ovf file extension.
When VMware NSX creates a new server as part of the BIG-IQ® Cloud and VMware NSX integration, it uses the server image file you specify as the template.
  1. In the BIG-IQ Cloud system Connectors panel, hover over the connector you created previously, click the gear icon (gear), and then select Properties.
    The properties screen for that connector opens.
  2. Scroll down to Server Images, and click New.
    The New Server Image screen opens.
  3. In the Machine Image Name field, type a name for the server image.
    It is helpful if the image name identifies the version of the BIG-IP software you are using.
  4. In the OVF URL field, specify the accessible location of an F5 BIG-IP VE installation file.
  5. Click the Save button.

Creating a connection between BIG-IQ Cloud and NSX Manager

To enable integration between a third-party cloud provider and BIG-IQ® Cloud, you must configure a cloud connector. A cloud connector is a resource that identifies the local or virtual environment in which a tenant deploys applications and, when necessary, adds parameters required by third-party cloud providers.

For VMware NSX version 6.2 and later, BIG-IQ Cloud also helps you manage VMware resources required to run applications. Management tasks include discovering, creating, starting, and stopping VMware NSX application servers running in the private cloud. You can use this feature to accommodate seasonal traffic fluctuations by periodically adding and retracting devices and application servers as needed. Additionally, you can also provide tenants access to self-deployable iApps® through VMware integration.

  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Hover over the Connectors header, and click the + icon when it appears.
    The New Connector screen opens.
  3. In the Name and Description fields, type a name and description.
    You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
    Important: You will need to recall the name you assign to this connector so that you can select it when you are configuring the VMware user interface. The name you specify is used as the service definition name in the VMware user interface.
  4. From the Cloud Provider list, select VMware NSX.
    The screen displays additional settings specific to VMware NSX.
  5. From the Devices list, select the device you want to associate with this connector.
    Most likely, the device you select will be the one you just added for use with this connector.
  6. In the VMware NSX Address field, type the IP address of the VMware system.
    The VMware IP address must be fully accessible from the BIG-IQ device.
  7. In the VMware NSX User Name and VMware NSX Password fields, type the credentials that the BIG-IQ device will use to authenticate to the NSX Manager.
  8. In the VMware vCenter Server Address field, type the IP address of the vCenter server.
  9. In the VMware vCenter Server User Name and VMware vCenter Server Password fields, type the credentials that the BIG-IQ device will use to authenticate to vCenter.
  10. In the Device Provisioning area, from the Time Zone list, select your local time zone.
  11. In the NTP Servers fields, type the IP addresses of your Network Time Protocol (NTP) servers.
  12. In the DNS Servers field, type the IP address of your DNS server.
  13. In the DNS Suffix(s) field, type the name of your search domain.
    The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  14. In the Callback Settings area, from the BIG-IQ Callback User Name list, select the user name that NSX Manager uses to authenticate to the BIG-IQ system.
    Note: Select the user name you specified when you created an NSX callback user.
  15. In the BIG-IQ Callback Password field, type the password that NSX Manager uses to authenticate to the BIG-IQ REST system.
    Note: Specify the password you used when you created an NSX callback user.
  16. From the BIG-IQ Callback Address list, select the IP address that this NSX Manager uses to access each BIG-IQ device in the HA cluster.
    By default, the management IP address is used, but you can specify a self IP address if you choose.
  17. From the Licensing list, select the name of the license pool that you created for the NSX integration.
  18. Click the Save button.

As part of the connection creation process, the BIG-IQ system does the following:

  • Creates a new default tenant for the new connector.
  • Verifies connectivity to the NSX Manager and vCenter APIs, and registers the BIG-IQ system as an NSX Partner Service provider.
  • Creates a callback user role that enables NSX to access the BIG-IQ software resources necessary for interaction with the BIG-IQ REST API.

Prepare VMware NSX for integration

After you finish preparing the BIG-IQ® device for integration, there are a couple of tasks to perform in the VMware NSX environment to complete the integration. You need to create an NSX Edge Service Gateway and enable a load balancing service for it.

Creating an NSX Edge Services Gateway

The NSX Edge Service Gateway establishes the network within which network services such as firewall, NAT, and load balancing are deployed. To integrate a BIG-IP® device with NSX, you must create at least one Edge Service Gateway.

Important: You perform the following task using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
In the vSphere web client user interface, create a new NSX Edge.
Important: When you are configuring the Edge Services Gateway, make sure to observe the following:
  • Choose to create the gateway in undeployed mode.
  • If you are configuring an HA cluster of BIG-IP virtual machines, select Enable High Availability, otherwise leave it cleared.
  • Choose the X-Large Appliance size.
  • Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation.
When you finish editing an Edge, it appears in the list under NSX Edges.

Enabling a service for the Edge

You must provision IP pools and port groups before you enable an Edge load balancer.

If you are configuring an HA cluster of BIG-IP® virtual machines for two-arm deployments, you need to configure four vnics (1 for management, 2 for data, and 1 for HA). For one-arm deployments, you need three vnics (management, data, and HA). If you are not using HA, you can use one less vnic in each case.

The NSX Edge Service Gateway establishes the network within which network services such as firewall, NAT, and load balancing are deployed. To integrate a BIG-IP® device with NSX, you must create at least one Edge Service Gateway.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. In the vSphere web client user interface, select the NSX Edge you just created.
  2. On the Manage tab for the selected Edge, select the Load Balancer tab and click Edit.
    The Edit Load balancer global configuration screen opens.
  3. Select Enable Load Balancer and Enable Service Insertion.
    Additional options are enabled, so that you can specify additional details.
  4. For the Service Definition, select the BIG-IQ connector that you created previously.
  5. For the Service Configuration, select F5 ADC-Provision dedicated BIG-IP VE(s).
  6. For the Deployment Specification, select the BIG-IP system server image you created previously.
  7. Specify the configuration details for the Runtime NICs that you expect NSX to use as load balancers.
    Note: The connectivity types you specify depend on whether you are configuring an HA cluster. For HA, you configure 1 management Vnic, 1 HA Vnic, and 1 or 2 data Vnics. For standalone, you configure 1 management Vnic and 1 - 3 data Vnics.
    1. Configure vnic0.
      • For the Connected To setting, use the management port group you created as a prerequisite.
      • For Connectivity type, use Management.
      • For the Primary IP Allocation Mode, use IP Pool.
      • For the IP Pool, use the management pool you created as a prerequisite.
    2. Configure vnic1.
      • For the Connected To setting, use the external port group you created as a prerequisite.
      • For Connectivity type, use Data.
      • For the Primary IP Allocation Mode, use IP Pool.
      • For the IP Pool, use the external pool you created as a prerequisite.
    3. Configure vnic2.
      • For the Connected To, use the internal port group you created as a prerequisite.
      • For the Connectivity type, use Data.
      • For the Primary IP Allocation Mode, use IP Pool.
      • For the IP Pool, use the internal pool you created as a prerequisite.
    4. Configure vnic3.
      • For the Connected To setting, use the HA port group you created as a prerequisite.
      • For Connectivity type, use HA if you are configuring an HA cluster of BIG-IP virtual machines, otherwise use Data.
      • For the Primary IP Allocation Mode, use IP Pool.
      • For the IP Pool, use the HA pool you created as a prerequisite.
  8. On the Edit Load balancer global configuration screen, select the Typed Attributes tab.
  9. For the Fully qualified host name of BIG-IP VE? value, type a host name for the BIG-IP VEs that the NSX Edge will create.
The NSX Edge creates two new runtimes. These runtimes create BIG-IP virtual machines based on the specifications you provided. These virtual machines will be managed by the BIG-IQ® as an HA Cluster.

Prepare the new BIG-IP devices for integration

After the VMware NSX integration creates the BIG-IP® virtual devices, there are a couple of tasks to perform on the BIG-IP device environment to complete the integration. If the devices are configured in an HA cluster, you only perform these tasks on one device, after which the configuration is replicated on the other cluster members using Config sync.

Uploading a custom iApp to the BIG-IP device

After the NSX integration creates the BIG-IP® virtual edition instances, you may want to upload a custom iApp that more closely matches your application requirements.
  1. Log in to BIG-IQ® Cloud with the administrator user name and password.
  2. Download the iApp template.
    This iApp template is available at https://raw.githubusercontent.com/OxHiteshPatel/appsvcs_integratin_iapp/release/v1.0_001/appsvcs_integration_v1.0_003_001.tmpl
  3. On the Servers panel, hover over one of the BIG-IP VE servers created by the NSX integration, click the gear icon (gear), and then select Properties.
    The Properties screen for the selected server opens.
  4. Next to Management Password, click Show.
    The screen displays the Management Password generated by the NSX integration process when it created the BIG-IP VE.
  5. Copy the password to your clipboard and then click Cancel to close the screen.
  6. On the Devices panel, click the gear icon (gear), and then select Properties.
    The Properties screen for the selected device opens.
  7. Next to Address, click the link that displays the IP address of the BIG-IP device.
    The login screen for the device opens.
  8. For the Username, type Admin; then, for the Password paste in the password copied to the clipboard in the step 4, and then click Log in.
  9. On the BIG-IP device Main tab, click iApps > Templates and then click Import.
    The Import File screen opens.
  10. Click Choose File and then navigate to the iApp template and click Open.
  11. Click Upload.
    The iApp template is added to the list of installed templates. In about 60 seconds, it is imported to the managing BIG-IQ®. From there it is automatically imported to the NSX service.

Creating a customized application template

Before you can customize the application template for the NSX integration, you must upload the template to the managed device and then wait for it to be exported to the managing BIG-IQ® device.

An iApp is an application template located on F5 devices. When you discover an F5 device, all iApps® templates installed on that device are imported to the BIG-IQ® system. You can customize iApp templates, specifying which parameters are displayed, and which are tenant-editable. Once deployed, these parameters are available in the NSX user interface.

Note: Once you customize and save an application as a catalog entry, you cannot modify it.
Important: To modify an iApp on the BIG-IP® device, you must save it with a new name. Once an iApp has been imported to a managing BIG-IQ device, it is not imported again. When an iApp with a new name is saved on a managed BIG-IQ device, BIG-IQ software imports it automatically.
  1. Hover over the Catalog header and click the + icon when it appears.
    The New Template screen opens and displays the application template properties.
  2. In the Name field, type a name for this new template.
  3. For the Input Parameters setting, select the option that displays the parameters you want to work with.
    The setting you choose here determines which parameters, from the base template that you select, display in subsequent fields and areas on the screen.
    • Select Accept Defaults if you do not want to edit any parameters.
    • Select Common Options if you only want to edit a subset of the template parameters. This option displays parameters that:
      • are marked as tenant-editable
      • that describe the virtual server or pool
    • Select All Options to view all of the parameters for the template you select. You can then expand individual template sections, or click Expand All to view every parameter in every section.
  4. For the Cloud Connector setting, select All Connectors.
  5. From the Application Type list, select the base template that contains the parameters that provide the network settings and levels of services that you want to have available in your NSX environment.
  6. Expand sections as necessary and then specify parameter values as needed. You can provide default values in that column, and select which parameters the user can revise.
    Important: You cannot specify pool member settings (other than the IP address) for the BIG-IP device using the NSX interface. Instead, select Common Options, and specify the pool member settings as default values.
    Tip: The template options that you can view depend on which option you chose in step 3.
    Important: There are two parameters that you must select as tenant editable: the parameter that identifies the pool address, and the parameter that defines the pool member table. You can specify default values and allow user revision for as many parameters as you want. The names of these two parameters vary from one template to the next.
  7. Click the Save button.
You can now use this connector to complete the NSX integration.

Complete the NSX integration

After you finish preparing the BIG-IP® devices for integration, there are a couple of tasks to perform in the BIG-IP device environment to complete the integration. Because the devices are configured in an HA cluster, you only perform these tasks on one device, after which the configuration is replicated on the other cluster members using Config sync.

Configuring a pool of virtual machines to handle data plane traffic

Before you can create a pool of virtual machines, you must allow NSX integration to create the virtual machines. You also must create and configure the web servers for which the virtual machines will manage traffic.
The web server pool services the data plane traffic generated by your applications.
Use the VMware NSX user interface to create a web server pool.
Populate the pool using the previously created web servers.
Note: This task is performed entirely within the VMware NSX user interface. Refer to the appropriate VMware documentation for details on how to create a web server pool.

Configuring the NSX virtual server

The virtual server you create here resides on the BIG-IP® virtual machine created by the NSX integration.
  1. Use the VMware NSX user interface to create a new virtual server.
    Note: This task is performed entirely within the VMware NSX user interface. Refer to the appropriate VMware documentation for details on how to create a web server pool.
  2. On the New Virtual Server General tab, from the Application Profile list, choose the name of the custom application template you created on the BIG-IQ system .
    The settings that can be specified on the Advanced tab are now determined by the parameters marked Tenant Editable in the application template.
  3. For the IP Address, click IP Pool, and then select the external pool you created earlier to handle data plane traffic.
  4. In the Name field, specify a name to identify this virtual server.
  5. From the Default Pool list, select the just-created web server pool.
  6. If you want to revise any of the tenant editable values, click the Advanced tab and make your changes.
  7. Click OK to finish creating the new virtual server
    VMware NSX creates the new server.
The new server status is indicated by the Service Profile Status. If the status is other than In Service, you can get more information under Detailed Status, or even more information by viewing the new server on the BIG-IQ® device.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information