F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Cloud
  4. BIG-IQ Cloud: Tenant User Guide
  5. Integrating VMware
Manual Chapter : Integrating VMware

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.4.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About VMware NSX version 6.1 integration

The tasks you perform to set up and configure BIG-IQ devices to manage BIG-IP system traffic in a VMware NSX version 6.1 network, use both the BIG-IQ software user interface and the VMware NSX user interface. There is also a task for which you can have greater control and flexibility using a REST API call to the NSX API. This optional task is included at the end of the task sequence.

In most production environments, data plane and control plane traffic are segregated for security reasons. To accommodate this requirement, traffic management functions are not permitted on the same network subnet with flowing network traffic. To accomplish this topology, this integration configures a total of four subnets. Two are used for BIG-IQ network management and the other two are for BIG-IP system traffic flow.

Task summary

Provisioning a BIG-IP VE on NSX

Configuring and licensing a BIG-IP virtual device on VMware NSX creates a Service Instance Runtime (SIR). Creating this SIR allows vCenter users to deploy load-balanced virtual servers (referred to in the VMware interface as Service Profiles). You can make one virtual device for each defined NSX Edge.

Tip: The objective of this task is to assemble a data parameter and use it as the payload for a REST API call that updates the configuration of the load balancer and specifies an NSX SIR. Because this parameter can be somewhat complex, you will probably want to use a tool that allows you to assemble multiple lines of content together to include in your REST API call. A script editor or a command line tool that can send files using URL syntax (such as curl) may be very helpful.
  1. In the vSphere web client user interface, create a new NSX Edge in an un-deployed state. Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation.
  2. Authenticate with the VMware NSX REST API.
    Important: Refer to the VMware API Reference documentation for the most authoritative detail about using the VMware APIs required for this task.
  3. Use a REST API call to the NSX API to retrieve information about the pools and monitors used by the NSX Edge. Copy the REST response to an editor for use in compiling the remainder of the data parameter. <NSX-Manager-IP-address>/api/4.0/edges/<NSX-Manager-IP-address>loadbalancer/config GET
    1. After you copy the content to the editor, edit the value of the enabled and enableServiceInsertion parameters. Change the value of each parameter to true.
    The following example illustrates a typical response to this API call. <loadBalancer> <version>1</version> <enabled>true</enabled> <enableServiceInsertion>true</enableServiceInsertion> <accelerationEnabled>false</accelerationEnabled> <monitor> <monitorId>monitor-1</monitorId> <type>tcp</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <name>default_tcp_monitor</name> </monitor> <monitor> <monitorId>monitor-2</monitorId> <type>http</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_http_monitor</name> </monitor> <monitor> <monitorId>monitor-3</monitorId> <type>https</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_https_monitor</name> </monitor> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> </loadBalancer>
  4. Configure the next element in the data parameters for the REST API call that will create your new VMware NSX Service Instance.
    Important: Insert the parameters assembled in this step just before the end of the </loadBalancer> element obtained in the previous step.
    1. Specify the description and name fields. Specify values that help you identify the service and its purpose. The following code snippet illustrates the field values discussed in this step. <globalServiceInstance> <description>edge-16__LB__dummy</description> <name>edge-16__LB__dummy</name>
    2. Use a REST API call to the NSX API to determine the value of the serviceId parameter. You can see all of the NSX connectors using <NSX-Manager-IP-address>/api/2.0/si/servicemanagers GET In the REST response, look for the <basicinfo> element in the <services> element, and then find the name of the connector you provided when you created the NSX connector. Use the <objectId> associated with that connector name as the value for the serviceId parameter.
    3. Use the just obtained serviceID to make a REST API call to the NSX API to determine the value of the serviceName parameter. <NSX-Manager-IP-address>/api/2.0/si/service/<serviceID> GET

      When you get the REST response, locate the <name> parameter and use that value for the serviceName parameter.

      In the following example, the name parameter value is: NSX-conn-sample-20140717-113002-22123-0.

      <objectId>service-446</objectId> <objectTypeName>Service</objectTypeName> <vsmUuid>42388336-FE9B-225A-ECAF-1085628911B2</vsmUuid> <revision>6</revision> <type> <typeName>Service</typeName> </type> <name>NSX-conn-sample-20140717-113002-22123-0</name>
    4. Use a REST API call to the NSX API to determine the value of the instanceTemplateUniqueId and instanceTemplateId parameters. <NSX-Manager-IP-address>/api/2.0/si/service/<serviceID> GET When you get the REST response, look in the <serviceInstanceTemplates> element and locate the name of the service instance template that you plan to use (the default template that is built when you create an NSX connection is F5 ADC - Make a BIG-IP VE. Locate the <id> parameter and use that numeric string value for the instanceTemplateId parameters.
  5. For the instanceTemplateTypedAttributes element, specify the type attributes that are required for the service instance template. There are several attributes to configure. Some are required, some are optional. Each one is identified by the value of the attribute key.
    1. For the F5-BIG-IP-MAKE-VE key, leave the <name> field alone and specify yes for the <value> field
    2. For the F5-BIG-IP-VE-FQ-HOST-NAME key, specify the host name that you want the template to use, or leave it blank to use the default host name.
      Tip: This step is optional. If you do not specify a host name, the template uses the default host name.
    3. For the F5-BIG-IP-VE-OVF key, specify the name you want to specify for the template.
      Tip: If you have already created a node template, than specify the name of it here. If you are creating a node template, then specify a name to go along with the URL that you specify in the next step.
    4. For the F5-BIG-IP-VE-OVF-URL key, specify the URL that describes the location of the OVF file that the BIG-IQ device uses to create the BIG-IP VE.
      Tip: This step is optional. You only need to specify the URL if the node template has not already been created.
    5. For the F5-BIG-IP-VE-ADMIN-PASSWORD key, specify the admin password so that you can easily log in as admin to this BIG-IP VE from NSX.
      Tip: When the BIG-IP VE is initially provisioned, root login is disabled. To access the VE using root login, you must log in as admin and set the root password.
      Tip: If you choose to let NSX generate a password, you can view the password by submitting a REST API call: mgmt/cm/cloud/connectors/vmware-nsx/<connectorId>/nodes<nodeID> GET. Examine the REST response for the value of the DeviceMgmtPassword field.
  6. For the runtimeNicInfo field, specify details for each of the four network interfaces (NICs).
    Option Description
    index The value of this field indicates which of the four NICs you are configuring.
    label Specifies a name for the NIC you are configuring.
    objectId field in the network parameter Specifies which network interface to use for the NIC you are configuring.
    connectivityType Specifies whether the NIC you are configuring is for data (DATA) or control plane (MGMT) use.
    ipAllocationType Specifies the mode to use for IP address allocation. Generally, IP_POOL, is used, but you can also use MANUAL or DHCP.
    objectId field in the ipPool parameter Identifies which IP pool to use for the IP addresses allocated to this NIC.
    • The first vNIC you specify provides the DHCP-enabled control plane network on which the BIG-IP VE boots. Choose the name specified previously that corresponds to the IP pool 192.168.11.0/24.
    • The next vNIC you edit provides the external data network on which the BIG-IP creates virtual servers. Choose the name specified previously that corresponds to the IP pool 10.22.0.0/16.
    • The next vNIC you edit provides the internal data network on which load-balanced pool members are located. Choose the name specified previously that corresponds to the IP pool 10.33.0.0/16.
    • The last vNIC you edit provides the control plane network on which the BIG-IQ device discovers and manages BIG-IP devices. Choose the name specified previously that corresponds to the IP pool 192.168.44.0/24.
  7. In the objectId field of the service parameter, specify the name of the service manager you want to use. You can retrieve this name using <NSX-Manager-IP-address>/api/2.0/si/serviceinstance GET
  8. Once you have completed the data parameter assembly, you can create the SIR by making a REST API call to the NSX API. <NSX-Manager-IP-address>api/4.0/edges/<edge objectId>/loadbalancer/config PUT

    The following example illustrates a typical data parameter for this API call.

    <loadBalancer> <version>1</version> <enabled>false</enabled> <enableServiceInsertion>false</enableServiceInsertion> <accelerationEnabled>false</accelerationEnabled> <monitor> <monitorId>monitor-1</monitorId> <type>tcp</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <name>default_tcp_monitor</name> </monitor> <monitor> <monitorId>monitor-2</monitorId> <type>http</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_http_monitor</name> </monitor> <monitor> <monitorId>monitor-3</monitorId> <type>https</type> <interval>5</interval> <timeout>15</timeout> <maxRetries>3</maxRetries> <method>GET</method> <url>/</url> <name>default_https_monitor</name> </monitor> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <instanceTemplateTypedAttributes> <typedAttribute> <key>F5-BIG-IP-MAKE-VE</key> <name>F5-BIG-IP-MAKE-VE</name> <value>yes</value> <type>STRING</type> </typedAttribute> <typedAttribute> <key>F5-BIG-IP-VE-OVF</key> <name>Name of BIG-IP node template?</name> <value /> <type>STRING</type> </typedAttribute> <typedAttribute> <key>F5-BIG-IP-VE-FQ-HOST-NAME</key> <name>Fully qualified host name of BIG-IP VE? Optional - remains default if unspecified.</name> <value /> <type>STRING</type> </typedAttribute> <typedAttribute> <key>F5-BIG-IP-VE-ADMIN-PASSWORD</key> <name>Admin password of BIG-IP VE? Leave blank to have random strong password generated.</name> <value /> <type>STRING</type> </typedAttribute> </instanceTemplateTypedAttributes> <baseRuntimeConfig> <deploymentScope> <resourcePool>domain-c35</resourcePool> <datastore>datastore-49</datastore> <nics> <runtimeNicInfo> <index>0</index> <label>mgmt</label> <network> <objectId>network-44</objectId> </network> <connectivityType>MGMT</connectivityType> <ipAllocationType>IP_POOL</ipAllocationType> <ipPool> <objectId>ipaddresspool-4</objectId> </ipPool> <ipAddress>10.144.63.213</ipAddress> <subnetMask>255.255.240.0</subnetMask> <gatewayAddress>10.144.63.203</gatewayAddress> </runtimeNicInfo> <runtimeNicInfo> <index>1</index> <label>external</label> <network> <objectId>network-46</objectId> </network> <connectivityType>DATA</connectivityType> <ipAllocationType>IP_POOL</ipAllocationType> <ipPool> <objectId>ipaddresspool-3</objectId> </ipPool> </runtimeNicInfo> <runtimeNicInfo> <index>2</index> <label>internal</label> <network> <objectId>network-47</objectId> </network> <connectivityType>DATA</connectivityType> <ipAllocationType>IP_POOL</ipAllocationType> <ipPool> <objectId>ipaddresspool-2</objectId> </ipPool> </runtimeNicInfo> <runtimeNicInfo> <index>3</index> <label>ha</label> <network> <objectId>network-47</objectId> </network> <connectivityType>MGMT</connectivityType> <ipAllocationType>IP_POOL</ipAllocationType> <ipPool> <objectId>ipaddresspool-2</objectId> </ipPool> </runtimeNicInfo> </nics> </deploymentScope> </baseRuntimeConfig> </config> <service> <objectId>input-service-id-here</objectId> </service> </serviceInstance> </loadBalancer>
After you submit the API call, VMware NSX and the BIG-IQ software engage in a sequence of calls and responses. When this sequence completes successfully, the NSX API status returns an IN_SERVICE message to indicate that the device provisioning is complete.
You can confirm that the provisioning sequence completed successfully, by making a REST API call to the NSX API similar to this one: <NSX-Manager-IP_address>/api/2.0/si/serviceinstance/< serviceinstance-id>/runtimeinfo/<serviceruntime-id> GET

The API response IN_SERVICE indicates that provisioning completed successfully.

Tip: If the status does not update to indicate success, you may be able to determine where the sequence broke down by analyzing the call and response sequence. For detail on this sequence, refer to Provisioning call flow sequence.

Using the API to define an NSX runtime deployment specification

VMware NSX uses a Runtime Deployment to specify parameters for BIG-IP virtual devices provisioned using a BIG-IQ software connection. Node templates simplify the task of specifying the parameters for the Runtime Deployment. This task uses the Create node template API to create a node template. The BIG-IQ and NSX integration uses this template when it provisions new BIG-IP virtual devices.

Important: Using an API call to perform this task is optional. If you want to use the NSX user interface to specify the node template, you can do that. However, if you want to create the template in advance or see a list of existing templates before you define a new one, you can use a REST compliant HTTP request to execute an API call. To facilitate the process of submitting REST API calls, F5 includes an API management tool called Presentation Manager. This task steps you through its use.
  1. Use a web browser to access and log in to your BIG-IQ device. https://<BIG-IQ IP address>
  2. Use the Presentation Manager API tool to access the Create node template URL. https://<BIG-IQ IP address>/mgmt/cm/cloud/connectors/vmware-nsx/presentation The Presentation Manager interface opens for the Create node template API.
  3. Click Table of Contents. A lengthy list of API endpoints is displayed.
  4. From the list of API endpoints, locate the connector just created in the previous task. The connector will look something like this: /mgmt/cm/cloud/connectors/vmware-nsx/<connectorId>/nodes
  5. In the upper right corner, click the plus sign, and then scroll to the very bottom of the page and click the Advanced button. A small box, titled JSON Input will appear.
  6. In the JSON Input box, type the values for three property IDs needed to register the node template as a deployment specification.
    • The OvfUrl entry identifies the URL specified previously for the OVF file that the BIG-IQ device uses to create the BIG-IP VE.
    • The BIG-IP entry set to true indicates that the template specifies provisioning details for a BIG-IP device.
    • The NodeTemplateName entry identifies the name you want NSX users to specify when requesting deployment of this type of BIG-IP VE.
    { "state": "TEMPLATE", "properties":[ { "id": "BIG-IP", "provider": "true" }, { "id": "NodeTemplateName", "value": "BIGIP-11.5.0.0.0.221.LTM_1SLOT-scsi.ovf" }, { "id": "OvfUrl", "provider": "http://server/ovfs/BIGIP-11.5.0.0.0.221.LTM_1SLOT-scsi/BIGIP-11.5.0.0.0.221-scsi.ovf" } ] }
  7. Click Save. Presentation Manager submits the REST API call with the JSON body you specified.
The API call registers the deployment specification received from the NSX API with the BIG-IQ software's NSX Partner Service. The REST API response includes the property ID ImageId. This value identifies the just-created deployment specification that confirms that the connection between the BIG-IQ system and the NSX device is established.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information