F5 Friday: Integrating BIG-IP with NSX-T

Lori MacVittie サムネール
Lori MacVittie
Published February 07, 2020

As organizations march steadily on their journey through digital transformation, the issue of integration becomes critical. In addition to the obvious integration challenges arising from the heterogenous app portfolio of most firms, there are similar challenges arising from the heterogenous app services portfolio organizations maintain.

The majority (69% according to our most recent State of Application Services research) operate at least ten or more application services. Those application services do not operate in a vacuum. To facilitate the speed and scale organizations seek through digital transformation, automation is key. Through automation, deployment and operations can scale to support a growing portfolio that is often deployed with increasing frequencies.

The means of automation in the network—where most application services today still reside—takes the form of toolsets and stacks. VMware has been—and continues to be—one of the most relied upon frameworks for automation according to our research. Integrating with VMware stacks, then, is an important capability for any application service.

I say stacks because today VMware offers two distinct stacks: NSX-T and NSX-V. Their methods of integration differ, particularly at the control plane layer.

NSX-V is VMware’s original implementation supporting ESXi only. Its OVSDB control plane relies on VxLAN overlays. For F5 that means BIG-IP integrates by attaching dynamically via an open API, giving operators a centralized point of control via its operational stack.  

NSX-T, on the other hand, expands to include KVM, cloud, and native container support for Pivotal PAS, PKS, OpenShfit, and DIY Kubernetes. That’s a good reason to evolve your NSX implementation. Under the covers is a new control plane. Instead of VxLAN, NSX-T uses GENEVE overlays. Now, while BIG-IP supports GENEVE, the necessary NSX-T APIs are not yet open. This means you can still use BIG-IP—we integrate via routing, instead—but you don’t get integration into the operational stack.

But don’t let that stop you from moving ahead. What you get from BIG-IP is per-application visibility, autoscaling, and a robust set of application services at your disposal. Operation and visibility are readily accessible—and easily automatable—via F5 BIG-IQ.

You also get flexibility in deployment topologies. One of the benefits of routing as the basis for integration is the ability to insert application services into the architecture in a way that makes sense for the organization. F5 supports both inline and parallel topologies for NSX-T. Hardware, too, becomes an option for those who need to eke out every ounce of performance and scale or require FIPS 140-2 Level 1 and Level 2 certification.

Integrating BIG-IP with NSX-T isn't magic, it's just networking. We've been connecting to L2/3 infrastructures like Cisco and Juniper for longer than most network engineers have been network engineers. We know networking.

Details on how to integrate BIG-IP with NSX-T can be found in this deployment guide.