Introduction

Hey everyone, in this blog post, I’ll be discussing some important points on project networking and communication. These are essential skills for any team working on a project together, so let’s dive in!

Firstly, let’s talk about configuring project networking. This involves setting up the necessary connections between team members, devices, and systems to ensure everyone can access the project resources they need. It’s important to consider factors like security, accessibility, and scalability when configuring project networking, as these can have a significant impact on the productivity and success of the project.

Next up, we have communication within projects. Effective communication is key to keeping everyone on the same page and ensuring the project runs smoothly. There are many different tools and techniques that can be used for project communication, such as video conferencing, instant messaging, and project management software. It’s important to choose the right communication methods based on the needs of your team and the project at hand.

Overall, project networking and communication are vital skills for any team working on a project together. By configuring your project networking effectively and utilizing the right communication tools and techniques, you can ensure your team is working efficiently and collaboratively towards a successful project outcome.

Steps Overview

Step 1: – Project Networking

Step 2: – Topology Diagram & Project Configuration

Step 3: – Comprehensive overview of all the projects

Step 4: – Traffic within a Project

Step 1: – Project Networking

As an Enterprise Admin, you possess the authority to observe all Projects in the Default space or switch to view a specific Project as per your requirement. Moreover, you hold the privilege to create multiple tenants with different Projects, such as Project A or Project B. To do so, you must allocate at least one Tier-0 or Tier-0 VRF, which can be multiple, along with at least one Edge Cluster, also multiple.

Additionally, you are expected to allocate the User(s) to the Project and provide a short log ID that will be labeled on logs belonging to the Project. It should be noted that this log ID is restricted to security logs in NSX 4.1.0.2.

In order to guarantee that our current setup satisfies the required standards, we must have at least one Tier-0 or Tier-0 VRF, with the possibility of having multiple if necessary. Additionally, we must possess at least one Edge Cluster, with the option of having multiple if necessary. Let’s thoroughly examine our existing setup to ensure that we meet these essential prerequisites.

Capture 1: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on toggle interface “Policy”.

Step 3: – Click on “Default” under project switcher.

Step 4: – Click on Networking.

Step 5: – click on Tier-0 gateways under the connectivity.

Step 6: – We can see the MT-T0 (T0-Gateway).

Step 7: – We can see the Edge cluster name “Multi-tenancy”

Before moving forward with the project, it is important to determine the users who will be involved and allocated to it. This will ensure that everyone is on the same page and that tasks are properly assigned and completed. It will also allow for effective communication and collaboration throughout the project. So, let’s make sure we have a clear understanding of who will be involved and their roles before we proceed.

Capture 2: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on “Default” under project switcher.

Step 3: – Click on Systems.

Step 4: – Click on User Management under settings.

Step 5:- click on User Role Assignment.

Step 6: – We can see the User “CHRIS” assigned to Project-B with the Project admin role.

Step 7: – We can see the User “TOM” assigned to Project-A with the Project admin role.

We must establish a Short log ID(identifier) for security logs in NSX 4.1.0.2 to guarantee the utmost safety and security of our project. This ID will be specifically designated for logs associated with the project objects. Proceed immediately with this task to safeguard our project’s integrity.

Capture 3: –

Step 1: – Click on Projects and click on expand all.

Step 2: – We can see the Short log identifier for Project-A “ProA.log”.

Step 3: – We can see the Short log identifier for Project-B “ProB.log”.

Step 4: – Click on Close.

To verify the pre-requisite, we can check the API https://(nsx -mgr ip)/policy/api/v1/orgs/default/projects.

It’s always a good idea to make sure all pre-requisites are met before proceeding with any tasks.

Step 2: – Topology Diagram & Project Configuration

Fantastic, we can utilize the topology diagram to accurately configure the networking for the NSX Project. Our aim is to ensure that everything is precisely set up and ready to roll. Let’s dive in and get started!

Capture 1:-

• Summary of the Projects Topology: –

let’s begin configuring the Project-A instances. I suggest we review the specific requirements and objectives for each instance to guarantee optimal performance and efficiency.

let’s begin configuring the Tier-1 GW. We will need to ensure that it is properly connected to the network and has the correct settings configured. It’s important that we take our time and double-check everything to ensure that the Tier-1 GW is functioning correctly under Project-A..

Capture 2: –

Step 1: – login as an project administrator “TOM”.

Step 2: – Click on “Project-A” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on Tier-1 Gateways under Connectivity.

Step 5:- As per the topology diagram we have given the name “T1-MT-PROJA”.

Step 6: – HA Mode we have selected “Distributed Only”.(We can select other mode also like “Active-Active” or “Active -Standby”. In this scenario I don’t want to run any service due to this i select distributed only.)

Step 7: – Select the “MT-T0”.

Step 8: – Enable the radio button of the “All connected segments and service ports” under the route advertisement. Click on save and then click on NO.

Step 9: – We can see the status of T1-GW is “Green”.

To review the Tier-1 configuration from the API: – https://(nsx-mgr-ip)/policy/api/v1/orgs/default/projects/Project-A/infra/tier-1s

Capture 3: –

Alright, let’s get started with configuring the segments for Project-A.

Capture 4:-

Step 1: – login as an project administrator “TOM”.

Step 2: – Click on “Project-A” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on segments under Connectivity.

Step 5:- As per the topology diagram we have given the segment name “ProjA-DEV” connected to the “T1-MT-PROJA” gateway and set the subnet “192.168.80.1/24”

Step 6:- As per the topology diagram we have given the segment name “ProjA-PROD” connected to the “T1-MT-PROJA” gateway and set the subnet “192.168.90.1/24”

To review the segment configuration from the API — – https://(nsx-mgr-ip)/policy/api/v1/orgs/default/projects/Project-A/infra/segments

Capture 5: –

For Project-A, the ORG-default-PROJECT-Project-A-default group is the default option. All the segments and their respective virtual machines will be automatically added to this group.

Capture 6: –

Step 1: – login as an project administrator “TOM”.

Step 2: – Click on “Project-A” under project switcher.

Step 3: – Click on Inventory.

Step 4: – Click on groups under Inventory overview.

Step 5: – Default group already created with name “ORG-default-PROJECT-Project-A-default”.

Step 6: – Click on “View members”.

Step 7:- We can see the NSX-Segments

Step 8:- We can see the name of the segments “ProjA-DEV” & “ProjA-PROD”.

Step 9 :- Click on Ip address and we can see the associated VM’s IP address.

Step 10: – Click on segment ports and we will see the VM names and UUID.

Alright, let’s get started with reviewing the default security for Project-A.

Upon creation of Project-A’s Distributed Firewall, four default rules are established. Part 4 will provide further insight into the security aspect of this setup.

Capture 7:-

Step 1: – login as an project administrator “TOM”.

Step 2: – Click on “Project-A” under project switcher.

Step 3: – Click on Security.

Step 4: – Click on Distributed Firewall under Security overview.

Step 5: – Category Specific rules.

Step 6:- Look into the application rules. There are 4 default groups under 01 default policy. In the last of the rules is “Drop”.

let’s begin configuring the Tier-1 GW. We will need to ensure that it is properly connected to the network and has the correct settings configured. It’s important that we take our time and double-check everything to ensure that the Tier-1 GW is functioning correctly under Project-B..

Capture 8: –

Step 1: – login as an project administrator “Chris”.

Step 2: – Click on “Project-B” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on Tier-1 Gateways under Connectivity.

Step 5:- As per the topology diagram we have given the name “T1-MT-PROJB”.

Step 6: – HA Mode we have selected “Distributed Only”.(We can select other mode also like “Active-Active” or “Active -Standby”. In this scenario I don’t want to run any service due to this i select distributed only.)

Step 7: – Select the “MT-T0”.

Step 8: – Enable the radio button of the “All connected segments and service ports” under the route advertisement. Click on save and then click on NO.

Step 9: – We can see the status of T1-GW is “Green”.

To review the Tier-1 configuration from the API: – https://(nsx-mgr-ip)/policy/api/v1/orgs/default/projects/Project-B/infra/tier-1s

Capture 9: –

Great, let’s get started with configuring the segments for Project-A.

Capture 10: –

Step 1: – login as an project administrator “Chris”.

Step 2: – Click on “Project-B” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on segments under Connectivity.

Step 5:- As per the topology diagram we have given the segment name “ProjB-DEV” connected to the “T1-MT-PROJB” gateway and set the subnet “192.168.81.1/24”

Step 6:- As per the topology diagram we have given the segment name “ProjB-PROD” connected to the “T1-MT-PROJB” gateway and set the subnet “192.168.91.1/24”

To review the segment configuration from the API — – https://(nsx-mgr-ip)/policy/api/v1/orgs/default/projects/Project-B/infra/segments

Capture 11: –

The group designated for Project-B as default is named “ORG-default-PROJECT-Project-B-default”. It includes all of the segments and their associated virtual machines solely for Project-B.

Capture 12: –

Step 1: – login as an project administrator “Chris”.

Step 2: – Click on “Project-B” under project switcher.

Step 3: – Click on Inventory.

Step 4: – Click on groups under Inventory overview.

Step 5: – Default group already created with name “ORG-default-PROJECT-Project-B-default”.

Step 6: – Click on “View members”.

Step 7:- We can see the NSX-Segments

Step 8:- We can see the name of the segments “ProjB-DEV” & “ProjB-PROD”.

Step 9 :- Click on Ip address and we can see the associated VM’s IP address.

Step 10: – Click on segment ports and we will see the VM names and UUID.

Security: –

In the Distributed Firewall of Project-B, there are 04 rules that are created by default when the project is created. We will delve deeper into the security aspect of this in the upcoming part of our discussion. (Part 4)

Capture 13: –

Step 1: – login as an project administrator “Chris”.

Step 2: – Click on “Project-B” under project switcher.

Step 3: – Click on Security.

Step 4: – Click on Distributed Firewall under Security overview.

Step 5: – Category Specific rules.

Step 6:- Look into the application rules. There are 4 default groups under 01 default policy. In the last of the rules is “Drop”.

Step 3: – Comprehensive Overview Of All The Projects

I have compiled a comprehensive overview of all the projects, including Project-A and Project-B.

let’s thoroughly verified the Tier GW modes, connectivity with VMs, and Tier0 gateway. I am pleased to report that both projects are currently in a highly stable state with no issues to report whatsoever.

Capture 1: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on “All-Projects” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on Tier-1 Gateway.

Step 5: – We can see the Project-A Tier-GW name “T1_MT-ProjA” with HA mode “Distributed Only”, linked to MT-T0 gateway and we can also see the associated segment(ProjA-DEV & ProjA-Prod.)

Step 6: – Sep 5: – We can see the Project-B Tier-GW name “T1_MT-ProjB” with HA mode “Distributed Only”, linked to MT-T0 gateway and we can also see the associated segment(ProjB-DEV & ProjB-Prod.)

Now we will verify the segments and associated gateways.

Capture 2: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on “All-Projects” under project switcher.

Step 3: – Click on Networking.

Step 4: – Click on segments.

Step 5: – We can see the Project-A segments and connected gateways.

Step 6: – We can see the Project-B segments and connected gateways.

Now we will verify the groups.

Capture 3: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on “All-Projects” under project switcher.

Step 3: – Click on Inventory.

Step 4: – Click on groups.

Step 5: – We can see the Project-A default created group.

Step 6: – We can see the Project-B default created group.

Now we will verify the default Security policy & rules associated to both projects .

Capture 4: –

Step 1: – login as an enterprise administrator “Admin”.

Step 2: – Click on “All-Projects” under project switcher.

Step 3: – Click on Security.

Step 4: – Click on Distributed Firewall under Security overview.

Step 5: – Category Specific rules.

Step 6:- Look into the application rules.

Step 7: – We can see the Project-A default firewall policy & rules.

Step 8: – We can see the Project-B default firewall policy & rules.

Step 4: – Traffic Within A Project

To ensure the traffic flow in Project-A, let’s examine NSX Project’s default networking settings.

Capture 1: –

Step 1: – Login as a project administrator rights-“TOM”

Step 2: – Click on “Project-A” under project switcher.

Step 3: – Click on Plan & troubleshoot.

Step 4: – Click on traffic analysis.

Step 5:- Click on Get Started.

Capture 2: –

Step1: – Select the IP type —IPV4, Traffic Type —Unicast, Protocol Type-ICMP.

Step 2: – Click on the VM name from the source and select the VM.

Step 3: – Click on the VM name from the destination and select the VM.

Step 4: – Click on “Trace”.

Capture 3: –

Step 1: – We can verify the source VM”WIN-11-A”.

Step 2: – We can verify the destination VM”WIN-11-B”.

Step 3: – Source VM injected the packet on the VNIC.

Step 4: – Packet successfully delivered.

Now ,let we verify the packet flow on project-B.

Capture 1: –

Step 1: – Login as a project administrator rights-“Chris”

Step 2: – Click on “Project-B” under project switcher.

Step 3: – Click on Plan & troubleshoot.

Step 4: – Click on traffic analysis.

Step 5:- Click on Get Started.

Capture 2: –

Step1: – Select the IP type —IPV4, Traffic Type —Unicast, Protocol Type-ICMP.

Step 2: – Click on the VM name from the source and select the VM.

Step 3: – Click on the VM name from the destination and select the VM.

Step 4: – Click on “Trace”.

Capture 3: –

Conclusion

Thank you for reading. Part 4 will cover crucial topics including project security configuration and secure communication maintenance between projects. We will also explore the option of utilizing a transport zone for enhanced data plane isolation and security. Stay tuned for more valuable insights.