Designlet: HCX Network Extension for Azure VMware Solution
HCX Network Extension (NE) provides a Layer 2 VPN (L2VPN) to extend a broadcast domain from a customer site into an Azure VMware Solution private cloud. HCX NE functionality is provided by a dedicated virtual appliance at both sites.
Summary and Considerations
Planning and Implementation
VMware HCX Network Extension (NE) provides a Layer 2 VPN between a customer site and an Azure VMware Solution private cloud. This service is fully integrated into HCX and provides functionality similar to the NSX L2 VPN. Using an alternative bridging solution, like NSX L2 VPN, is not supported for use with HCX NE. Customers should settle on a single L2 extension technology that meets their migration or disaster recovery needs.
HCX NE appliances are deployed as a pair, with one running at the source site and the other at the destination site. The encrypted tunnel between HCX NE appliances uses UDP ports 500 and 4500. If there are any firewalls in the path between appliances, it should be configured to allow communication between the appliances on these ports.
HCX NE is an optional service, and customers should understand the pros and cons involved with using it. There are alternatives to using HCX NE, like assigning new IPs to VMs as they are migrated or moving a network with all attached VMs to the cloud in a single migration event. HCX NE is a valuable tool when neither of these options is feasible. While the HCX NE appliance is designed for reliability and quick boot, it is not highly available (vSphere High Availability can be used to mitigate this concern.) Additionally, HCX 4.X (starting with HCX 4.0) includes an in-service upgrade option for HCX NE appliances, which significantly reduces the downtime from a software upgrade to a matter of seconds.
Using HCX NE with other HCX services can provide performance benefits and optimizations to traffic flow. HCX Traffic Engineering performs TCP Flow Conditioning, which dynamically adjusts MSS to reduce fragmentation for NE traffic. HCX Mobility Optimized Networking provides optimized traffic flows for VMs that are attached to an extended network and have been migrated to an Azure VMware Solution private cloud.
Figure 1: Example HCX Service Mesh with Network Extension
Eligible networks can be extended via the HCX Manager UI. Follow the steps below to extend a network.
The following steps can be completed using the HCX plugin the vSphere Client or HCX Client
- In the HCX Manager UI, navigate to Services > Network Extension. Any existing network extensions are displayed on this screen.
- Select Extend Networks
- If multiple HCX service meshes exist, select the appropriate service mesh from the dropdown
- Select the appropriate network(s) to extend, and click Next
- Using the dropdowns, select the NSX-T tier-1 router that the extended network(s) will be attached to, and the HCX NE appliance to use
- Provide the gateway IP address and prefix length in CIDR format (e.g., 192.168.10.1/24), and click Submit
HCX will begin the process of extending the network. A status of Extension complete will appear for the network once the network is extended. To verify HCX NE is working, migrate a VM that is connected to an extended network. Once migrated, verify communication is working between the migrated VM and a local VM in the same network. A simple ping should show increased latency to a migrated VM, indicating that the traffic is being transported across the L2VPN tunnel.
Network Extension Details
VMware HCX provides the capability to view information and metrics about extended networks, including local/remote MAC addresses and amount of data transferred.
To view network extension details, follow these steps:
- Navigate to Infrastructure > Interconnect
- Under the appropriate service mesh, Click View Appliances
- Expand the desired network extension appliance, and click Network Extension details
- To view metrics and information for a specific network, click Show More Details