Designlet: HCX Network Extension on Oracle Cloud VMware Solution


HCX Network Extension (NE) provides a Layer 2 VPN (L2VPN) to extend a broadcast domain from a customer site into an Oracle Cloud VMware Solution (OCVS) based SDDC. NE functionality is provided by a dedicated virtual appliance at both sites.

Summary and Considerations

Use Case

NE is used to provide Layer 2 adjacency between VMs/physical servers at the customer’s site(s) and VMs that have been migrated to OCVS.

  • Provides stopgap to facilitate communication between VMs in the same VLAN/port group while migrations are occurring.
  • NE is especially useful for customers who are not able to re-IP VMs during the migration process.


  • Working HCX deployment and service mesh
  • Source Site vSphere 6.0+
  • Source Site vDS version 5.1.0 or higher required for extending vDS-based networks
  • Source Site NSX-T 2.4.0+
  • Source Site NSX-V 6.4.4 or higher required for extending NSX-V-based networks
  • OCVS SDDC vSphere 6.5+
  • OCVS SDDC NSX-T 2.5.0+

General Considerations/Recommendations

  • A single NE appliance can extend up to 8 networks. HCX manager supports up to 100 NE appliances.
  • Networks can be extended to a maximum of 3 destinations.
  • The default gateway for an extended network exists at the customer site. This can lead to sub-optimal routing for cloud based VMs.
  • Do not extend networks used for HCX network profiles, vSphere management networks, or other VMkernel networks (e.g., vMotion/vSAN).
  • NE does not detect or mitigate network loops or IP/MAC conflicts.
  • NE is a tunnel-based technology, which encapsulates traffic between sites. Depending on the MTU of networks in use, packet fragmentation can occur. HCX Traffic Engineering can be used to optimize TCP MSS and reduce fragmentation between VMs connected via NE.
  • Extending vSS-based networks is not supported.

Performance Considerations

An NE appliance is capable of 4-6 Gbps throughput. Additional appliances can be deployed to scale throughput.

Cost Implications

Data center provider may charge for connectivity. No separate charges for inbound or outbound data transfer.

Document Reference

Extending Networks with VMware HCX

Last Updated

March 2021



HCX Network Extension (NE) provides a Layer 2 VPN between a customer site and an Oracle based SDDC. This service is fully integrated into HCX and provides functionality similar to the NSX L2 VPN. Using an alternative bridging solution, like NSX L2 VPN, is not supported for use with NE, so you should use a single L2 extension technology for your migration or disaster recovery needs.

HCX NE appliances are deployed as a pair, with one running at the source site and the other at the destination site. The encrypted tunnel between NE appliances uses UDP port 4500. If there are any firewalls in the path between appliances, it should be configured to allow communication between the appliances on these ports.

NE is an optional service, and customers should understand the pros and cons involved with using it. There are alternatives to using NE, like assigning new IPs to VMs as they are migrated or moving a network with all attached VMs to the cloud in a single migration event. NE is a valuable tool when neither of these options is feasible. While the NE appliance is designed for reliability and quick boot, it is not highly available (vSphere High Availability can be used to mitigate this concern.) Additionally, HCX 4.0 includes an in-service upgrade option for NE appliances, which significantly reduces the downtime from a software upgrade to a matter of seconds.

Diagram, schematic</p>
<p>Description automatically generated


Eligible networks can be extended via the HCX Manager UI. Follow these steps to extend a network:

  1. In the HCX On-Premises Manager UI, navigate to Services > Network Extension. Any existing network extensions are displayed on this screen.
  2. Select Extend Networks, Create A Network Extension.
  3. If you have multiple service meshes, select the appropriate service mesh from the dropdown.
  4. Select the network(s) you want to extend and click Next.
  5. Using the dropdowns, select the NSX-T tier-1 router that the extended network(s) will be attached to, and the NE appliance to use.
  6. Provide the gateway IP address and prefix length in CIDR format (e.g., for the network being extended, and click Submit.

HCX will begin the process of extending the network. A status of Extension complete will appear for the network once the network is extended. To verify NE is working, migrate a VM that is connected to an extended network. Once migrated, verify communication is working between the migrated VM and a local VM in the same network. A simple ping should show increased latency to a migrated VM, indicating that the traffic is being transported across the L2VPN tunnel.

You can view information and metrics about extended networks, including local/remote MAC addresses and amount of data transferred. To view network extension details, follow these steps:

  1. Navigate to Infrastructure > Interconnect
  2. Under the appropriate service mesh, Click View Appliances
  3. Expand the desired network extension appliance and click Network Extension details
  4. To view metrics and information for a specific network, click Show More Details

Authors and Contributors

  • Jason McKenzie, Senior Cloud Solutions Architect, Workload Mobility, VMware




Filter Tags

Cloud Migration DC Extension HCX Networking Oracle Cloud VMware Solution Document Technical Guide Intermediate Design