The Network Profile is an abstraction of a Distributed Port group, Standard Port group, or NSX Logical Switch, and the Layer 3 properties of that network. A Network Profile is a sub-component of a complete Compute Profile.

Create a Network Profile for each network you intend to use with the HCX services. You select these network profiles when creating a Compute Profile.

Note:

Although a Network Profile can be assigned any of the functions during the Compute Profile configuration, consider creating a separate profile for each function as a best practice.

Note: In Federated NSX environments, the NSX Global Manager populates local NSX managers with all global network segments known to the Global Manager. These networks are flagged in HCX as Global Networks in the HCX inventory, and become available for use for Bulk, RAV, and vMotion migrations. These global segments, however, are not supported for HCX Interconnect configuration, meaning Network Profile and Compute Profile creation with Global Segments or Global transport Zones.
Network Description
Management HCX Interconnect (HCX-IX) appliances use this network to communicate with management systems like the HCX Manager, vCenter Server, ESXi Management, NSX Manager, DNS, and NTP.
Uplink (External) HCX HCX-IX appliances use this network for WAN communication between source and destination sites.
vMotion HCX HCX-IX appliances use this network for the traffic exclusive to vMotion protocol operations.
Note: Configuring this network does not include the vMotion NFC traffic. HCX always uses its Management interface for vMotion NFC traffic.
vSphere Replication (Bulk Migration Service) HCX HCX-IX appliances use this network for the traffic exclusive to vSphere Replication.
Note: In deployments where ESXi servers use a dedicated VMkernel configuration for vSphere Replication services, the HCX Interconnect uses a Network Profile configuration dedicated to the vSphere Replication traffic. This configuration does not include the vSphere Replication NFC traffic. HCX always uses its Management interface for vSphere Replication NFC traffic.
Sentinel Guest Network (for OS Assisted Migration) The Sentinel Gateway appliances use this vSphere network to connect with non-vSphere virtual machines.
HCX Intrasite Control

HCX network used for communication between the HCX-IX and WAN Optimization appliances, offloading task from the Management Network.

Configuring this network is optional. If no network is configured, HCX uses these predetermined entries:

  • If HCX is registered with NSX, HCX creates an isolated control network per Service Mesh with an internal subnet of 198.18.xx.xx.
  • If NSX is not registered with HCX, then HCX uses the Management network for the intrasite control backing but with an internal subnet 198.18.xx.xx.

If you manually configure the Intrasite Control network, HCX uses that network irrespective of whether NSX is registered with HCX.
Important:

When creating a separate Network Profile for vMotion or vSphere Replication services, although the option is available to configure a GW as a standard Network Profile, traffic for those services use only the default GW in the Management Network Profile to attempt to access resources in a different subnet. If ESXi resources are not L2 adjacent to the IX appliance on those networks, there is a requirement to configure “Static Routes” as part of the “Advance Configurations” option in the Compute Profile to ensure traffic is directed to the default GW on those networks.

Prerequisites

  • The HCX Manager is deployed and activated for each site.

  • Use the planned network configurations prepared using the checklist described in Getting Started with VMware HCX.

Procedure

  1. Log in to the HCX Manager:
    https://hcx-ip-fqdn
  2. From the HCX Console, navigate to Interconnect > Network Profiles.
    The system displays all the defined Network Profiles. If no profiles have been configured, the system highlights the Create Network Profile option.
  3. Click Create Network Profile.
    Shows the Create Network Profile button highlighted in the Interconnect interface.
  4. Select a vCenter Server and existing Network.
    1. Select a vCenter Server from the drop-down menu.
    2. Select Distributed Port Group, Standard Switch Port Group, NSX Logical Switch, or External Network to filter the available networks by type.
      Note: Additional options to create a Network Profile backed by a VMware Cloud Director External Network display only in VMware Cloud Director deployments.
    3. Select one of the available networks.
      To view additional networks, use the pagination at the bottom of the displayed list.
      Create Network Profile screen with fields for vCenter, Network, Name, IP Pools, MTU, and HCX traffic type. An asterisk marks mandatory items.
  5. Name the Network Profile.
  6. Provide the IP address pool details for the network profile.
    1. Provide an IP address range available for the HCX appliances. Use a comma to separate multiple discontiguous ranges within the same subnet.
    2. Enter the Prefix Length for the network containing the IP ranges provided.
    3. Enter the Default Gateway Address for the network.
    4. Specify the DNS server information.
  7. Enter the MTU value.
  8. (Optional) Using the check boxes, associate one or more suggested traffic types with the network selection: Management, HCX Uplink, vSphere Replication, vMotion, Sentinel Guest Network.
    The traffic type selection appears as a suggestion of which networks to use when creating the Compute Profile. It does not prevent the network from being used for other types of network traffic.
  9. (Optional) Use the checkbox to verify the underlying network is secure.
    This setting applies to Uplink networks only. For other types, this setting is ignored. It indicates that the underlying network might not require encryption for a given HCX service. You might check this box if the Uplink network is part of a fully private data center or when using direct connect networks.

    This setting works in conjunction with the Service Mesh Traffic Engineering selections and is required before deactivating encryption for Network Extension and migration services. If not selected, Network Extension and migration data traffic is encrypted by default.

  10. To complete the Network Profile configuration, click Create.

What to do next

Go to Create a Compute Profile.
Note: To edit an existing Network Profile, navigate to the specific Network Profile and click Edit.