Mobility Optimized Networking policy route configuration settings can vary depending on the HCX deployment.
Default MON Policy Configuration
The default MON policy includes all RFC-1918 networks. This policy configuration forwards private subnet traffic (not destined to segments within the SDDC) to the on-premises router and sends internet egress traffic to the SDDC tier-0 router.
Policy Configuration for Internet Egress On-premises
For MON deployments where security policies require internet access on-premises, replace the default MON Policy Configuration:
Remove the default RFC-1918 entries from the Policy Routes interface.
Add a single Allow entry for network 0.0.0.0/0.
This policy configuration forwards private subnet traffic (not destined to segments within the SDDC) to the on-premises router and internet egress traffic, while maintaining routing symmetry.
Policy Configuration for Cloud Services
MON policy routing can be revised to achieve cloud service reachability.
-
Configure the IP address ranges for the cloud based service as Deny entries (exclusions) to the MON Policy.
-
Deny entries are sent to the SDDC tier-1 router.