Mobility Optimized Networking policy route configuration settings can vary depending on the HCX deployment.

Important: The examples in this section are generalized approaches that might not be suitable for all deployments. The policy route configuration defines how routed traffic is forwarded for MON enabled virtual machines. The configurations should be well understood in the context of the site to site routing design. Incorrect configurations can result in disrupted traffic for the MON enabled virtual machines.

Default MON Policy Configuration

The default MON policy includes all RFC-1918 networks. This policy configuration forwards private subnet traffic (not destined to segments within the SDDC) to the on-premises router and sends internet egress traffic to the SDDC tier-0 router.

Policy Configuration for Internet Egress On-premises

For MON deployments where security policies require internet access on-premises, replace the default MON Policy Configuration:

  • Remove the default RFC-1918 entries from the Policy Routes interface.

  • Add a single Allow entry for network 0.0.0.0/0.

    This policy configuration forwards private subnet traffic (not destined to segments within the SDDC) to the on-premises router and internet egress traffic, while maintaining routing symmetry.

Policy Configuration for Cloud Services

MON policy routing can be revised to achieve cloud service reachability.

  • Configure the IP address ranges for the cloud based service as Deny entries (exclusions) to the MON Policy.

  • Deny entries are sent to the SDDC tier-1 router.

    ""