HCX provides options for Network Extension upgrade or redeployment that help to minimize service downtime and disruptions to on-going L2 traffic.
The Network Extension appliance is a critical component of many HCX deployments, not only during migration but post migration as extended networks continue to be used after migration in a hybrid environment. HCX operations using extended networks can be impacted during Network Extension appliance upgrades or when a change to the HCX Compute Profile or Service Mesh requires redeploying the Network Extension appliance.
Network Extension appliances are available for In-Service or Standard (default) upgrade.
In-Service upgrade is not available for Network Extension High Availability (HA) groups. HA groups use the failover process to complete the upgrade. In this case, the Standby pair is upgraded first. After the Standby upgrade finishes, a switchover occurs and the Standby pair takes on the Active role. At that point, the previously Active pair is upgraded and takes on the Standby role.
With an In-Service upgrade or redeployment, the following high-level workflow applies:
A new appliance is provisioned at the source and destination site.
New Uplink and Management IP addresses are reserved for each new Network Extension appliance.
NICs on the new appliances are connected, including NICs for extended networks, except the NIC connection state is flagged as Down.
Secure tunnel connections are established between sites.
Old appliance Bridge NICs are disconnected. New Appliances Bridge NICs are connected.
The old appliance is deleted. IP addresses used for the old appliance are released and made available.
As a result of this workflow, switchover from the old appliance to the new appliance requires only minimal action and can happen within a few seconds or less. The actual time it takes to return to forwarding traffic depends on the overall environment.
With a Standard upgrade or redeployment of the Network Extension appliance, the new appliances use the same Uplink and Management IP addresses as the existing appliance. Using the same IP addresses means that HCX must disconnect the existing appliance so that the IP addresses are available for the new appliance. In this case, tunnel connections are established only after switchover happens, requiring 30 seconds or more to re-establish data traffic across extended networks.
Network Extension upgrade or redeployment operations display a pop-up window with the option for In-Service or Standard mode deployment.
For more information about upgrading HCX appliances, see Updating VMware HCX.
The following prerequisites apply for In-Service upgrade or deployment.
In the event that the prerequisites for In-Service mode are not met, use Standard mode to complete Network Appliance upgrade or redeployment operations.
Existing HCX-NET-EXT appliances must be running HCX 4.0 or later. This feature cannot be used while upgrading from HCX 3.5.x to HCX 4.0.
Appliance tunnels must be in Up state as shown by navigating to. Appliances with Down or Degraded tunnels are not supported.
HCX Manager must be able to reach HCX-NET-EXT appliances via the management network.
For each Network Appliance, free IP addresses are available in both the HCX Management and Uplink Network profile address pools during the Upgrade or Redeploy process. For example, upgrading three Network Extension appliances at the same time requires three available Management IP addresses and three available Uplink IP addresses. Once the process completes, the IP addresses used by the previous appliance are released.
- Select the Network Extension appliances for update or deployment.
- Click Update or Redeploy.
The selections that appears depends on the operation being performed. The option for selecting Standard or In-Service mode can appear when updating or redeploying the Network Extension appliances from either the Service Mesh View Appliances or View Topology window, or from the Service Mesh Edit or Resync window. The following are examples of the update and deployment windows.
In the following Update Appliances screen example, NE-I1 is a standalone appliance that supports In-Service upgrade:
In the following Redeployment Appliance screen example, NE-I1 is a standalone appliance that supports In-Service upgrade, while NE-I5 is part of an HA group with no support for In-Service upgrade.
- Depending on the operation, click Update or Redeploy.
What to do next
Verify the Update or deployment task by navigating to. After the task completes, check that the tunnel status is Up.