HCX Network Extension is allowed or prevented under certain conditions.
Detected and Restricted Source Network Types
The HCX Network Extension service detects and prevents several non-supported Network Extension scenarios (items are dimmed in the Network Extension UI):
vSphere infrastructure networks (ESXi VMkernel networks).
HCX Network Profile networks (Distributed Port Groups or Segments selected in a Network Profile).
Untagged Distributed Port Groups (Distributed Port Groups with VLAN type None, ID 0 or NULL).
Private VLAN (PVLAN) networks.
vCenter Server backed Port Groups configured with ephemeral binding cannot be extended.
- NSX-T logical switches.
Unsupported Source Configurations
HCX Network Extension does not support the following source configurations:
vSphere Standard Switch (vSS) networks.
Cisco Nexus 1000v or other third-party switches.
Cisco Application Centric Infrastructure (ACI) with VMware Virtual Machine Monitor (VMM).
Virtual machine networks must only be extended with a single solution. HCX does not support Network Extension for networks already extended to the same NSX router by an external solution. For example, either HCX Network Extension or NSX L2 VPN can be used to provide connectivity, but both must not be used simultaneously. Using multiple bridging solutions simultaneously can result in a network outage.
Virtual machine networks with shared or overlapping VLAN configurations must not be extended to the same destination router. This can result in a network outage.
Secondary subnets in a single layer-2 network.
- NSX-T Global Federation configurations.
HCX does not integrate with the NSX Global Manager for extending networks (only the NSX Local Manager).
Unsupported Destination Configurations
HCX Network Extension does not support the following destination configurations:
NSX-T Global Federation configurations.
HCX does not integrate with the NSX Global Manager for extending networks (only the NSX Local Manager).
NSX-V at the cloud is unsupported for HCX Cloud Manager.
Additional Considerations
HCX supports extending the same network to a maximum of 3 distinct destinations or routers.
One Network Extension configuration cannot be extended multiple times to the same destination router.
Daisy-chain "L" network extension (extending extensions) is only supported to one additional environment in the same data center, public cloud provider, and region.
Daisy-chain extension is not supported with source networks based on NSX distributed routing.
Daisy-chain extension can lower end-to-end network performance due to the combined latency and additional layer of packet and encryption processing.
One Network Extension appliance can only connect to one Distributed Virtual Switch or NSX Transport Zone.
Networks can only be extended between one appliance pair (source and destination appliances) per site, and multiple network appliances cannot be used to increase throughput.
Network Extension does not detect or mitigate loops.
Virtual machine networks that span more than one vCenter Server must not be extended from more than one vCenter to the same destination router. This can result in a network outage.
Network Extension does not detect or mitigate IP conflicts.
Network Extension does not detect or mitigate MAC conflicts.
For a cloud/site pair, a given network can be extended through only one appliance and is subject to the resource and the performance limitations of that appliance.
Network Extension connects to an existing segment on the target site if it has the same gateway IP and Prefix configured for the extension, and it disconnects the NSX router interface from the network. If the NSX tier-1 router interface was previously connected and in service, all communication to the gateway on that cloud network is disrupted.
NSX-T Overlay and NSX-T VLAN networks can be extended. These extensions are always created as NSX Overlay networks at the destination. HCX Network Extension is always to NSX Overlay networks. Pre-created segments in the vSphere Distributed Switch, CVDS, or VLAN transport zone, cannot be used as a destination.
VMware NSX Traceflow does not work with extended networks.