HCX Network Extension is allowed or prevented under certain conditions.

Detected and Restricted Source Network Types

The HCX Network Extension service detects and prevents several non-supported Network Extension scenarios (items are dimmed in the Network Extension UI):

  • vSphere infrastructure networks (ESXi VMkernel networks).

  • HCX Network Profile networks (Distributed Port Groups or Segments selected in a Network Profile).

  • Untagged Distributed Port Groups (Distributed Port Groups with VLAN type None, ID 0 or NULL).

  • Private VLAN (PVLAN) networks.

  • vCenter Server backed Port Groups configured with ephemeral binding cannot be extended.

  • NSX-T logical switches.

Unsupported Source Configurations

HCX Network Extension does not support the following source configurations:

  • vSphere Standard Switch (vSS) networks.

  • Cisco Nexus 1000v or other third-party switches.

  • Cisco Application Centric Infrastructure (ACI) with VMware Virtual Machine Monitor (VMM).

  • Virtual machine networks must only be extended with a single solution. HCX does not support Network Extension for networks already extended to the same NSX router by an external solution. For example, either HCX Network Extension or NSX L2 VPN can be used to provide connectivity, but both must not be used simultaneously. Using multiple bridging solutions simultaneously can result in a network outage.

  • Virtual machine networks with shared or overlapping VLAN configurations must not be extended to the same destination router. This can result in a network outage.

  • Secondary subnets in a single layer-2 network.

  • NSX-T Global Federation configurations.

    HCX does not integrate with the NSX Global Manager for extending networks (only the NSX Local Manager).

Unsupported Destination Configurations

HCX Network Extension does not support the following destination configurations:

  • NSX-T Global Federation configurations.

    HCX does not integrate with the NSX Global Manager for extending networks (only the NSX Local Manager).

  • NSX-V at the cloud is unsupported for HCX Cloud Manager.

  • VMware Cloud Director enabled with data center group networking backed by NSX.

Additional Considerations

  • HCX supports extending the same network to a maximum of 3 distinct destinations or routers.

  • One Network Extension configuration cannot be extended multiple times to the same destination router.

  • Daisy-chain "L" network extension (extending extensions) is only supported to one additional environment in the same data center, public cloud provider, and region.

    • Daisy-chain extension is not supported with source networks based on NSX distributed routing.

    • Daisy-chain extension can lower end-to-end network performance due to the combined latency and additional layer of packet and encryption processing.

  • One Network Extension appliance can only connect to one Distributed Virtual Switch or NSX Transport Zone.

  • Networks can only be extended between one appliance pair (source and destination appliances) per site, and multiple network appliances cannot be used to increase throughput.

  • Network Extension does not detect or mitigate loops.

  • Virtual machine networks that span more than one vCenter Server must not be extended from more than one vCenter to the same destination router. This can result in a network outage.

  • Network Extension does not detect or mitigate IP conflicts.

  • Network Extension does not detect or mitigate MAC conflicts.

  • For a cloud/site pair, a given network can be extended through only one appliance and is subject to the resource and the performance limitations of that appliance.

  • Network Extension connects to an existing segment on the target site if it has the same gateway IP and Prefix configured for the extension, and it disconnects the NSX router interface from the network. If the NSX tier-1 router interface was previously connected and in service, all communication to the gateway on that cloud network is disrupted.

  • NSX-T Overlay and NSX-T VLAN networks can be extended. These extensions are always created as NSX Overlay networks at the destination. HCX Network Extension is always to NSX Overlay networks. Pre-created segments in the vSphere Distributed Switch, CVDS, or VLAN transport zone, cannot be used as a destination.

  • VMware NSX Traceflow does not work with extended networks.

  • During disaster recovery (DR) events when the onpremises site is not available or powered off, the existing extended networks are required to be unextended from target/Cloud Network Extension (NE) wizard to ensure Cloud NSX DLR is connected for all extended segments where migrated cloud VMs are hosted.

    Follow the below practices to avoid downtime as much as possible:

    • Once the onpremise HCX Manager/NE Appliances are powered off or no longer accessible during the DR event, refer to the destination HCX Cloud Manager dashboard and verify if the site pair status is showing Disconnected (connection from the remote site may be down).
    • Go to destination HCX NE wizard, and perform “Force Unextend Network” for segments one at a time.
      Note: Do not trigger the standard unextension workflow, which is designed to be functional when both sites are Up and running.

      Image of Network Extension popup window with selections for Unextending and Force Unextending an extended network.

    Important: During DR events, the impact will be low if existing extended segments already have the HCX MON (Mobility Optimized Networking) feature enabled, which makes Cloud NSX DLR to be CONNECTED for extended segments and helps provide E-W routing between two cloud VMs (depending upon user configured policy-routes). Refer to Knowledge Base Article 83375 for more info.
    Note: For VMware Cloud on AWS specific deployments, MON may not help to optimize traffic between extended segments that are not directly connected to the same Tier-1 router.