In a VMware Cloud (VMC) on AWS environment, you may encounter a failure while deploying an HCX Service Mesh from the on-premises site.

• The deployment fails with the error: `Service Insertion config not found, while configuring logical switches!`.
• This error is visible in the HCX Connector Manager UI (on-premises) under Interconnect > Service Mesh > Tasks.
  
  
  
  
• Or the following error may occur:
  
  "Service Mesh creation failed. Process Service Mesh failed. Interconnect Service Workflow ConfigureServicensertionForAppliance failed. Error: Service Insertion config not found, while configuring logical switches!, Service insertion config not found, while configuring logical switches!not found, while configuring logical switches!"



Product: VMware HCX
Platform: VMware Cloud (VMC) on AWS

The error occurs when an incorrect Uplink network (such as the Mgmt-app-network profile) is selected in the HCX Compute Profile at the VMC site. This prevents the Service Mesh from identifying a valid configuration for logical switches during deployment.

To resolve this issue, you must ensure the correct Uplink network is selected in the HCX Cloud Manager UI at the VMC for AWS Cloud site.

1. Access the HCX Cloud Manager UI at the VMC site.
2. Go to Interconnect > Compute Profile 
3. Modify the HCX Compute Profile and update the Uplink network selection based on your deployment type:
   • For Direct Connect (DX) Deployments: Select the "directConnectNetwork1" Network Profile.
   • For externalNetwork Deployments: Select the "externalNetwork" Network Profile.
4. Avoid using the "Mgmt-app-network" Profile for the Uplink network.
5. Validate the configuration by reviewing the following:
   
   Interconnect > Network Profiles
   
   
   
   Interconnect > Compute Profiles
   
   
   
   Interconnect > Service Mesh
   
   

1. For Direct Connect (DX) Deployments:
   
   Ensure the IP address range (CIDR) configured for the directConnectNetwork1 Network Profile does not overlap with the VMware Cloud (VMC) on AWS management subnet CIDR block or any other IP address range already in use for services in the VMC. Overlap can cause routing and network reachability issues for those other components. The CIDR used should be large enough so that each HCX Interconnect or Network Extension (IX/NE) appliance deployed at the VMC cloud site can be assigned an IP address. Also ensure the same CIDR is not used in the on-premise environment.
   
   Existing Segment IP ranges used in the VMC can be checked from the VMware Cloud Console UI by selecting:
   
   Network & Security > Segments > Segment List
   
   
   
   The CIDR used should only be configured in the directConnectNetwork1 Network Profile. It must not be configured as a network segment within the VMC SDDC. After creation in the directConnectNetwork1 Network Profile this new network will be advertised via BGP over the Direct Connect (DX) to the on-premise site. This can be checked from the VMware Cloud Console UI by selecting:
   
   Network & Security > Direct Connect
   
   
   
   
   
2. For externalNetwork Deployments:
   
   Ensure the IP addresses configured in the externalNetwork Network Profile are taken from the Public IPs list found in the VMware Cloud Console UI. The Public IPs can be found on the VMware Cloud Console UI by selecting: 
   
   Network & Security > Public IPs
   
   The "REQUEST NEW IP" button can be used to generate additional Public IPs if required. The IP address list configured in the externalNetwork Network Profile should be large enough so that each HCX Interconnect or Network Extension (IX/NE) appliance deployed at the VMC cloud site can be assigned an IP address.