Slow Migrations Or HCX Tunnel Down When Configuring The HCX Appliances To Use The Policy Based or Route Based VPN
Article ID: 345375
Updated On:
Products
Issue/Introduction
- The HCX Interconnect and Network Extension Tunnels frequently flop between Down and Up.
- The transfer speed(s) are slower than they should be.
Cause
Configuring an HCX tunnel over a VPN is not supported - HCX Services for VMware Cloud on AWS
-
Site pairing with HCX Cloud Manager is established through Internet network (INET), AWS Direct Connect, or VPN connections.
-
HCX Interconnect and HCX Network Extension tunnels are established through INET and AWS Direct Connect only. Connectivity through a VPN tunnel terminated on the NSX Edge for the SDDC is not supported.
Resolution
To resolve this issue, the Site Pair and Service Mesh will need to be re-created, and the SDDC VPN Configuration will need to be altered to exclude any IP addresses used by the HCX Manager or Appliances:
First, if the network is stretched, un-stretch it. Delete the Service Mesh, and remove the Site Pairing.
Once the Site Pairing has been removed, navigate to the SDDC Network and Security page > VPN, and if using a Policy Based VPN, remove the HCX IP range (the IPs of the HCX Manager/Interconnect/Network Extension) from the "Remote Networks" field. Suppose using a Route Based VPN, unadvertise the HCX IP range.
Validate that none of the IPs available to the HCX Manager and Appliances are listed in the VPN.
After re-configuring the VPN Tunnel, re-create the Site Pairing and the Service Mesh.
To test the available bandwidth of the HCX Tunnels, please refer to Steps to Run Perftest in HCX
Additional Information
Impact/Risks:
- If the Network is stretched, it will need to be unstretched.
- The Service Mesh will need to be re-created.
- The Site Pair will need to be re-created.
Feedback
