• Virtual machine connectivity fails when HCX MTU is configured above 1350 bytes
• PMTU (Path MTU) tests do not complete successfully for higher MTU values
• HCX services may appear healthy, but workload communication fails
• Bulk migration / vMotion / Network Extension traffic may be impacted
• Connectivity is restored after reducing MTU (for example, to 1500 or lower)

VMware HCX

This issue occurs due to a Path MTU mismatch between HCX configuration and the underlying network.

HCX uses encapsulation (such as IPsec and UDP-based tunnels), which adds overhead to packets. When HCX MTU is configured higher than what the network path supports:

• Packets exceed the allowable size on intermediate devices (WAN, firewall, etc.)
• Fragmented packets may be dropped
• Path MTU Discovery (PMTUD) may fail if ICMP is blocked
• This results in packet loss and connectivity failure

Resolution

To resolve the issue:

1. Adjust HCX MTU
   • Configure HCX MTU to a value supported by the network path (e.g., 1500 or lower)
2. Ensure MTU Consistency
   • Verify MTU settings are consistent across:
     • HCX Source and Destination
     • ESXi vmkernel interfaces
     • Physical network (switches, routers, WAN)
     • Firewalls
3. Resynchronize Service Mesh
   • After making MTU changes, perform a Service Mesh resync on both HCX sites
4. Validate Connectivity
   • Re-test VM communication and HCX services after changes

• Avoid configuring MTU values higher than the supported end-to-end network MTU unless jumbo frames are fully enabled across all network components
• Ensure ICMP traffic is allowed for proper Path MTU Discovery
• Where possible, use dedicated vmkernel interfaces for HCX traffic types (e.g., vSphere Replication, vMotion) to improve performance and isolation