VMware HCX is a powerful migration solution, though setting it up can be confusing. An HCX Service Mesh is the heart-and-soul of a migration. It connects the on-premises source and the cloud destination, as well as defines which services the user can leverage to perform the migration. A Service Mesh is composed of a few “building blocks”: the Site Connection, the Network Profile, and the Compute Profile. Today, I will dive into the Network Profile.
What is a Network Profile?
According to VMware, an HCX Network Profile “contains information about the underlying networks and allows networks and IP addresses to be pre-allocated before creating a Service Mesh”1. In other words, a Network Profile contains information about the internal vSphere network and instructs HCX on how packets should flow during migration. It is one component of the Service Mesh and the component I recommend configuring first.
There are four types of network profiles:
- HCX Uplink
- HCX Management
- HCX vMotion
- HCX Replication
The HCX uplink is a network profile that controls traffic flow from the HCX Appliances at the source to the destination. All replication, vMotion, and layer 2 network extension traffic eventually flow through the uplink to reach the device on the other side of the Service Mesh. Since it controls the path from source to destination (or destination to source), it needs to have a route to the peer device, and it must have firewall ports open. The exact firewall ports required are listed during the Service Mesh creation, though a complete list is available at VMware HCX – VMware Ports and Protocols.
The HCX management network profile provides network connectivity between HCX Manager and vCenter Server. This profile can be configured in the same VLAN as vCenter Server or a VLAN with layer 3 connectivity to vCenter Server. This port group issues the API calls to vCenter Server to begin replication, start vMotion, power off VMs, and perform other critical tasks.
The HCX vMotion profile connects the Interconnect Appliance to the ESXi host vMotion VMKernel port. It must be in a port group with direct access to the vMotion network. In my experience, the vMotion VLAN is not routable, so the HCX vMotion network profile is placed into the vMotion network port group directly.
An engineer would create an HCX Replication network profile when a customer has a dedicated replication network configured for their ESXi hosts. If there is no dedicated replication network, the HCX Management network profile provides replication traffic access.
Configuring the Network Profiles is critical to the successful creation of a Service Mesh. I always configure them first because the Compute Profile requires network profiles, so it makes sense to dedicate the time to configure them properly. A production deployment typically requires three Network Profiles but could require many more. As with everything in architecture, it depends on the situation and condition of the network. Next, I will address Compute Profiles and how Network Profiles contribute to a complete solution.