IMPORTANT: Make sure to collect ping and traceroute results before enabling MON
-
Enable HCX MON on the Network Extension.
-
Enable MON on the VM’s that will use the AVS “NSX” default-gateway. Make sure you choose the correct VMs and choose the correct "Target Router Location". This is your NSX T1 router that you are using in AVS. This step will also inject a host route for the VM for ingress AVS traffic destined to the VM.
-
Modify the HCX Policy Route. You can find the Policy Route where it says “Advanced”
You will then see the option to add HCX Policy Routes
-
Please adhere to the HCX Policy Routes outlined below to ensure best practices for AVS.
If a destination IP matches and is set to "allow" in the Mobility Optimized Networking (MON) policy configuration, then two actions occur. First, the packet is identified. Second, its sent to the on-premises gateway through the HCX Network Extension appliance.
If a destination IP doesn't match or is set to "deny" in the Mobility Optimized Networking (MON) policy, the system sends the packet to the Azure VMware Solution Tier-0 for routing.
5 . Once all the steps are complete, be sure to test it with Ping and Traceroute. You can compare the ping and traceroute results with the results you collected before enabling MON. You should also be able to test to see if you are now accessing the Internet from within Azure.
I've attached two links below if you'd like to go into more detail about MON.
https://docs.vmware.com/en/VMware-HCX/4.3/hcx-user-guide/GUID-73125E78-3428-4B7B-BACD-6332444A5D6B.html
https://docs.vmware.com/en/VMware-HCX/4.3/hcx-user-guide/GUID-F45B1DB5-C640-4A75-AEC5-45C58B1C9D63.html