Service Mesh for AVS

Question

Service Mesh for AVS

Sumit bnd 40

Hi Team,

I have a requirement to migrate VMs from on-prem to Azure VMware Solution (AVS). In our on-prem environment, we have a single vCenter server managing two separate clusters — one located in Melbourne and the other in Sydney. Each cluster is configured with distinct Management and vMotion networks.

Given this setup, I would like to confirm the correct approach for network and service mesh configuration. Based on my understanding, I will need to:

Deploy two separate service meshes (one for each cluster), and

Create two network profiles and two compute profiles accordingly to match the network configurations of Melbourne and Sydney clusters.

Could you please confirm if this approach is correct, or advise if there’s a more efficient alternative

if its possible, can i extend the same VLAN from the service mesh network extension

Sumit bnd 40 Reputation points

2025-05-13T02:33:21.26+00:00

Thank you @Mounika Reddy Anumandla for the reply. if i extend the VLAN from one cluster will it work for another cluster as both clusters have the same VLAN ? do i need to deploy the network extensions for another one if i am extending the same vlan ?
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-13T11:53:06.1866667+00:00

Hi Sumit bnd,

As per my understanding, extending a VLAN across multiple clusters, even if they share the same VLAN ID, doesn't automatically guarantee functionality. It depends on the network architecture and the specific technologies used for VLAN extension. You'll need a method to bridge the VLANs between clusters, such as a Layer 2 VPN (L2VPN) or a VLAN-aware network fabric.

HCX does not support extending the same VLAN from multiple NE appliances.

Doing so may cause: Duplicate MAC addresses, Broadcast storms, Network instability in AVS and on-prem, Unpredictable behavior in vSphere and AVS.

Verify inter-cluster connectivity before migrating VMs from Sydney.

Optionally, test with a dummy VM migration from Sydney using the extended network to confirm it works.

Hope it helps!

Let me know if you have any further queries!

If the information is helpful, please click "upvote" to let us know!
Sumit bnd 40 Reputation points

2025-05-13T23:22:39.23+00:00

Thank you @Mounika Reddy Anumandla and @Alex Burlachenko for your reply , but if we have different VLANs on both the cluster , we can extend two different VLANs to same target AVS cluster ? i don't need to create different service mesh with 2 network extension in AVS right ?
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-14T08:41:30.98+00:00
Hi Sumit bnd,

You can extend two different VLANs (from Melbourne and Sydney clusters) to the same Azure VMware Solution (AVS) cluster.

As per best practices,

Use unique network profiles for each cluster’s Management/vMotion networks.

Validate extended networks with ping/traceroute to confirm isolation.

Avoid extending the same VLAN ID from both clusters unless IP ranges are non-overlapping.

https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

If you're extending two different VLANs from two different on-prem clusters, then you DO need to create separate Service Meshes — one per on-prem cluster.

“Each service mesh requires a compute profile and network profile, and these are cluster-scoped. If you want to migrate workloads from multiple on-prem clusters, you’ll need multiple service meshes, each tied to its source cluster.”. https://www.avshub.io/workshop-guide/module-2/module-2-task-12/
https://www.youtube.com/embed/COY3oIws108

Hope it helps!

If the information is helpful, please "Accept answer" and upvote on the post.
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-15T05:12:02.9133333+00:00

Hi Sumit bnd,

I just wanted to check the status of this case. Please feel free to tag me in the comments for any queries.

If the answer is helpful, please take a moment to "Accept answer" and upvote it.
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-28T01:03:28.3333333+00:00

Hi Sumit bnd,

It's been some days since you are here!

If you have any further queries, please let me know.

If the information is helpful, please click accept answer and "upvote" to let us know.

2 answers

Your answer

Sumit bnd 40 Reputation points

2025-05-13T02:33:21.26+00:00

Thank you @Mounika Reddy Anumandla for the reply. if i extend the VLAN from one cluster will it work for another cluster as both clusters have the same VLAN ? do i need to deploy the network extensions for another one if i am extending the same vlan ?
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-13T11:53:06.1866667+00:00

Hi Sumit bnd,

As per my understanding, extending a VLAN across multiple clusters, even if they share the same VLAN ID, doesn't automatically guarantee functionality. It depends on the network architecture and the specific technologies used for VLAN extension. You'll need a method to bridge the VLANs between clusters, such as a Layer 2 VPN (L2VPN) or a VLAN-aware network fabric.

HCX does not support extending the same VLAN from multiple NE appliances.

Doing so may cause: Duplicate MAC addresses, Broadcast storms, Network instability in AVS and on-prem, Unpredictable behavior in vSphere and AVS.

Verify inter-cluster connectivity before migrating VMs from Sydney.

Optionally, test with a dummy VM migration from Sydney using the extended network to confirm it works.

Hope it helps!

Let me know if you have any further queries!

If the information is helpful, please click "upvote" to let us know!
Sumit bnd 40 Reputation points

2025-05-13T23:22:39.23+00:00

Thank you @Mounika Reddy Anumandla and @Alex Burlachenko for your reply , but if we have different VLANs on both the cluster , we can extend two different VLANs to same target AVS cluster ? i don't need to create different service mesh with 2 network extension in AVS right ?
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-14T08:41:30.98+00:00

Hi Sumit bnd,

You can extend two different VLANs (from Melbourne and Sydney clusters) to the same Azure VMware Solution (AVS) cluster.

As per best practices,

Use unique network profiles for each cluster’s Management/vMotion networks.

Validate extended networks with ping/traceroute to confirm isolation.

Avoid extending the same VLAN ID from both clusters unless IP ranges are non-overlapping.

https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

If you're extending two different VLANs from two different on-prem clusters, then you DO need to create separate Service Meshes — one per on-prem cluster.

“Each service mesh requires a compute profile and network profile, and these are cluster-scoped. If you want to migrate workloads from multiple on-prem clusters, you’ll need multiple service meshes, each tied to its source cluster.”. https://www.avshub.io/workshop-guide/module-2/module-2-task-12/
https://www.youtube.com/embed/COY3oIws108

Hope it helps!

If the information is helpful, please "Accept answer" and upvote on the post.
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-15T05:12:02.9133333+00:00

Hi Sumit bnd,

I just wanted to check the status of this case. Please feel free to tag me in the comments for any queries.

If the answer is helpful, please take a moment to "Accept answer" and upvote it.
Mounika Reddy Anumandla 5,815 Reputation points Microsoft External Staff Moderator

2025-05-28T01:03:28.3333333+00:00

Hi Sumit bnd,

It's been some days since you are here!

If you have any further queries, please let me know.

If the information is helpful, please click accept answer and "upvote" to let us know.

Answer 1

Hi Sumit bnd,

Yes, your understanding is correct, and your approach aligns with VMware HCX best practices when migrating VMs from multiple on-prem clusters with different networking configurations to Azure VMware Solution (AVS).

Since you have:

A single vCenter managing both Melbourne and Sydney clusters,

And each cluster has distinct Management and vMotion networks,

You should create two separate service meshes — one for each cluster. Each service mesh allows HCX appliances (like the Interconnect and WAN Optimization appliances) to be deployed with the correct local networking per cluster.

This ensures:

Isolation of IP pools per cluster
Correct routing of vMotion and management traffic
Accurate placement and performance tuning.

In theory, if both clusters shared the same Management/vMotion networks and had low latency (<150ms RTT) between them, you might attempt to:

Use a single service mesh,
Define network/compute profiles that span both clusters.

https://learn.microsoft.com/en-us/training/modules/migrate-vmware-workloads-on-premises-azure-vmware-solution/5-create-service-mesh

You can technically extend the same VLAN (subnet) from on-prem to AVS using HCX Network Extension, but you must do it from only one source site/cluster at a time, not from both Melbourne and Sydney simultaneously — to avoid serious networking issues. The HCX Network Extension service provides layer 2 connectivity between sites. Network Extension HA protects extended networks from a Network Extension appliance failure at either the source or remote site. Do NOT extend the same VLAN from both Melbourne and Sydney clusters simultaneously. Can result in broadcast storms, MAC/IP conflicts, looping, or split-brain gateways.https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability

Ref: https://techcommunity.microsoft.com/blog/azuremigrationblog/vmware-hcx-design-with-azure-vmware-solution/4282072

Hope it helps!

Let me know if you have any further queries!

If the comment is helpful, please click "upvote" to let us know!

Answer 2

Hi Sumit bnd,

Thank you for reaching out and sharing your question on the Q&A portal!

From what you’ve described, your approach of deploying two separate service meshes one for each cluster (Melbourne and Sydney) makes sense since each cluster has its own distinct Management and vMotion networks. This way, you can maintain the same network isolation and configuration as your on-prem setup. You’ll indeed need to create two network profiles and two compute profiles to match these requirements. Microsoft’s documentation on AVS networking also supports this kind of setup when dealing with separate clusters with unique networking needs. Azure VMware Solution networking.

Regarding your question about extending the same VLAN from the service mesh network extension yes, it is possible! Azure VMware Solution allows you to stretch VLANs using network extensions, which can help maintain consistency between your on-prem and AVS environments. However, keep in mind that this depends on your specific network design and compatibility.

If you’re looking for a more streamlined approach, you could also explore using a single service mesh with proper segmentation, but that would depend on whether your workloads can share the same underlying network structure without conflicts. Sometimes, keeping things separate is the cleaner way to go, especially if you have strict isolation requirements.

Best regards,
Alex
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment
https://ctrlaltdel.blog/

Share via

Service Mesh for AVS

2 answers

Your answer