Merge pull request #309592 from varunhari92/hcx-cleanup-gen2

doc updates for HCX Gen 2

Author: prmerger-automator[bot]

articles/azure-vmware/native-network-design-consideration.md

@@ -3,7 +3,7 @@ title: Azure VMware Solution Generation 2 private cloud design considerations
 description: Learn about Azure VMware Solution Generation 2 private cloud design considerations.
 ms.topic: concept-article
 ms.service: azure-vmware
-ms.date: 4/21/2025
+ms.date: 12/16/2025
 ms.custom:
   - build-2025
 # customer intent: As a cloud administrator, I want to learn about Azure VMware Solution Generation 2 private cloud design considerations so that I can make informed decisions about my Azure VMware Solution deployment.
@@ -45,6 +45,7 @@ The following functionality is limited during this time. These limitations will
 16. If you are using **Private DNS** for your Azure VMware Solution Gen 2 private cloud, using **Custom DNS** on the virtual network where an Azure VMware Solution Gen 2 private cloud is deployed is unsupported. Custom DNS breaks lifecycle operations such as scaling, upgrades, and patching.  
 17. If you are **deleting** your private cloud and some Azure VMware Solution created resources are not removed, you can retry the deletion of the Azure VMware Solution private cloud using the Azure CLI.
 18. Azure VMware Solution Gen 2 uses an HTTP Proxy to distinguish between customer and management network traffic. Certain VMware cloud service endpoints **may not follow the same network path or proxy rules as general vCenter-managed traffic**. Examples include: "scapi.vmware" and "apigw.vmware". The VAMI proxy governs the vCenter Server Appliance’s (VCSA) general outbound internet access, but not all service endpoint interactions flow through this proxy. Some interactions originate directly from the user’s browser or from integration components, which instead follow the workstation’s proxy settings or initiate connections independently. As a result, traffic to VMware cloud service endpoints may bypass the VCSA proxy entirely.
+19. HCX RAV and Bulk migrations on Gen 2 can experience significantly slower performance due to stalls during Base Sync and Online Sync phases. Customers should plan for longer migration windows and schedule waves accordingly for now. For suitable workloads, vMotion offers a faster, low‑overhead option when host and network conditions allow.
 
 ## Unsupported integrations
 
@@ -94,9 +95,13 @@ Example /22 CIDR network address block **10.31.0.0/22** is divided into the foll
 |esx-mgmt-vmk1 | /24 | vmk1 is the management interface used by customers to access the host. IPs from the vmk1 interface come from these subnets. All of the vmk1 traffic for all hosts comes from this subnet range. | 10.31.1.0/24  |
 |esx-vmotion-vmk2 | /24 | vMotion VMkernel interfaces. | 10.31.2.0/24  |
 |esx-vsan-vmk3  | /24 | vSAN VMkernel interfaces and node communication. | 10.31.3.0/24 |
+|VMware HCX Network | /22 | VMware HCX Network | 10.31.4.0/22  |
 |Reserved | /27 | Reserved Space. | 10.31.0.128/27 |
 |Reserved | /27 | Reserved Space. | 10.31.0.192/27 |
 
+> [!Note]
+> For Azure VMware Solution Gen 2 deployments, customers must now allocate an additional /22 subnet for HCX management and uplink, in addition to the /22 entered during SDDC deployment. This additional /22 is not required for Gen 1.
+
 ## Next steps
 
 - Get started with configuring your Azure VMware Solution service principal as a prerequisite. To learn how, see the [Enabling Azure VMware Solution service principal](native-first-party-principle-security.md) quickstart.

articles/azure-vmware/tutorial-network-checklist.md

@@ -3,7 +3,7 @@ title: Tutorial - Network planning checklist
 description: In this tutorial, learn about the network requirements for network connectivity and network ports on Azure VMware Solution.
 ms.topic: tutorial
 ms.service: azure-vmware
-ms.date: 5/15/2024
+ms.date: 12/16/2025
 ms.custom: engagement-fy23
 # Customer intent: As a network architect, I want to understand the network requirements for Azure VMware Solution, so that I can ensure proper connectivity and compliance for deploying a VMware private cloud environment.
 ---
@@ -101,6 +101,7 @@ The subnets:
 | Interconnect (HCX-IX)| L2C | TCP (HTTPS) | 443 | Send management instructions from Interconnect to L2C when L2C uses the same path as the Interconnect. |
 | HCX Manager, Interconnect (HCX-IX) | ESXi Hosts | TCP | 80,443,902 | Management and OVF deployment. |
 | Interconnect (HCX-IX), Network Extension (HCX-NE) at Source| Interconnect (HCX-IX), Network Extension (HCX-NE) at Destination| UDP | 4500 | Required for IPSEC<br>   Internet key exchange (IKEv2) to encapsulate workloads for the bidirectional tunnel. Supports Network Address Translation-Traversal (NAT-T). |
+| Interconnect (HCX-IX) / Network Extension (HCX-NE) | Remote Interconnect (HCX-IX) / Network Extension (HCX-NE) | TCP,UDP | 5201 | Required for Service Mesh diagnostics for the perftest uplink test. (Moved from port 4500 with HCX 4.8). |
 | On-premises Interconnect (HCX-IX) | Cloud Interconnect (HCX-IX) | UDP | 4500 | Required for IPSEC<br> Internet Key Exchange (ISAKMP) for the bidirectional tunnel. |
 | On-premises vCenter Server network | Private Cloud management network | TCP | 8000 |  vMotion of VMs from on-premises vCenter Server to Private Cloud vCenter Server   |
 | HCX Connector | connect.hcx.vmware.com<br> hybridity.depot.vmware.com | TCP | 443 | `connect` is needed to validate license key.<br> `hybridity` is needed for updates. |