When extending L2 networks MON can be enabled/ticked but its actually activated at a VM level from what I understand so it requires a further action per VM (Router Location), is this correct?

Until this is done the VM will keep using HCX on-prem as Gateway for all internal/external traffic

Once the gateway (Router Location) is changed in HCX for the VM and pointed to HCX Cloud, traffic will start flowing via HCX Cloud Appliance and then respect the MON Routing Policy so traffic either goes to HCX on-prem or to Tier 1

Once the network is unextended, the respective Gateway IP is assumed by the NSX Tier 1 Gateway so from that moment on for destinations not within the SDDC traffic will flow via Tier1 --> Tier0 --> VTGW --> On-Prem or Cloud according to destination (and vice versa for return flow)

Can you help correct the above where necessary and clarify the changes that happen at each phase or point me to documentation that clearly explains these steps? I would like to understand how the gateway changes between activating MON at L2 network when extending, to changing the Default Router in HCX for the VM to when you actually unextend the VLAN.

When does traffic to other on-prem networks (not extended) and other Cloud Networks stops flowing via L2 NE towards on-prem Gateway and starts going via Tier-1 Gateway/VTGW via DX DX/BGP etc..?

This would be a very important cutoff as all of a sudden the Routing and Security Rules move from on-prem to AWS so it's a game changer and there is lots of pre-work to do to ensure existing IN/OUT traffic keeps working for the unstretched network/VM's.

Is there a cutover checklist available?

Thanks