VMware NSX Configuration Maximums

Nodes

Item 6.1 6.2 6.3 6.3.3
 vCenters

 1 / 8 in cross-vCenter deployments

 

NSX Controllers

3

 vCenter Clusters  12  16  64  64
 Hosts per Cluster  32  32  64  64
 Hosts per vCenter / Transport Zone  256  512  512  512
System Wide Hosts in Cross-vCenter Deployments  1,024

L2

Item Maximum
 Logical Switch  10,000
 Logical Switch Ports  50,000
 Universal Logical Switches  8,500 (including non-universal logical switches)
  VXLAN/VLAN Bridging per Distributed Logical Router Instance  500

L2VPN

Item Maximum
Networks per L2VPN Client/Server Pair  200

Distributed Firewall

Item 6.1 6.2 6.3 6.3.3
Rules per NSX Manager  100,000
Rules per VM  1000 3500 3500 3500
Rules per Host Contact VMware
Distributed Firewall Sections  10,000
Concurrent Connections per Host  2,000,000
Security Groups per NSX Manager  10,000
Audit Logs  1,000,000
Flow Monitoring Data  2,000,000 records over 15 days
Distributed Firewall Rule Configuration (Preserve Config)  100
Universal Distributed Firewall Rules 24,000
Universal Firewall Sections 500
Universal Security Groups 4,000
Universal IP Sets 4,000
Universal IP Sets per Universal Security Group 10
Universal Security Tags 750
Universal Security Tags per VM 5

Identity Firewall

Item Maximum
Active Directory Groups 30,000
Users per Active Directory Group 250
Total Number of Users in the Active Directory Domain 100,000
Total VMs Joined to the Active Directory Domain 2,250
Groups per Single User 20
Security Groups Based on Active Directory 300
Active Directory Groups per Security Group 10
VMs per Security Group 1,000
Security Policies 250
Hosts 250
VMs per Host 50

Distributed Logical Router (DLR) – L3

Item Maximum
Distributed Logical Routers 1000
Distributed Logical Router Interfaces per Distributed Logical Router 991 with a max of 8 uplinks
Distributed Logical Router Interfaces per Host 10000 max number of LIFs per ESX host
ARP Entries 20,000, default 10,000
Routes per Distributed Logical Router  2,000 (including the connected)
OSPF Adjacencies per Distributed Logical Router 10
OSPF Adjacencies per Distributed Logical Router 10
Paths with ECMP  8
Universal Distributed Logical Routers per Host 1,000
System-Wide Distributed Logical Routers 1,200

Edge Service Gateway (ESG) – General

Item Maximum
Edge Service Gateways per NSX Manager 2,000
Edge Service Gateways per host 249
Interfaces 10 interfaces (internal, uplink, or trunk)
Secondary IP Addresses 2,000

Edge Service Gateway (ESG) – L3

Item 6.1 6.2
NAT Rules per Edge Service Gateway 2,048 SNAT and 2,048 DNAT (all sizes) 2,048 SNAT+DNAT for compact, 4096 SNAT+DNAT for Large and Quad-Large, 8192 SNAT+DNAT for XL
Static Routes per Edge Service Gateway (All Sizes) 2,048
BGP Routes per Edge Service Gateway (compact / large / x-large / quad-large) 20,000 / 50,000 / 250,000 / 250,000
BGP Neighbors per Edge Service Gateway (compact / large / x-large / quad-large) 10 / 20 / 50 / 50
BGP Routes Redistributed (All Sizes) no limit
OSPF LSA entries per Edge Service Gateway (compact / large / x-large / quad-large) 20,000 / 50,000 / 100,000 / 100,000

 

OSPF Adjacencies per Edge Service Gateway (compact / large / x-large / quad-large) 10 / 20 / 40 / 40
OSPF Routes Redistributed (compact / large / x-large / quad-large) 2,000 / 5,000 / 20,000 / 20,000
Total Number of Routes (compact / large / x-large / quad-large) 20,000 / 50,000 / 250,000 / 250,000
ARP Entries (compact / large / x-large / quad-large) 1024 / 2048 / 2048 / 2048
 Max Paths with ECMP 8

Edge Service Gateway (ESG) – Firewall

Item Maximum
Firewall Rules per Edge Service Gateway (All Sizes)  2,000
Concurrent Connections per Host (compact / all other sizes)  64,000 / 1,000,000

Edge Service Gateway (ESG) – Load Balancing

Item 6.1 6.2 6.3 6.3.3
Load Balancer VIPs per Edge Service Gateway (compact / large / quad-large / x-large) 64 1024 1024 1024
Load Balancer Pools per Edge Service Gateway (compact / large / quad-large / x-large) 64 1024 1024 1024
Load Balancer Servers per Pool (compact / large / quad-large / x-large)  320 3072 3072 3072
Load Balancer Application Rule size in Characters (All Sizes) 4096 characters

Edge Service Gateway (ESG) – DHCP

Item Maximum
DHCP Pools per Edge Service Gateway (All Sizes)  20,000

Edge Service Gateway (ESG) – IPSEC VPN

Item Maximum
IPSEC / VPN per Edge Service Gateway (All Sizes)  No limit
IPSEC Tunnels per Edge Service Gateway (compact / large / quad-large / x-large)  512 / 1600 / 4096 / 6000

Edge Service Gateway – SSL VPN

Item Maximum
Concurrent Sessions (compact / large / quad-large / x-large)  50 / 100 / 100 / 1000
Private Networks (compact / large / quad-large / x-large) 16 / 16 / 16 / 16

VMware NSX Configuration Maximums
Rate this post