Let's have a look at what the NSX configuration maximums are. VMware has not published an official document, so the following limits listed were gathered by reviewing NSX documentation and online research. Some websites that contributed include www.vmguru.com.
Some of these limits are hard limits while most of them are soft limits, beyond which VMware does not support such configurations. For example, if you exceed the number of concurrent connections per Edge gateway, it will affect your gateway's performance, but won't cause it to halt or reject new connections. The hard limit verses soft limit documentation is not explicitly published, but VMware NSX support can clarify if needed. The chances are that you will scale out your environment before reaching these maximums.
The maximums for NSX follow.
Configuration maximums can differ based software release. Always refer to the most up-to-date documentation to ensure accuracy.
The following table shows the limits for NSX – vCenter Maximums:
|
Description |
Limit |
|
vCenters |
1 |
|
NSX Managers |
1 |
|
DRS clusters |
12 |
|
NSX controllers |
3 |
|
Hosts per cluster |
32 |
|
Hosts per Transport Zone |
256 |
A Transport Zone defines the scope of a logical switch and can span one or more vSphere clusters. We will this discuss in greater depth in the upcoming chapters.
The following table shows the limits for Switching Maximums:
|
Description |
Limit |
|
Logical switches |
10,000 |
|
Logical switch ports |
50,000 |
|
Bridges per distributed logical router |
500 |
The following table shows the limits for Distributed Logical Firewall Maximums:
|
Description |
Limit |
|
Rules per NSX Manager |
100,000 |
|
Rules per VM |
1,000 |
|
Rules per host |
10,000 |
|
Concurrent connections per host |
2,000,000 |
|
Security groups per NSX Manager |
10,000 |
The following table shows the limits for Distributed Logical Router (DLR) Maximums:
|
Description |
Limit |
|
DLRs per host |
1,000 |
|
DLR per NSX Manager |
1,200 |
|
Interfaces per DLR |
999 |
|
Uplink interfaces per DLR |
8 |
|
Active routes per DLR |
2,000 |
|
Active routes per NSX Manager |
12,000 |
|
OSPF adjacencies per DLR |
10 |
|
BGP peers per DLR |
10 |
The following table shows the limits for NSX Edge Services Gateway (ESG) Maximums:
|
Description |
Limit |
|
Total number of Edge service gateways per NSX Manager |
2,000 |
|
Interfaces per ESG (internal, uplink or trunk) |
10 |
|
Sub-interfaces on a trunk |
200 |
|
NAT rules per ESG |
2,000 |
|
Static routes per ESG |
2,048 |
The following table shows the limits for Edge Services Gateway Compact Maximums:
|
Description |
Limit |
|
OSPF routes per ESG |
20,000 |
|
OSPF adjacencies per ESG |
10 |
|
BGP peers per ESG |
10 |
|
BGP routes per ESG |
20,000 |
|
Total routes per ESG |
20,000 |
|
Concurrent connections per ESG |
64,000 |
The following table shows the limits for Edge Services Gateway Large Maximums:
|
Description |
Limit |
|
OSPF routes per ESG |
50,000 |
|
OSPF adjacencies per ESG |
20 |
|
BGP peers per ESG |
20 |
|
BGP routes per ESG |
50,000 |
|
Total routes per ESG |
50,000 |
|
Concurrent connections per ESG |
1,000,000 |
The following table shows the limits for Edge Services Gateway X-Large Maximums:
|
Description |
Limit |
|
OSPF routes per ESG |
100,000 |
|
OSPF adjacencies per ESG |
40 |
|
BGP peers per ESG |
50 |
|
BGP routes per ESG |
250,000 |
|
Total routes per ESG |
250,000 |
|
Concurrent connections per ESG |
1,000,000 |
The following table shows the limits for Edge Services Gateway Quad-Large Maximums:
|
Description |
Limit |
|
OSPF routes per ESG |
100,000 |
|
OSPF adjacencies per ESG |
40 |
|
BGP peers per ESG |
50 |
|
BGP routes per ESG |
250,000 |
|
Total routes per ESG |
250,000 |
|
Concurrent connections per ESG |
1,000,000 |
The following table shows the limits for Edge Services Gateway Overall Maximums:
|
Description |
Limit |
|
Load balancer VIPs |
64 |
|
Load balancer pools |
64 |
|
Load balancer servers per pool |
32 |
|
Firewall rules per ESG |
2,000 |
The following table shows the limits for DHCP, VPN Service Maximums:
|
Description |
Limit |
|
DHCP pools per Edge service gateway (all Sizes) |
20,000 |
|
Number of IPSEC tunnels per Edge gateway - Compact |
512 |
|
Number of IPSEC tunnels per Edge gateway - Large |
1600 |
|
Number of IPSEC tunnels per Edge gateway - X-Large |
4096 |
|
Number of IPSEC tunnels per Edge gateway - Quad-Large |
6000 |
|
SSL VPN number of concurrent connections (compact/large/x-large/quad-large) |
50/100/100/1000 |
The following table shows the limits for Multi-vCenter NSX Supported Features:
|
Description |
Limit |
|
Logical switch |
Yes |
|
L2 bridges |
No |
|
Logical distributed router |
Yes |
|
Distributed firewall |
Yes |
|
Edge services |
No |
|
IP security groups |
Yes |
