NSX-V 6.1 Configuration Maximums

It was not that easy to find this information on the official VMware website. However, during a current  NSX-V integration project, we received the following Configuration Maximums table from VMware PSO, including the permission to share the content with the community. Credit goes to Aleksander Bukowinski.

As soon as the information will be publicly available, I will insert the link in this article.

Currently, an NSX-V domain has a 1-1 relationship with a vCenter. Therefore NSX-V depends on the vSphere / VC scale limits for many parameters – you can find those limits for vSphere 5.5 here:

Click to access vsphere-55-configuration-maximums.pdf

This information is based on NSX 6.1

# of Nodes
vCenter: 1
NSX Controllers: 3
vCenter Clusters: 12
Hosts per Cluster: 32
Hosts per Transport Zone: 256

L2
Logical Switch: 10,000
Logical Switches Ports: 50,000
VXLAN/VLAN bridging per DLR: 500

L2VPN
Maximum number of L2VPN clients (spoke) handled by a single L2VPN server (hub): 5

Distributed Firewall
Rules per NSX-Mgr: 100,000
Rules per VM: 1,000
Rules per host: 10,000
Concurrent connections per host: 2,000,000
Security Groups per NSX-Mgr: 10,000
Note: “the # of rules supported” = the # of rules defined (even if the rule has many source / destination elements).

L3-Distributed Logical Router (DLR)
Distributed Logical Routers: 1000 per Host as of 6.1.2, 100 for earlier releases
Note: 1,200 per NSX-Manager
Note: HA doesn’t change the scale of DLR.
The DLR has interfaces connected to Logical Switches. A LS is in a Transport Zone. A TZ contains Clusters. All those Clusters/ESXi will get that DLR installed in kernel.
So to go over 1000 DLR in a NSX Domain, you must create multiple TZ with different Clusters in each TZ.
Interfaces per DLR: 999 with a max of 8 uplinks
Routes per DLR: 2,000 (including the connected)
Note: 12,000 per NSX-Manager
OSPF adjacencies per DLR: 10
BGP neighbors per DLR: 10

L3-Edge Service Gateway (ESG)
Edge Service Gateways: 2,000
Note: HA doesn’t change the scale of Edges.
Interfaces: 10 interfaces (internal, uplink, or trunk)
Note: With trunk, 200 sub-interfaces per Edge

Router
NAT rules per ESG (all sizes): 2,000
Static routes per ESG (all sizes): 2,048
BGP routes per ESG (compact / large / x-large / quad-large): 20,000 / 50,000 / 250,000 / 250,000
BGP neighbors per ESG (compact / large / x-large / quad-large): 10 / 20 / 50 / 50
BGP routes redistributed (all sizes): no limit
OSPF routes per ESG (compact / large / x-large / quad-large): 20,000 / 50,000 / 100,000 / 100,000
OSPF adjacencies per ESG (compact / large / x-large / quad-large): 10 / 20 / 40 / 40
OSPF routes redistributed (compact / large / x-large / quad-large): 2,000 / 5,000 / 20,000 / 20,000
Total number of routes (compact / large / x-large / quad-large): 20,000 / 50,000 / 250,000 / 250,000

Firewall
FW rules per ESG (all sizes): 2,000
Concurrent connections per host (compact / all other sizes): 64,000 / 1,000,000

Load Balancing
Load Balancer VIPs per ESG (all sizes): 64
Load Balancer Pools per ESG (all sizes): 64
Load Balancer Servers per Pool (all sizes): 32

DHCP
DHCP Pools per ESG (all sizes): 20,000
IPSEC / VPN
Number of IPSEC / VPN per ESG (all sizes): No limit
Number of IPSEC Tunnels per ESG (compact / large / quad-large / x-large): 512 / 1600 / 4096 / 6000
Note: # of tunnels = (number of local subnets) x (number of peer subnets) 

SSL VPN-Plus
Number of conc sessions (compact / large / quad-large / x-large): 50 / 100 / 100 / 1000