vmware_nsx_logoVMware usually publishes a Configuration Maximums paper on their products. NSX has quite a bit of specifics that have a limit, but there is not an official configuration maximums paper yet. I hope there will be one soon, but for now I’ve compiled a list of findings from my travels on the interwebs.

Most of the figures on NSX 6.1 are confirmed by a paper from PSO, others are from the documentation and real life limits.

Description NSX 6.1 NSX 6.2 NSX 6.3
Relations
vCenters 1 1 1
DRS Clusters 12 12 16
NSX Controllers 3 3 3
Hosts per cluster 32 32 32
Hosts per Transport Zone 256 512 512
Layer 2
Logical Switches 10,000 10,000 10,000
Logical Switch Ports 50,000 50,000 50,000
Bridges per DLR 500 500 500
Distributed Firewall
Rules per NSX Manager 100,000 100,000 100,000
Rules per VM 1,000 3,500 3,500
Rules per Host 10,000 10,000+ 1 10,000+ 1
Concurrent connections per Host 2,000,000 2,000,000 2,000,000
Security Groups per NSX Manager 10,000 10,000 10,000
Distributed Logical Router
DLRs per Host 1,000 (6.1.2+) 1,000 1,000
DLRs per NSX Manager 1,200 1,200 1,200
Interfaces per DLR 999 2 999 2 999 2
Uplink interfaces per DLR 8 8 8
Active routes per DLR 2,000 2,000 2,000
Active routes per NSX Manager 12,000 12,000 12,000
OSPF Adjacencies per DLR 10 10 10
BGP Peers per DLR 10 10 10
NSX Edge Services Gateway
ESGs per NSX Manager 2,000 2,000 2,000
Interfaces per ESG (internal, uplink or trunk) 10 10 10
Subinterfaces on a trunk 200 200 200
Static routes per ESG 2,048 2,048 2,048
ESG – Compact
NAT Rules per ESG 1,024 2,048 2,048
OSPF Routes per ESG 20,000 3 20,000 3 20,000 3
OSPF Adjacencies per ESG 10 10 10
BGP Peers per ESG 10 10 10
BGP Routes per ESG 20,000 20,000 20,000
Total Routes per ESG 20,000 20,000 20,000
Concurrent connections per ESG 64,000 64,000 64,000
Load Balancer VIPs 64 64 64
Load Balancer Pools 64 64 64
Load Balancer Servers per Pool 32 320 320
SSL-VPN Concurrent connections 50 50 50
ESG – Large
NAT Rules per ESG 1,024 2,048 4,096
OSPF Routes per ESG 50,000 3 50,000 3 50,000 3
OSPF Adjacencies per ESG 20 20 20
BGP Peers per ESG 20 20 20
BGP Routes per ESG 50,000 50,000 50,000
Total Routes per ESG 50,000 50,000 50,000
Concurrent connections per ESG 1,000,000 1,000,000 1,000,000
Load Balancer VIPs 64 64 64
Load Balancer Pools 64 64 64
Load Balancer Servers per Pool 32 320 320
SSL-VPN Concurrent connections 100 100 100
ESG – X-Large
NAT Rules per ESG 1,024 2,048 4,096
OSPF Routes per ESG 100,000 3 100,000 3 100,000 3
OSPF Adjacencies per ESG 40 40 40
BGP Peers per ESG 50 50 50
BGP Routes per ESG 250,000 250,000 250,000
Total Routes per ESG 250,000 250,000 250,000
Concurrent connections per ESG 1,000,000 1,000,000 1,000,000
Load Balancer VIPs 64 1024 1024
Load Balancer Pools 64 1024 1024
Load Balancer Servers per Pool 32 3072 3072
SSL-VPN Concurrent connections 100 100 100
ESG – Quad-Large
NAT Rules per ESG 1,024 2,048 8,196
OSPF Routes per ESG 100,000 3 100,000 3 100,000 3
OSPF Adjacencies per ESG 40 40 40
BGP Peers per ESG 50 50 50
BGP Routes per ESG 250,000 250,000 250,000
Total Routes per ESG 250,000 250,000 250,000
Concurrent connections per ESG 1,000,000 1,000,000 1,000,000
 Load Balancer VIPs 64 1024 1024
Load Balancer Pools 64 1024 1024
 Load Balancer Servers per Pool 32 3072 3072
 SSL-VPN Concurrent connections 1000 1000 1000
ESG – All Sizes
Firewall rules per ESG 2,000 2,000 2,000
DHCP Pools per Edge Service Gateway 20,000 20,000 20,000

1 = Maximum depends on multiple factors, can be different in different environments.
2 = Maximum of 991 internal and max 8 uplinks
3 = Maximum of 750 LSA type-1 routes

Change log

6 Feb 2017: Added 6.2 and 6.3, removed 6.1 as it’s end-of-life.

Disclaimer

None of these numbers are officially confirmed by VMware and they can differ in different environments. I’m hoping there will be an official document stating the maximums in the future.