Recommended Configuration Maximums

Similar documents
Recommended Configuration Maximums

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

vrealize Operations Management Pack for NSX for vsphere 3.5 Release Notes

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

vcenter Operations Management Pack for NSX-vSphere

vcloud Director Tenant Portal Guide vcloud Director 8.20

vrealize Operations Management Pack for NSX for vsphere 2.0

vrealize Operations Management Pack for NSX for vsphere 3.0

vrealize Operations Management Pack for NSX for vsphere 3.5.0

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

VMware Integrated OpenStack Quick Start Guide

vcenter Operations Management Pack for vcns

Deploying VMware Validated Design Using OSPF Dynamic Routing. Technical Note 9 NOV 2017 VMware Validated Design 4.1 VMware Validated Design 4.

Installing and Configuring vcloud Connector

vcloud Air Advanced Networking Services Guide

VMware Cloud on AWS Networking and Security. 5 September 2018 VMware Cloud on AWS

Quick Start Guide (SDN)

vcloud Director API for NSX Programming Guide

vrealize Operations Management Pack for NSX for vsphere Release Notes

Introducing VMware Validated Design Use Cases

vsphere Networking Update 1 ESXi 5.1 vcenter Server 5.1 vsphere 5.1 EN

2V VMware Certified Professional 6 - Network Virtualization. Exam Summary Syllabus Questions

vcloud Director API for NSX Programming Guide API Version 30.0 vcloud Director 9.1

Exam Name: VMware Certified Associate Network Virtualization

Getting Started Guide. VMware NSX Cloud services

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

vcloud Director API for NSX Programming Guide API Version 27.0 vcloud Director 8.20

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

Architecture and Design. 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Management and Workload Consolidation 4.

VMware vcloud Director Configuration Maximums vcloud Director 9.1 and 9.5 October 2018

Introducing VMware Validated Designs for Software-Defined Data Center

What s New in VMware vcloud Director 8.20

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

Introducing VMware Validated Designs for Software-Defined Data Center

vcloud Director Tenant Portal Guide 04 OCT 2018 vcloud Director 9.5

Introducing VMware Validated Designs for Software-Defined Data Center

vcloud Director API for NSX Programming Guide API Version 29.0 vcloud Director 9.0

NSX-T Upgrade Guide. VMware NSX-T 2.0

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Architecture and Design. Modified on 21 AUG 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

IaaS Integration for Multi-Machine Services

VMWARE MICRO-SEGMENTATION AND SECURITY DEPLOY SERVICE

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

VMware Certified Professional 6 - Network Virtualization (NSX v6.2) Exam

Getting Started with VMware Cloud Assembly. 27 August 2018 VMware Cloud Assembly

VMware vcloud Air Key Concepts

vsphere Upgrade Update 2 Modified on 4 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

vrealize Operations Management Pack for NSX for Multi-Hypervisor

Installing and Configuring vcloud Connector

2V0-642 vmware. Number: 2V0-642 Passing Score: 800 Time Limit: 120 min.

VMware Integrated OpenStack Installation and Configuration Guide

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

vcloud Air - Hybrid Cloud Manager Release Notes

Architecture and Design. VMware Validated Design 4.0 VMware Validated Design for Micro-Segmentation 4.0

Exam Questions VCPN610

vsphere Upgrade Update 1 Modified on 4 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Installing and Configuring vcenter Multi-Hypervisor Manager

vshield Quick Start Guide

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

vsphere Networking Update 2 VMware vsphere 5.5 VMware ESXi 5.5 vcenter Server 5.5 EN

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

Architecture and Design. Modified on 21 DEC 2017 VMware Validated Design 4.1 VMware Validated Design for Micro-Segmentation 4.1

Architecture and Design. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Management and Workload Consolidation 4.

VMware Cloud Foundation Planning and Preparation Guide. VMware Cloud Foundation 3.0

vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Architecture and Design. Modified on 24 OCT 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Migration. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.1

Configuration Maximums VMware vsphere 5.0

What s New with VMware vcloud Director 8.0

vcloud Director User's Guide

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

NSX-T Upgrade Guide. VMware NSX-T 2.1

vcloud Director User's Guide

Getting Started with ESXi Embedded

vcloud Air - Dedicated Disaster Recovery Release Notes

Architecture and Design of VMware NSX-T for Workload Domains. Modified on 20 NOV 2018 VMware Validated Design 4.3 VMware NSX-T 2.3

vshield Administration Guide

Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers

VMware Validated Design for Micro-Segmentation Reference Architecture Guide

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

vrealize Operations Management Pack for vsan 1.0 Guide

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

Site Recovery Manager Security

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Configuration Maximums. Update 1 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX. Jeremy Duncan Tachyon Dynamics

Creating a VMware Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

vcloud Director User's Guide

Unified Access Gateway Double DMZ Deployment for Horizon. Technical Note 04 DEC 2018 Unified Access Gateway 3.4

Transcription:

Recommended Configuration Maximums NSX for vsphere 6.3 Update 1 Last Updated 7 Nov, 2017 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see VMware Docs

You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.

Contents Contents 3 Updated Information 4 1 Introduction 5 2 General 6 Nodes 6 Edge Service Gateway 7 3 Layer 2 Networking 8 4 Layer 3 Networking 9 DHCP 9 Distributed Logical Router 10 Edge Service Gateway Layer 3 11 5 Firewall 14 Distributed Firewall 14 Edge Service Gateway Firewall 15 Identity Firewall 16 6 Load Balancing 17 7 VPN 18 Layer 2 VPN 18 IPsec VPN 19 SSL VPN 20 3 VMware, Inc.

Updated Information This Recommended Configuration Maximums document is updated when necessary, which is typically with each major or minor release of the product. This table provides the update history of the Recommended Configuration Maximums. Update Description 1. 7 Nov, 2017 Initial release for NSX for vsphere version 6.3.3 and later. 4 VMware, Inc.

1 Introduction This document provides the recommended configuration maximums for NSX for vsphere. Please consider the following when you use this document to design, deploy and operate the product. When you select and configure your virtual and physical equipment, it is highly recommended that you stay at or below the maximums supported by NSX for vsphere as described in this document. The limits presented in the following sections represent tested, recommended limits, and are fully supported by VMware. The limits presented in the guide are applicable to NSX for vsphere. The limits can be affected by other factors, such as hardware dependencies. For more information about supported hardware, see the appropriate NSX for vsphere installation and administration guide. Consult individual solution limits to ensure that you do not exceed supported configurations for your environment. It may not be possible to maximize all configuration settings and expect your desired outcome. The recommended configuration maximums do not represent the theoretical possibilities of NSX for vsphere scale. 5 VMware, Inc.

2 General Nodes NSX for vsphere has a number of component nodes required for operation of the product. These include the NSX Manager, NSX Controllers and Hosts that are prepared for NSX. This section captures the configuration maximums for NSX nodes. In addition, NSX supports some vcenter objects that are discovered from vcenter inventory. The configuration maximums for these objects are listed in this section. Table 2-1. Node Maximums vcenter systems in single NSX Manager deployments 1 vcenter systems in Cross-vCenter deployments 8 NSX Controllers 3 Only 3 controllers are supported in a production deployment of NSX for vsphere. A single controller may be used in a lab or proof-of-concept deployment but is not supported for production deployments. vcenter Clusters 64 Hosts per Cluster 64 Hosts per NSX Manager (single vcenter / Transport Zone) 512 For IDFW deployments, see the IDFW section of this document. Hosts in a Cross-vCenter deployment 1,024 For IDFW deployments, see the IDFW section of this document. 6 VMware, Inc.

Edge Service Gateway A core component of NSX for vsphere is the Edge Service Gateway, which delivers routing, loadbalancing, VPN and other features. There are several general configuration maximums that are covered in this section. Configuration maximums of services delivered by the Edge are covered in subsequent sections. Table 2-2. General Edge Service Gateway Maximums Edge Service Gateways per NSX Manager 2,000 The backup Edge in a High-Availability pair of Edges is not included in this maximum. Interfaces 10 Includes internal, uplink and trunk. Subinterfaces per Edge 200 7 VMware, Inc.

3 Layer 2 Networking NSX for vsphere offers a layer 2 overlay networking solution as well as layer 2 bridging. The configuration maximums of these layer 2 features are listed in this section. Table 3-1. Layer 2 Maximums Logical Switches 10,000 Logical Switch Ports 20,000 Universal Logical Switches in a Cross-vCenter deployment 8,500 This maximum includes both universal and non-universal logical switches. VXLAN/VLAN Bridging per Distributed Logical Router instance 500 8 VMware, Inc.

4 Layer 3 Networking DHCP NSX for vsphere provides a DHCP server to deliver IP addresses to DHCP clients. This section covers configuration maximums for the DHCP service. Table 4-1. DHCP Maximums DHCP Pools per Edge Service Gateway 20,000 Applies to all s. 9 VMware, Inc.

Distributed Logical Router NSX for vsphere provides an in-kernel distributed logical router. This section covers configuration maximums for the distributed logical router. Table 4-2. Distributed Logical Router Maximums Distributed Logical Routers 1,000 Distributed Logical Router interfaces per Distributed Logical Router 999 Maximum of 8 uplinks. Distributed Logical Router interfaces per ESXi Host 10,000 ARP entries per Distributed Logical Router 20,000 If this number of ARP entries is exceeded, newer ARP entries in the ARP table will replace older entries. Routes per Distributed Logical Router 2,000 Includes connected routes. Maximum 750 LSA type-1 prefixes. OSPF Adjacencies per Distributed Logical Router 10 BGP Neighbors per Distributed Logical Router 10 10 VMware, Inc.

Edge Service Gateway Layer 3 The NSX for vsphere Edge Service Gateway provides a number of layer 3 networking features, such as static and dynamic routing. The configuration maximums for this Edge Service Gateway based routing is listed in this section. Table 4-3. Edge Service Gateway Layer 3 Maximums ECMP Paths 8 NAT Rules per Edge Service Gateway - Compact Edge size NAT Rules per Edge Service Gateway - Large Edge size NAT Rules per Edge Service Gateway - Quad Large NAT Rules per Edge Service Gateway - Extra Large 2,048 Includes both SNAT and DNAT rules. 4,096 Includes both SNAT and DNAT rules. 4,096 Includes both SNAT and DNAT rules. 8,192 Includes both SNAT and DNAT rules. Static Routes per Edge Service Gateway 2,048 Applies to all s. BGP Routes per Edge Service Gateway - Compact BGP Routes per Edge Service Gateway - Large Edge size BGP Routes per Edge Service Gateway - Quad Large BGP Routes per Edge Service Gateway - Extra Large BGP Neighbors per Edge Service Gateway - Compact BGP Neighbors per Edge Service Gateway - Large BGP Neighbors per Edge Service Gateway - Quad Large BGP Neighbors per Edge Service Gateway - Extra Large OSPF LSA entries per Edge Service Gateway - Compact 20,000 50,000 250,000 250,000 10 20 50 50 20,000 Maximum of 750 type-1 LSA entries. 11 VMware, Inc.

OSPF LSA entries per Edge Service Gateway - Large OSPF LSA entries per Edge Service Gateway - Quad Large OSPF LSA entries per Edge Service Gateway - Extra Large OSPF Adjacencies per Edge Service Gateway - Compact OSPF Adjacencies per Edge Service Gateway - Large OSPF Adjacencies per Edge Service Gateway - Quad Large OSPF Adjacencies per Edge Service Gateway - Extra Large OSPF Routes Redistributed per Edge Service Gateway - Compact OSPF Routes Redistributed per Edge Service Gateway - Large OSPF Routes Redistributed per Edge Service Gateway - Quad Large OSPF Routes Redistributed per Edge Service Gateway - Extra Large Total Routes per Edge Service Gateway - Compact Total Routes per Edge Service Gateway - Large Edge size Total Routes per Edge Service Gateway - Quad Large Total Routes per Edge Service Gateway - Extra Large ARP entries per Edge Service Gateway - Compact ARP entries per Edge Service Gateway - Large Edge size ARP entries per Edge Service Gateway - Quad Large 50,000 Maximum of 750 type-1 LSA entries. 100,000 Maximum of 750 type-1 LSA entries. 100,000 Maximum of 750 type-1 LSA entries. 10 20 40 40 2,000 5,000 20,000 20,000 20,000 50,000 250,000 250,000 1,024 If exceeded, newer ARP entries in the ARP table will replace older entries. 2,048 If exceeded, newer ARP entries in the ARP table will replace older entries. 2,048 If exceeded, newer ARP entries in the ARP table will replace older entries. 12 VMware, Inc.

ARP entries per Edge Service Gateway - Extra Large 2,048 If exceeded, newer ARP entries in the ARP table will replace older entries. 13 VMware, Inc.

5 Firewall Distributed Firewall NSX for vsphere provides a distributed, in-kernel Host based firewall to achieve micro-segmentation of workloads at the virtual NIC level. The configuration maximums of the distributed firewall are covered in this section. Table 5-1. Distributed Firewall Maximums Rules per NSX Manager 100,000 Can be a mix of local and universal rules. Rules per Virtual NIC 3,500 Distributed Firewall Sections 10,000 Security Groups per NSX Manager 10,000 Audit Log entries 1,000,000 Flow Monitoring Data 2,000,000 Records over 15 days. Distributed Firewall Rule Configurations 100 Universal Distributed Firewall Rules 24,000 Universal Firewall Sections 500 Universal Security Groups 4,000 Universal IP Sets 4,000 Universal IP Sets per Universal Security Group 10 Universal Security Tags 750 Universal Security Tags per Virtual Machine 5 14 VMware, Inc.

Edge Service Gateway Firewall The NSX for vsphere Edge Service Gateway can function as a firewall in addition to the distributed firewall. This section covers configuration maximums of the Edge Service Gateway firewall. Table 5-2. Edge Service Gateway Firewall Maximums Firewall Rules per Edge Service Gateway 2,000 Applies to all s 15 VMware, Inc.

Identity Firewall NSX for vsphere supports an identity-based firewall in which the firewall rules that protect a given workload can be changed based on the identity of the user of the workload. This section covers the configuration maximums of the identity firewall. Table 5-3. Identity Firewall Maximums Active Directory groups 30,000 Users per Active Directory group 250 Users in the Active Directory Domain 100,000 Virtual Machines joined to the Active Directory Domain 2,500 Groups per individual user 20 Security Groups based on Active Directory 300 Active Directory Groups per Security Group 10 Virtual Machines per Security Group 1,000 Security Policies 250 Hosts 250 For the Identity Firewall Use Case Virtual Machines per Host 50 16 VMware, Inc.

6 Load Balancing The NSX for vsphere Edge Service Gateway provides a load balancing service to distribute load across multiple workloads. This section covers the configuration maximums for the load balancing feature of NSX. Table 6-1. Load Balancer Maximums Load Balancer VIPs per Edge Service Gateway - Compact 64 Load Balancer VIPs per Edge Service Gateway - Large 64 Load Balancer VIPs per Edge Service Gateway - Quad Large 64 Load Balancer VIPs per Edge Service Gateway - Extra Large 1,024 Load Balancer Pools per Edge Service Gateway - Compact 64 Load Balancer Pools per Edge Service Gateway - Large 64 Load Balancer Pools per Edge Service Gateway - Quad Large 64 Load Balancer Pools per Edge Service Gateway - Extra Large 1,024 Load Balancer Servers per Pool - Compact 320 Load Balancer Servers per Pool - Large 320 Load Balancer Servers per Pool - Quad Large 320 Load Balancer Servers per Pool - Extra Large 3,072 Load Balancer Application Rule size in Characters 4,096 Applies to all s 17 VMware, Inc.

7 VPN Layer 2 VPN The NSX for vsphere Edge Service Gateway provides a layer 2 VPN service. This section covers the configuration maximums for the layer 2 VPN feature of NSX. Table 7-1. Layer 2 VPN Maximums L2VPN clients (spoke) handled by a single L2VPN server (hub) 5 Networks per L2VPN client/server pair 200 18 VMware, Inc.

IPsec VPN The NSX for vsphere Edge Service Gateway provides an IPsec VPN service. This section covers the configuration maximums for the IPsec VPN feature of NSX. Table 7-2. IPsec VPN Maximums IPsec Tunnels per Edge Service Gateway - Compact 512 IPsec Tunnels per Edge Service Gateway - Large 1,600 IPsec Tunnels per Edge Service Gateway - Quad Large 4,096 IPsec Tunnels per Edge Service Gateway - Extra Large 6,000 19 VMware, Inc.

SSL VPN The NSX for vsphere Edge Service Gateway provides an SSL VPN service. This section covers the configuration maximums for the SSL VPN feature of NSX. Table 7-3. SSL VPN Maximums Concurrent Sessions - Compact 50 Concurrent Sessions - Large 100 Concurrent Sessions - Quad Large 100 Concurrent Sessions - Extra Large 1,000 Private Networks 16 Applies to all s 20 VMware, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback