4.11 NSX Edge Services Gateways
• NSX Edge services gateway is a multi-functional virtualized networking and security component that provides support of both control plane and data plane functions, such as network address translation (NAT), routing protocols (OSPF, iBGP, eBGP), firewall, load balancing, DHCP/DNS support, and VPN functionality with a primary focus on the North-South traffic.
• The NSX Edge services gateway must be deployed as an HA pair to address high availability requirements. This creates a VM:VM anti-affinity rule to support the HA function.
• For improved throughput for the routing capabilities, the provider can implement equal-cost multi-path (ECMP) high-availability. With this model we can deploy up to eight ECMP edge devices to improve throughput and availability.
• The NSX Edge services gateway must be deployed in the correct size profile as driven by network functional and performance requirements.
• NSX Edge services gateway appliance deployments are typically configured with the following resources:
o X-Large = 6 x vCPU, 8,192 MB vRAM (high-performance firewall + load balancer + routing)
o Quad-Large = 4 x vCPU, 1,024 MB vRAM (high-performance firewall)
o Large = 2 x vCPU, 1.024 MB vRAM
o Compact = 1 x vCPU, 512 MB
The following table lists other configuration property limits for different size deployments.
Table 4. NSX Edge Services Properties Limits Based on Deployment Size
Network Function | Value (Compact / Large / X-Large / Quad-Large) |
NSX Edge services gateways | 2,000 Note HA does not change the scaling requirements for NSX Edge |
Interfaces | 10 (internal, uplink, or trunk) Note With trunk, 200 sub-interfaces per NSX Edge |
Router | |
NAT rules per NSX Edge services gateway | 2,000 (all sizes) |
Static routes per NSX Edge services gateway | 2,048 (all sizes) |
BGP routes per NSX Edge services gateway | 20K / 50K / 250K / 250K |
BGP neighbours per NSX Edge services gateway | 10 / 20 / 50 / 50 |
BGP routes redistributed | No limit |
OSPF routes per NSX Edge services gateway | 20K / 50K / 100K / 100K |
OSPF adjacencies per NSX Edge services gateway | 10 / 20 / 40 / 40 |
OSPF routes redistributed | 2K / 5K / 20K / 20K |
Total number of routes | 20K / 50K / 250K / 250K |
Firewall | |
Firewall rules per NSX Edge services gateway | 2,000 |
Concurrent connections per host (compact/all other) | 64 K / 1 M |
Load balancing | |
Load balancer VIPs per ESXi | 64 |
Load balancer pools per ESXi | 64 |
Load balancer servers per pool | 32 |
DHCP | |
DHCP pools per NSX Edge services gateway | 20K |
IPsec / VPN | |
IPsec sites per NSX Edge services gateway (only for pre-6.1, no limit for 6.1 or later) | 64 |
IPsec tunnels per NSX Edge services gateway | 512 / 1,600 / 4,096 / 6,000 |