vCloud Networking and Security 5.1 and 5.5 Edge configuration limits and throughput (2042799)
This article provides information about the configuration limits and performance metrics of the vCloud Networking and Security 5.1 Edge – compact, large, and x-large versions. You can use this information to make a deployment choice for Edge instances.
Details of Edge instances used in performance metrics comparison
|Edge (Compact)||Edge (Large)||Edge (X-Large)|
|Memory||256 MB||1 GB||8 GB|
|Disk||320 MB||320 MB||4.4 GB|
- These soft limits can be exceeded on a per feature basis depending on the resources and the set of features in use.
- Maximum number of DHCP configs per Edge is 2048. You can either have 2048 static binding or 2048 static pools or any combination of those two not exceeding beyond 2048.
|Limit||vCloud Networking and Security Manager|
|Number of Edge HA appliances||2,000 Compact / Large Edges or 1,000 X-Large Edges|
|Number of clusters||8|
|Number of hosts with Edge in use||256 (8 clusters * 32 hosts)|
|Number of hosts in inventory||400|
|Number of virtual machines||15000 total virtual machines, 5000 powered on|
|Number of networks||5000 VXLANs|
|Number of firewall rules||100,000|
|Number of firewall object groups||130,000|
|Number of DHCP static bindings||25,000|
|Number of DHCP pools||10,000|
|Number of static routes||100,000|
|Number of load balancer pools||3,000|
|Number of load balancer virtual servers||3,000|
|Number of members in load balancer pools||30,000|
|Limit||vCloud Networking and Security Edge|
|Number of interfaces||10|
|Number of firewall rules||2,000|
|Number of NAT rules||2,000|
|Number of DHCP static bindings||25|
|Number of DHCP pools||10|
|Number of static routes||100|
|Number of load balancer pools||3 (Hard limit: 64)|
|Number of load balancer virtual servers||3 (Hard limit: 64)|
|Number of members per load balancer pool||10 (Hard limit: 32)|
|Concurrent IPSec VPN Tunnels||64|
|Concurrent SSL VPN Tunnels||25 (Compact), 100 (Large)|
Firewall and VPN Performance Comparison
|Edge (Compact)||Edge (Large)|
|Firewall Performance (Gbps)||3||9.7|
|IPSec VPN throughput (Gbps) - H/W acceleration via AESNI||0.9||2|
Load Balancer Performance Comparison
|Edge (Large)||Edge (X-Large)|
|Load balancer throughput – L7 Proxy Mode (Gbps)||2.2||3|
|Load balancer connections / sec – L7 Proxy Mode||46,000||50,000|
|Load balancer concurrent connections – L7 Proxy Mode||8,000||60,000|
|Load balancer throughput – L4 Mode (Gbps)||6||6|
|Load balancer connections / sec – L4 Mode||50,000||50,000|
|Load balancer concurrent connections – L4 Mode||600,000||1,000,000|
- VMware recommends you to use Edge (Large) or Edge (X-Large) for load balancing
- Edge (X-Large) is not available in the vCloud Director deployment
- L4 Mode is not available in the vCloud Director deployment. While L4 Mode can be enabled via the vShield API, as soon as you perform certain actions from vCloud Director such as a redeploy, that configuration will be lost and the vSEG will be redeployed in L7 Proxy Mode.
Test Server Configuration
- Dell PowerEdge T610 with ESXi 5.1
- CPU – 8 CPUs x 2.393 GHz Intel(R) Xeon(R) CPU E5620
- Memory – 24 GB
- Network – 2x Intel 82599EB 10-gigabit SFI/SFP+
- IXIA IX Chariot applications used for throughput, connections per second, and concurrent connections tests.
- Throughput measured with 1500 byte TCP frame size.
- Throughput measured with accept any to any firewall rule and no additional NAT rules.
- Load balancer performance numbers are for HTTP traffic.
- Feature performance quoted is independent of other features. For example, firewall throughput measured without load balancer or other services enabled.